Expert Advice Community

Guest

ISO 27001 Risk Register

  Quote
Guest
Guest user Created:   Feb 17, 2023 Last commented:   Feb 17, 2023

ISO 27001 Risk Register

We are currently working on ISO 27001 project in our company.

We are using your Conformio to do it.

We have one question about the Risk Register we thought you might know the answer.

In short, our company is offering IT Support services for other companies.

My question is this,

We keep our servers in a Datacenter which is hosted by another company. So, they manage the security of this location.

However, there are risks associated with the Datacenter that we need to be aware of.

For example, that our former employees’ access to the Datacenter is terminated.

Or that the Datacenter is protected in a way that we can accept.

Basically, we can’t control the security of this datacenter, but we need to be aware of the risks.

So, can we include the Datacenter to our Scope if we can’t truly manage it?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 17, 2023

You should include in your ISMS scope only the assets that you control - e.g., physical servers, software, and data; you should keep out of the scope assets you cannot control - data center building, telecom links, UPS, air conditioning, etc. 

You will assess the risks in the following way: 

  • For the assets within the scope - by listing the assets, and their related vulnerabilities and threats. 
  • Since assets of your suppliers (data center) are outside of your scope, you will perform a risk assessment on the level of a particular supplier - by listing vulnerabilities and threats to their service. 

You should perform all those assessments using the Risk Register in Conformio.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 17, 2023

Feb 17, 2023

Suggested Topics

Guest post Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 0
0 0

ISO27001 Risk Register

Guest user Created:   Jan 21, 2023 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 certification