Risk assessment and treatment
Assign topic to the user
Answer: You understanding is correct. The process uses this copy paste activity so that in the risk treatment table you can concentrate on the most needed information, the risks considered unacceptable in the Risk assessment table, and the adopted treatment options.
2 - Additionally, the risk treatment table requires to set values after treatment, but how can I already do that before having a detailed plan with exact measures?
Answer: These values you set in the after treatment columns are what you expect to achieve after controls implementation. They will help you define the details of your implementation plan (e.g., resources to be allocated, technologies to be adopted, etc.). After controls implementation, with data from performance monitoring and measurement, you can verify if these values were achieved or if your implementation needs adjustments.
These materials will also help you regarding risk assessment process:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 21, 2016