SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Question regarding ISO Process

  Quote
Guest
Guest user Created:   Mar 03, 2022 Last commented:   Mar 03, 2022

Question regarding ISO Process

Is the best step forward to now trying to map the risks against the SOA and hand out responsibilities for controls? Or should we instead focus on the risk treatment for our "red" risks?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

Expert
Rhand Leal Mar 03, 2022

Please note that in the ISO 27001 risks assessment and treatment process the risk treatment needs to be performed before developing the Statement of Applicability.

Broadly speaking, these are the steps:

  • ISO 27001 risk assessment methodology
  • Risk assessment implementation
  • Risk treatment implementation
  • Risk Assessment and Treatment Report
  • Statement of Applicability
  • Risk Treatment Plan

These articles will provide you a further explanation about risk assessment and risk treatment:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 03, 2022

Mar 03, 2022

Suggested Topics