Guest user Created: Feb 26, 2019 Last commented: Feb 26, 2019

ISO 27001 clauses 6 and 8

As per ISO 27001:2013, Clause 6.1.2 and 6.1.3 Speak about Information Security risk assessment and Treatment as well as Clause 8.2 and 8.3 explain about the same Security risk assessment and treatment. Can you please explain the requirement of each clause(6.1.2, 6.1.3, 8.2 and 8.3), whether they are the same or have a different requirement.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 26, 2019

Answer:

Clauses 6.1.2 and 6.1.3 refer to the planing phase, i.e., the requirements your adopted risk assessment and risk treatment methodology must fulfill, while clauses 8.2 and 8.3 refer to performing the risk assessment and risk treatment, i.e., the effective identification, analysis, evaluation and treatment of the risks perceived by your organization.

This article will provide you further explanation about risk assessment and treatment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

These materials will also help you regarding risk assessment and treatment:
- The basics of risk assessmen t and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Quote

0 1

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 26, 2019

Expert Advice Community