Guest user Created: Jul 25, 2018 Last commented: Jul 25, 2018

ISO 20000 Risk register

ITIL & ISO 20000

I have to create risk register as part of ISO20000. I already have ISO27001 risk register which I have to append. Till now I have done gap assessment. Does all the gaps identified becomes risk? Also do you have any excel which talks about risk if the particular clause is not implemented in an organization.

0 0

Assign topic to the user

Select user

Expert

Branimir Valentic Jul 25, 2018

Answer:
If you have created risk register used for ISO 27001 implementation (and it was appropriate for our company) - try to re-use it. At least as a methodology. But please consider that ISO 20000 has IT services in focus. Same is for risks. Consider risks related to the IT services.
Gaps and risks - well, that's hard to answer with yes or no. There are some gaps that are risks but some are not.
Excel sheet - no, we don't provide such documents because this is different case-by-case i.e. it needs to be adapted to the organization.
Read the article Similarities and differences between ISO 27001 and ISO 20000https://advisera.c om/20000academy/blog/2018/05/09/similarities-and-differences-between-iso-27001-and-iso-20000/ to learn more about similarities and differences between ISO 20000 and ISO 27001.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 24, 2018

Expert Advice Community