Expert Advice Community

Guest

Risk and asset owner

  Quote
Guest
Guest user Created:   Sep 06, 2019 Last commented:   Sep 06, 2019

Risk and asset owner

Hola, tengo una duda en el analisis de riesgos. Puedo tener 1 activo, con 1 propietario del riesgo, distinto al propietario del activo y despues ademas, transferir el riesgo de este activo, a un tercero? por ejemplo:
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 06, 2019

camara y videograbador de CCTV
propietario del riesgo: el responsable de mantenimiento
propietario del activo: el responsable de IT
Pero: queremos transferir el riesgo a una empresa externa que sera ademas, la responsable del mantenimiento diario y aplicaremos los controles posteriores.

Me puedes confirmar si es posible realizarlo de esta forma con algunos activos?

(Hello, I have a doubt in the risk analysis. Can I have 1 asset, with 1 owner of the risk, other than the owner of the asset and then also transfer the risk of this asset, to a third party? for example:

CCTV camera and video recorder
risk owner: the person responsible for maintenance
asset owner: the IT manager
But: we want to transfer the risk to an external company that will also be responsible for daily maintenance and we will apply the subsequent c ontrols.

Can you confirm if it is possible to do it this way with some assets?)

Answer:

Your assumption is correct. You can have the risk owner as a different person from the asset owner and transfer the risk is an acceptable risk treatment option

These articles will provide you further explanation about asset and risk owner and risk treatment option:
- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 06, 2019

Sep 06, 2019

Suggested Topics