ISO 27001 Process
My problem is I am stuck at the Risk Assessment Table and Statement of Applicability stage.
With the RAT I think the challenge is getting started the right way: it is a daunting task that requires whole of business input and I suppose I do not feel adequately qualified to guide the process;
Similarly on SoA I do not feel I can make the call on what is applicable, nor guide the business in the process of discovering this.
Any guidance you can share would be appreciated and when I have some more specific questions it would be good to organise an hour of power with you (your early morning bearing in mind the time difference).
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Please note that included in your toolkit you have access to video tutorials that can guide you through the risk assessment and treatment processes, including the filling of the SoA. These video tutorials include examples with real data.
Since you did not say you already saw the video tutorials, I suggest you start with these and contact us if some doubts remain.
In addition to these video tutorials, I suggest you these materials (the articles are in the suggested reading sequence):
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
Apr 16, 2021