Expert Advice Community

Guest

Risk assessment reference

  Quote
Guest
Guest user Created:   Feb 10, 2021 Last commented:   Feb 10, 2021

Risk assessment reference

1. There is a question that the external auditor of ISO 27001 asked me, what is the reference or basis used for the risk assessment methodology that you have in your table? See point 3 of the attached document.

2. Another question, do you know where I can buy the ISO 27001: 2013 standard in Spanish?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 10, 2021

1. There is a question that the external auditor of ISO 27001 asked me, what is the reference or basis used for the risk assessment methodology that you have in your table? See point 3 of the attached document.

First is important to note that ISO 27001 does not prescribe any risk assessment methodology, so organizations can adopt any methodology they see fit for their needs or create their own, provided it fulfills requirements from clause 6.1.2 – information security risk assessment.

Considering that, the asset-threat-vulnerability approach used in our template follows the guidelines from ISO 27005, the ISO standard for information security risk management.

This article will provide you a further explanation risk assessment:

These materials will also help you regarding risk assessment:

2. Another question, do you know where I can buy the ISO 27001: 2013 standard in Spanish?

You can buy a Spanish version of ISO 27001 at Aenor site: https://www.aenor.com/normas-y-libros/buscador-de-normas/une/?c=N0058428

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 10, 2021

Feb 10, 2021

Suggested Topics

Kamil Created:   Jul 22, 2021 ISO 27001 & 22301
Replies: 2
0 0

Risk owner problem

Guest user Created:   May 07, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk assessment