Risk Assessment Methodology
Thanks for the webinar, it went as expected but rather quick.
The question I asked which you didn't understand is about ¨ISO 27001 risk assessment methodology¨. It talks about defining rules on how you are going to perform the risk management because you want the whole organization to do it the same way. It further states that the ¨biggest problem with risk assessment happens if different parts of the organization preform it in a different way¨.
Now my question is, does an organization have 2 or more ways of risk assessment methodology when they are supposed to work under one ISMS in the organization? Or why would an organization choose/have more than one way of risk assessment methodology?
I hope that my question is clear.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
It is expected that under an ISO 27001 certified ISMS an organization has only one risk assessment and risk treatment methodology approach, so it can produce comparable results all across the ISMS scope, but there are rare cases where parts of the scope may be under different legal requirements (e.g., laws, regulations or contracts) demanding each one of them to use a different approach, or the performed processes defined by the organization require different approaches (e.g., risk management process for project development and for financial risk assessment).
In such cases, the ISMS must provide a way for the risks from different approaches to be compared (e.g., by using a conversion table, so the results from one approach can be translated to the other and vice versa)
This material will also help you regarding risk management for ISO 27001:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Jun 18, 2020