Guest
ISO 27001 clauses 6 and 8
As per ISO 27001:2013, Clause 6.1.2 and 6.1.3 Speak about Information Security risk assessment and Treatment as well as Clause 8.2 and 8.3 explain about the same Security risk assessment and treatment. Can you please explain the requirement of each clause(6.1.2, 6.1.3, 8.2 and 8.3), whether they are the same or have a different requirement.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Feb 26, 2019
Answer:
Clauses 6.1.2 and 6.1.3 refer to the planing phase, i.e., the requirements your adopted risk assessment and risk treatment methodology must fulfill, while clauses 8.2 and 8.3 refer to performing the risk assessment and risk treatment, i.e., the effective identification, analysis, evaluation and treatment of the risks perceived by your organization.
This article will provide you further explanation about risk assessment and treatment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
These materials will also help you regarding risk assessment and treatment:
- The basics of risk assessmen t and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Feb 26, 2019
Feb 26, 2019
Feb 26, 2019