Expert Advice Community

Guest

Risk assessment

  Quote
Guest
Guest user Created:   May 07, 2021 Last commented:   May 07, 2021

Risk assessment

I also have questions about risk assessment. I am asking for guidance in relation to the following questions:

1. The risk assessment methodology document is the same for 22301 and 27001? There is no direct reference to ISO 22301 in the sample document, only ISO27001. Is it appropriate in case I'm not only implementing 27001? Let’s suppose I implement ISO 22301 or possibly ISO 22301 + 27001 simultaneously.

2. Do I understand correctly that risk assessment should cover all business processes / activities involved in the business continuity management system?

0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

Expert
Rhand Leal May 07, 2021

1. The risk assessment methodology document is the same for 22301 and 27001? There is no direct reference to ISO 22301 in the sample document, only ISO27001. Is it appropriate in case I'm not only implementing 27001? Let’s suppose I implement ISO 22301 or possibly ISO 22301 + 27001 simultaneously.

ISO 22301 does not prescribe a risk methodology approach to be used, so you can use the Risk Assessment and Risk Treatment Methodology document defined for ISO 27001 for complying with ISO 22301 requirements.

For further information, see:

2. Do I understand correctly that risk assessment should cover all business processes / activities involved in the business continuity management system?

Your understanding is correct. The risk assessment must be applied to all elements defined in the BCMS scope.

These articles will provide you a further explanation about risk assessment in business continuity:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 07, 2021

May 07, 2021