Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Risk assessment report

  Quote
Guest
Guest user Created:   Nov 28, 2018 Last commented:   Nov 28, 2018

Risk assessment report

Do you sell "Risk Assessment Report" that is mandatory in ISO 27001 template.We are using a tool to track risks, which has all the elements of risk life cycle. Do we still need a document as risk assessment report to show auditor?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 28, 2018

Answer:

ISO 27001 requires to retain documented information about the information security risk assessment process, and by documented information it means information that is controlled in terms of approval, review, access and changes. If your tool can fulfill such requirements, then there is no need for a risk assessment report.

This article will provide you further explanation about control of documents and records:
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

These materials will also help you regarding control of documents:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/oohttps://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 28, 2018

Nov 28, 2018

Suggested Topics