Previous and current ISO 27001 and the risk management
Assign topic to the user
Answer:
I am sorry but I am not sure if I have understood your question 100%, but if your question is related to combine concepts between the current version of the ISO 27001:2013, and previous versions (I suppose that when you say “BSI”, you mean BS 7799, which is the origin of ISO 27001), obviously if you want to certify ISO 27001:2013, you need to comply with the requirements of the current version of the standard, although you can use some concepts from previous version (for example and asset based risk management), but again, the important is to comply with the requirements of ISO 27001:2013.
By the way, you can develop your own methodology for the risk management, so this article can be very useful for you “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
And our online course can be also interesting for you because we give more information about the risk management and the implementation of the ISMS “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 21, 2016