Our organization is ISO27001 certified. Now we need to go for risk assessment. I am confused as our external consultant company is saying that they are using Risk Assessment Matrix as per ISO 27005 & ISO 27001.
whereas our newly hired auditor is saying that the external consulting company is wrong and we should use Nihari or Octavia..
My question is that as an ISO 27001 certified organization what should we use?