Expert Advice Community

Guest

Risk assessment in Conformio

  Quote
Guest
Guest user Created:   Jun 24, 2023 Last commented:   Jun 24, 2023

Risk assessment in Conformio

1- Why are confidentiality, availability, and integrity not considered in the Risk assessment? and how Conformio is addressing them.

2- Why is there no prioritization for actions in RTP? This should be identified based on the risk levels. 
we only see a list but it's not based on the risks identified.

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

Expert
Rhand Leal Jun 24, 2023

1- Why are confidentiality, availability, and integrity not considered in the Risk assessment? and how Conformio is addressing them.

ISO 27001 does not require the impact on confidentiality, integrity, and availability to be explicitly evidenced during the assessment (e.g., as separate values).

According to the Risk Assessment Methodology, confidentiality, integrity, and availability are represented through impact when assessing risks.

2- Why is there no prioritization for actions in RTP? This should be identified based on the risk levels. we only see a list but it's not based on the risks identified

First is important to note that ISO 27001 does not prescribe how to prioritize actions in the Risk Treatment Plan, so organizations can adopt the prioritization criteria that best fit their needs.

In the Risk Treatment Plan in Conformio you prioritize the activities by defining the deadlines for their implementation.

This article will provide you with further explanation about risk treatment:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 24, 2023

Jun 24, 2023

Suggested Topics