SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Risk Assessment - Must Risk Assessments include business processes and activities?

  Quote
Lee Created:   Mar 04, 2022 Last commented:   Mar 08, 2022

Risk Assessment - Must Risk Assessments include business processes and activities?

Hi As the subject says, may I carry our Risk Assessments on a per business system or IT asset group or must I also include business processes and activities? Thanks Lee
0 0

Assign topic to the user

ISO 27001 ISMS SCOPE DOCUMENT

Define the boundaries of ISMS for ISO 27001.

ISO 27001 ISMS SCOPE DOCUMENT

Define the boundaries of ISMS for ISO 27001.

Expert
Rhand Leal Mar 08, 2022

You need to perform the Risk assessment over all the elements defined in the ISMS scope (e.g., information, processes, or locations).

Please note that business systems and IT asset groups are only some categories you need to consider for the Risk assessment. For example, you also may need to consider human resources, facilities, and external services, when assessing information security risks.

These articles will provide you a further explanation about risk assessment:

This material will also help you regarding risk assessment:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 04, 2022

Mar 08, 2022