Risk assessment for all functional units

Answer:
Generally in the methodologies of risk assessment the identification and treatment of risks are made in the same way for all functional units. This is the easiest way and our recommendation, furthermore from my point of view perform a different risk assessment for different functional units has little sense, because all steps can be always the same: identity assets, identify threats/vulnerabilities, identify risks, etc

Remember that ISO 27001 has many security controls that are not directly related to IT, and this standard have been developed for the management of information security including the protection of information in Human resource, compliance, supplier relationships, etc.

So, can be interesting for you our methodology, you can see a free version clicking on “Free Demo” here “Risk Assessment and Risk Treatment Methodology” : https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/

If you want, you can also write your own methodology, so this article can be interesting for you “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/

Finally, maybe our online course can be also interesting for you, because provides guidelines on how to peform the risk assessment “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/