Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

How to update isms policy and risk assessment

I am absolutely fan to your website thanks for all informations that you give us, i have a question about how to maintain our ISMS for the second year of certification: how to update isms policy and risk assessment .. . I didn't find articles related to this in your blog.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Thanks for reading my blog Regarding the maintenance of your documents:
1) You should nominate owners for each of your documents, and those owners should review the documents and decide if they need to be updated
2) For risk assessment you should send the previous year risk assessment sheets to all the asset owners (or risk owners if you have them) and ask them if there are some new risks, and if the values of the existing risks have changed
3) Very important - you need to produce all the records that are required by ISO 27001 and by your documentation - with those records you will show that you are doing everything that is required in your documentation.

If you still didn't transition to 2013 revision of ISO 27001, you have to do latest by September 2015 - here are the steps: https://advisera.com/27001academy/knowledgebase/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community