Expert Advice Community

Home / ISO 27001 & 22301 / Qualitative and quantitative risk assessment

Guest

Qualitative and quantitative risk assessment

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Qualitative and quantitative risk assessment

ISO 27001 & 22301
 It has been a while, hope you are fine. Is it allowed to perform both qualitative and quantative risk asssessment when implementing ISMS?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.
Guest
AntonioS Jan 12, 2016

You can use a mix of both as long as you are able to produce consistent and comparable results - e.g. you can use qualitative risk assessment for all risks, and then quantitative risk assessment only for the biggest risks. Keep in mind that the ISO 27001 not establishes how you have to develop your methodology. If you want to know the basic steps of our methodology (very easy and helpful), please read this article “ISO 27001 risk assessment & treatment – 6 basic steps": https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Aug 17, 2017 ISO 27001 & 22301
Replies: 1
0 0

Qualitative and quantitative risk assessments
Guest user Created:   Feb 11, 2017 ISO 27001 & 22301
Replies: 2
0 0

Qualitative and quantitative risk assessment
Guest user Created:   Jan 13, 2016 ISO 27001 & 22301
Replies: 1
0 0

Qualitative and quantitative risk assessment methodologies