What do you mean by Risk Assessment (RA)? Is it same to Risk and Control Self-Assessment (RCSA).
Answer:
In accordance with the definition of "ISO 27000:2012 Overview and vocabulary, Risk Assessment is: overall process of risk identification, risk analysis and risk evaluation. However, RCSA basically provides a complete method for the identification, analysis, evaluation and treatment of risks.
So, when we talk about risk assessment (it includes identification, analysis and evaluation), we also need to talk about risk treatment, because both things are necessary in a methodology for the management of risks, but they are different things. For more information please read this article ISO 27001 risk assessment & treatment 6 basic steps : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
So, risk assessment it is not the same that RCSA. A methodology which defines the ris k assessment & risk treatment, provides the same things which RCSA provides for the management of risks (identification, analysis, evaluation, treatment).
Comment as guest or Sign in
Jan 12, 2016