Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

ISO 27001 risk methodology and corporate guidelines according to ISO 31000

If you have already a risk assessment methodology as per ISO 27001, and another one for OHSAS18001, and you been requested to implement the ISO 31000 guidelines , is it needed to review the existing risk assessment methodologies and replace it with one corporate one as per ISO 31000? Or we can simply refer in our ISO 31000 manual to the other methodologies?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Whether you will change your information security Risk assessment methodology or not, this depends on what you will write in your enterprise risk management (ERM) documents (per ISO 31000). So if your corporate ERM documents allow greater freedom for risk management in particular areas, then you probably won't have to change your ISO 27001 risk methodology, and vice versa.

See also this article: ISO 31000 and ISO 27001 How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community