Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends February 29, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Risk assessment in Conformio

  Quote
Guest
Guest user Created:   Jun 24, 2023 Last commented:   Jun 24, 2023

Risk assessment in Conformio

1- Why are confidentiality, availability, and integrity not considered in the Risk assessment? and how Conformio is addressing them.

2- Why is there no prioritization for actions in RTP? This should be identified based on the risk levels. 
we only see a list but it's not based on the risks identified.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 24, 2023

1- Why are confidentiality, availability, and integrity not considered in the Risk assessment? and how Conformio is addressing them.

ISO 27001 does not require the impact on confidentiality, integrity, and availability to be explicitly evidenced during the assessment (e.g., as separate values).

According to the Risk Assessment Methodology, confidentiality, integrity, and availability are represented through impact when assessing risks.

2- Why is there no prioritization for actions in RTP? This should be identified based on the risk levels. we only see a list but it's not based on the risks identified

First is important to note that ISO 27001 does not prescribe how to prioritize actions in the Risk Treatment Plan, so organizations can adopt the prioritization criteria that best fit their needs.

In the Risk Treatment Plan in Conformio you prioritize the activities by defining the deadlines for their implementation.

This article will provide you with further explanation about risk treatment:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 24, 2023

Jun 24, 2023

Suggested Topics