Expert Advice Community

Guest

ISO 27001:2022 implementation issue

  Quote
Guest
Guest user Created:   May 26, 2023 Last commented:   May 26, 2023

ISO 27001:2022 implementation issue

I want to ask about establishing risk acceptance criteria in clause 6 - 6.1.2 and if there is any sample can i view in order to complete creating my system, which is related to a cloud-based software solutions company

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 26, 2023

The definition of the risk acceptance criteria will depend on how you calculate risk value.

For example, if your method of risk calculation produces values from 2 to 10, then you can decide that an acceptable level of risk is, e.g., 7 – this would mean that only the risks valued at 8, 9, and 10 need treatment.

Alternatively, you can examine each individual risk and decide which should be treated or not based on your insight and experience, using no pre-defined values.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 26, 2023

May 26, 2023