ISO 27001 risk methodology and corporate guidelines according to ISO 31000
Assign topic to the user
Whether you will change your information security Risk assessment methodology or not, this depends on what you will write in your enterprise risk management (ERM) documents (per ISO 31000). So if your corporate ERM documents allow greater freedom for risk management in particular areas, then you probably won't have to change your ISO 27001 risk methodology, and vice versa.
See also this article: ISO 31000 and ISO 27001 How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/
Comment as guest or Sign in
Jan 12, 2016