Expert Advice Community

Home / ISO 27001 & 22301 / Residual Risk Management

Guest

Residual Risk Management

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

Residual Risk Management

ISO 27001 & 22301
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
AntonioS Jan 13, 2016

I did a delay risks analysis and then It's difficult for me to define residual risk management
 

Answer:

Basically there are 3 options for the residual risk management: 
a.- If the level of risk is below the acceptable level of risk, everything is ok, so you do nothing
b.- If the level of risk is above, you need to find out some new way to mitigate the risk
c.- If the level of risk is above, but the organization cannot assume the costs related to the mitigation of the risk, the risk need to be accepted.
This article can be interesting for you “Why is residual risk so important?” : https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2016

Jan 13, 2016

Suggested Topics
Guest user Created:   Feb 17, 2022 ISO 27001 & 22301
Replies: 3
0 0

Conformio risk register
Guest user Created:   Jun 03, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question on enterprise risk management framework
Guest user Created:   Aug 03, 2020 ISO 27001 & 22301
Replies: 1
0 0

6.1.3 (f) and acceptance by top management