SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Risk acceptance criteria

  Quote
Guest
Guest user Created:   May 18, 2017 Last commented:   May 18, 2017

Risk acceptance criteria

If our risk acceptance criteria is only to treat the top 5 risks, is it acceptable to only have a risk treatment plan for our top 5 risks?
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 18, 2017
Please let me know if this is sufficient for the ISO 27001 audit.

Answer: Yes. If your risk evaluation, considering your acceptance criteria, has defined that only 5 risks are considered unacceptable, you can have treatment plans only for these 5 risks.

This article will provide you further explanation about Risk acceptance criteria:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/

In the video tutorials that came with your toolkit, you have access to a video about Risk Assessment Methodology that can provide you more information about risk acceptance criteria.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 18, 2017

May 18, 2017

Suggested Topics