Is there anyone who has implement COSO ERM and ISMS together? Can you use COSO ERM to do ISMS risk assessment? Can someone share how it is being implemented? Do you use any tools?
Can ISMS use its own risk assessment methodology and approach that is different from COSO ERM?