Expert Advice Community

Guest

Risk assessment question

  Quote
Guest
Guest user Created:   Jul 03, 2020 Last commented:   Jul 03, 2020

Risk assessment question

1. Pls correct me if my process is wrong, I have identified one risk title and risk level (High) after done risk assessment on one application, then this risk is treated by risk acceptance by risk owner in the period of acceptance time. Thus the risk level after this treatment I keep same level (High) and status close for the period of acceptance time then will be open again after period of acceptance time is over.

2. Risk level of same risk title could be different or not after done risk assessment on different applications?
I do appreciate for your kind comment and support.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 03, 2020

1. Pls correct me if my process is wrong, I have identified one risk title and risk level (High) after done risk assessment on one application, then this risk is treated by risk acceptance by risk owner in the period of acceptance time. Thus the risk level after this treatment I keep same level (High) and status close for the period of acceptance time then will be open again after period of acceptance time is over.

Your thinking process is correct (but instead of risk title you should consider call it risk statement). After accepting the risk, since you will not apply any control, you need to keep the risk level as high, until the next assessment.

But please note that to accept a high risk you need to have a robust justification, such as the effort and resources required to reduce the risk to an acceptable level is greater than the impact if the risk materializes.

For further information see:

2. Risk level of same risk title could be different or not after done risk assessment on different applications?
I do appreciate for your kind comment and support.

The same risk statement can be of different levels for different applications if they have different values for the organization.

For example, the risk of data loss due to malware can have different values if it occurs in a local inventory application and if it occurs in the payroll application.

This article will provide you a further explanation about risk assessment:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jul 03, 2020

Jul 03, 2020

Suggested Topics