Merging the asset, risk assessment, risk treatment tables
Assign topic to the user
Answer:
Yes, merging the Asset inventory and the Risk assessment table makes sense, especially for smaller companies; for a larger company it would be better if they separate the Asset inventory into a separate document because they would have some additional information stored there - see this article: How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
However, I wouldn't recommend merging the Risk assessment table and Risk treatment table - this is because not all risks from the Risk assessment table need to be treated, and very often for one risk you would need several control s. Therefore, if you're using Excel for risk management, it is much easier to have two separate sheets for this purpose.
Comment as guest or Sign in
Feb 15, 2016