Risk assessment
Assign topic to the user
Answer: Yes, you have to include a risk for which you already implemented controls in your risk assessment, as well as information about the controls. This way it is recorded as part of your risk environment and can be properly monitored in case of changes in assets or other conditions that affects information security. Since you consider the current controls are enough to handle the risk you do not need to include it in the risk treatment plan, unless you decide to implement an improvement on the controls.
This article will provide you further explanation about Risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
These materials will also help you regarding Risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
Feb 10, 2017