Expert Advice Community

Home / ISO 27001 & 22301 / Residual Risk

Guest

Residual Risk

ISO 27001 & 22301
  Quote
Guest
brianhopla Created:   Sep 07, 2017

Residual Risk

ISO 27001 & 22301
After conducting initial risk assessment and deciding on the pre-treatment scores, does a control have to be in place for a period of time before it can be measured in order to establish the post-treatment score and therefore the residual risk? Otherwise, what is the process for going from risk assessment to risk treatment in a single paperwork exercise? It seems quite arbitrary to look at a risk and score it pre and post treatment in the same risk assessment session; or is this the nature of
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Comment as guest or Sign in

HTML tags are not allowed

Sep 07, 2017

Sep 07, 2017

Suggested Topics
Atheer AlMartan Created:   Feb 11, 2024 ISO 27001 & 22301
Replies: 1
0 0

Statement of Acceptance of Residual Risks
Tanya S Created:   Dec 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual Risk Calculations
Guest user Created:   Mar 08, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual risk