Guest user Created: Feb 15, 2016 Last commented: Feb 15, 2016

Merging the asset, risk assessment, risk treatment tables

What do you think about merging the asset, risk assessment, risk treatment tables into a single table/document? There is just too much duplication there for my taste. Too much opportunity for the data to get out of sync.

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Feb 15, 2016

Answer:

Yes, merging the Asset inventory and the Risk assessment table makes sense, especially for smaller companies; for a larger company it would be better if they separate the Asset inventory into a separate document because they would have some additional information stored there - see this article: How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

However, I wouldn't recommend merging the Risk assessment table and Risk treatment table - this is because not all risks from the Risk assessment table need to be treated, and very often for one risk you would need several control s. Therefore, if you're using Excel for risk management, it is much easier to have two separate sheets for this purpose.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 15, 2016

Expert Advice Community