I want to know how often Risk Assessment needs to be performed as per iso 27001
Answer:
In accordance with the clause 8.2 Information security risk assessment of ISO 27001:2013: The organization shall perform information security risk assessments at planned intervals or when significant changes are proposed or occur
..
So, you can establish the frequency, although generally can be recommendable once a year.
Finally, do you know the 6 basic steps of the risk assessment & treatment? Please read this article ISO 27001 risk assessment & treatment 6 basic steps : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
Comment as guest or Sign in
Jan 13, 2016