Expert Advice Community

Home / ISO 27001 & 22301 / Positive and negative risks

Guest

Positive and negative risks

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Mar 02, 2018 Last commented:   Mar 02, 2018

Positive and negative risks

ISO 27001 & 22301
I am currently working on the development of risk management framework (based on ISO 27005) for my company. I am little confused as why ISO 27005 only talks about the negative risks and why not about positive risks (opportunities)?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Mar 02, 2018

Answer: ISO 27005 approach toward negative risks was a decision from the standard's responsible committee for the release of the current version (2011), based on the world's context at the time. For a risk management approach considering positive and negative risks, I suggest you to take a look at ISO 31000, ISO standard for risk management in general.

This article will provide you further explanation about ISO 31000:
- ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 02, 2018

Mar 02, 2018

Suggested Topics
Guest user Created:   Jun 20, 2019 ISO 27001 & 22301
Replies: 1
0 0

Positive risks and opportunities
Guest user Created:   Nov 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

A.8.11 Data Masking
Liza Pacana Created:   Nov 17, 2022 ISO 27001 & 22301
Replies: 2
0 0

ISO 27001 A.8.11