Risk assessment report
Assign topic to the user
Answer:
ISO 27001 requires to retain documented information about the information security risk assessment process, and by documented information it means information that is controlled in terms of approval, review, access and changes. If your tool can fulfill such requirements, then there is no need for a risk assessment report.
This article will provide you further explanation about control of documents and records:
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
These materials will also help you regarding control of documents:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/oohttps://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 28, 2018