Explain how to check that information on significant residual risk is provided to the appropriate people
Assign topic to the user
First, you have to identify which documents in your organization contain information about residual risks (e.g., risk assessment and treatment report), and them which persons, or roles must have access to them (e.g., risk owner, asset owner, top management, responsible for information security, etc.). With this information, you can check if the significant residual risk is being provided to the appropriate people.
This information is identified during the definition of the risk assessment and risk treatment processes required by ISO 27001.
To see how a document with such information looks like, Is suggest you to take a look at the free demo of our Risk Assessment and Risk Treatment Methodology at this link: https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/
This article will provide you further explanation about risk assessment and risk treatment methodology:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
These materials will also help you regarding risk assessment and risk treatment methodology:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Mar 30, 2020