Expert Advice Community

Guest

Risk Acceptance Criteria

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Risk Acceptance Criteria

Our org is ISO 27001 certified. I want to design a Risk acceptance criteria policy and need help with that. Actually, a few control on risk contain high finance, so in this scenario how could we accept it by the approval of Mgmt?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 12, 2016

The organization can accept the risk, but as you know it is necessary to establish a criteria. What criteria? Please read this article “Risk appetite and its influence over ISO 27001 implementation”: https://advisera.com/27001academy/blog/2014/09/08/risk-appetite-influence-iso-27001-implementation/
 
And always you have to generate evidences, in this case for the approval of the Top Management you can use a record of a meeting.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics