Guest
Question regarding ISO Process
Is the best step forward to now trying to map the risks against the SOA and hand out responsibilities for controls?
Or should we instead focus on the risk treatment for our "red" risks?
Assign topic to the user
Expert
Rhand Leal
Mar 03, 2022
Please note that in the ISO 27001 risks assessment and treatment process the risk treatment needs to be performed before developing the Statement of Applicability.
Broadly speaking, these are the steps:
- ISO 27001 risk assessment methodology
- Risk assessment implementation
- Risk treatment implementation
- Risk Assessment and Treatment Report
- Statement of Applicability
- Risk Treatment Plan
These articles will provide you a further explanation about risk assessment and risk treatment:
- 6 main steps in risk management https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/ (top of the article)
- Risk treatment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
Comment as guest or Sign in
Mar 03, 2022
Mar 03, 2022
Mar 03, 2022