Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

How to Monitor/Update the Risks in Risk Register?

  Quote
Guest
Bills Created:   May 07, 2019 Last commented:   May 08, 2019

How to Monitor/Update the Risks in Risk Register?

Hi, I have implemented ISMS and have a risk register with all the risk( High, Medium and Low). It's being a year now that I have not updated the Risk Register and also new risk is there to be added. My question is how should I update and add/remove risks in the register? 1)Should I update the sheet with the revision number? 2) Should I remove the risks which already mitigate and are in the residual risk category? 3) Should I keep on adding new risks and keep all the old risks intact? My concern is since the risk assessment in a PDCA cycle and new risks will emerge every day, how should I maintain my risk register? Please advise Thanks
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic May 08, 2019

Here are the answers:
1) ISO 27001 does not prescribe how to version your risk register - therefore, you can use a new version number and/or you can simply use a date to define the latest version.
2) You should keep all your risks in the risk register, even though they are mitigated - of course, this means that the risk level for such risks will be lower.
3) You should definitely add new risks; you should retain “old” risks if they still exist however you need to assess again their likelihood and impact.
4) You should update your risk register at least once a year, but also more often if there is some big change - e.g. new product, new technology, new process, change in the environment, etc.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 07, 2019

May 08, 2019

Suggested Topics

Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan

Tanya S Created:   Dec 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual Risk Calculations