Assign topic to the user
You need to perform the Risk assessment over all the elements defined in the ISMS scope (e.g., information, processes, or locations).
Please note that business systems and IT asset groups are only some categories you need to consider for the Risk assessment. For example, you also may need to consider human resources, facilities, and external services, when assessing information security risks.
These articles will provide you a further explanation about risk assessment:
- 6 main steps in risk management https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/
- Risk assessment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
This material will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-risk-management-in-plain-english/
Comment as guest or Sign in
Mar 08, 2022