Risk assessment and treatment for ISO 27001 and ISO 22301
Assign topic to the user
I was looking through the list of documents that are mandatory for ISO 27001 and ISO 22301; and I can see that the Risk Assessment and Risk Treatment Methodology document is mandatory for both ISO 27001 and ISO 22301. My question is can I use her Risk Assessment and Risk Treatment Methodology document to cover both ISO 27001 and ISO 22301 or do we need to produce separate Risk Assessment and Risk Treatment Methodology documents (One to focus on information security and one to focus on business continuity and disaster recovery)?
Answer: You can use the Risk Assessment and Risk Treatment Methodology document to cover both ISO 27001 and ISO 22301 requirements with no problem.
These articles will provide you further explanation about Risk Assessment for ISO 27001 and ISO 22301:
- How to organize initial risk assessment according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/04/29/how-to-organize-initial-risk-assessment-according-to-iso-27001-and-iso-22301/
- Can ISO 27001 risk assessment be used for ISO 22301? https://advisera.com/27001academy/blog/2013/03/11/can-iso-27001-risk-assessment-be-used-for-iso-22301/
Comment as guest or Sign in
Jan 23, 2019