After conducting initial risk assessment and deciding on the pre-treatment scores, does a control have to be in place for a period of time before it can be measured in order to establish the post-treatment score and therefore the residual risk? Otherwise, what is the process for going from risk assessment to risk treatment in a single paperwork exercise? It seems quite arbitrary to look at a risk and score it pre and post treatment in the same risk assessment session; or is this the nature of
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now 
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
Comment as guest or Sign in
Sep 07, 2017
Sep 07, 2017
Sep 07, 2017