Expert Advice Community

Guest

Implementing ISO 27001 information security risk management

  Quote
Guest
Guest user Created:   Jun 27, 2019 Last commented:   Jun 27, 2019

Implementing ISO 27001 information security risk management

In my work place, I'm currently implementing the ISO 27001 standard. Following are the steps followed by me prior to developing the risk assessment plan. I just want to know whether my approach is correct or need any improvements.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 27, 2019

Step 1: Identify the internal and external issues in our company
Step 2: Identify the risks and opportunities that would arise from each internal and external issue
Step 3: Bring the risk items identified during "step 2" to risk assessment
Step 4: Devise a separate plan to utilize the opportunities.
Step 5: Develop the risk treatment plan.

Answer:

To be compliant with ISO 27001 the risk management must follow these steps:
- Definition of a risk assessment and treatment methodology
- Performing of risk assessment (risk identification and risk analysis)
- Performing of risk treatment (risk evaluation and controls selection)
- Elaboration of a risk treatment report
- Elaboration of Statement of Applicability (SoA)
- Elaboration of Risk Treatment Plan and acceptance of residual risks

To see how a risk assessment and treatment process looks like, I suggest you to take a look at the free demo of our ISO 27001/ISO 22301 Risk Assessment Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

This article will provide you further explanation about implementing risk management:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

These materials will also help you regarding risk assessment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 26, 2019

Jun 26, 2019

Suggested Topics

Guest user Created:   Jun 25, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISO 27005 and ISO 27001

Guest user Created:   Mar 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 query