ISO 27000 and ISO 31000
Which standard of ISO 27000 group or ISO 31000 determine owner of information assets as owner of the information risk? And the informational risk as a operational risk.
Assign topic to the user
Please note that neither standard of ISO 27000 group, or from ISO 31000 group prescribes that the owner of information assets must be the owner of the information risk, nor that informational risk is an operational risk.
ISO 27001 requires, and ISO 31000 suggests, the definition of risk owner, but neither prescribes a framework to organize risks, so organizations are free to organize them as they see fit.
These articles will provide you a further explanation about risk owner and asset owner:
- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
- ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/
This material will also help you:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 27, 2021