ISO 27001 6.1.1 Allgemeines
Two auditors have identified a finding regarding the management of opportunity, as required by 6.1.1 Allgemeines.
Which template covers this?
Based on the discussions with auditors, a reference table of which advisera template covers which norm requirement would be extremely helpful when identifying the correct document for the audit.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 clause 6.1.1 does not require you to document how you manage opportunities (i.e. no written policy or procedure is needed), it only requires you to plan to address risks and opportunities.
In Advisera's toolkit, you will find the document "Risk treatment plan" placed in folder "07 Implementation plan" - there you should list all activities through which you address both risks and opportunities (since opportunities can be considered as "positive risks").
This article will give you a couple of examples of what opportunities are: How to address opportunities in ISO 27001 risk management using ISO 31000 https://advisera.com/27001academy/blog/2018/04/13/how-to-address-opportunities-in-iso-27001-risk-management-using-iso-31000/
Comment as guest or Sign in
Dec 26, 2019