Expert Advice Community

Guest

Risk assessment report

  Quote
Guest
Guest user Created:   Sep 05, 2019 Last commented:   Sep 05, 2019

Risk assessment report

I already had a question about chapter 3.3 inside the report on risk assessment and risk treatment a few weeks ago. It was about the final reports where you explained to me that it relates to risk assessment and risk treatment. But I still don’t know which documents are meant when it comes to these final reports and the exact time period when they were created. I have a period of time when I did the risk assessment and risk treatment. But the final reports I don’t know what’s meant with that. It would be great if you could help me with this.

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 05, 2019

Answer:

I'm understanding that you did perform a single risk assessment and risk treatment. Considering that you can adjust the term "final reports" to "final report" ("final reports" is used only if you have performed more than one risk assessment and risk treatment during the implementation project). As for the period, you can use the period of time when you performed the risk assessment and risk treatment (please not that this period is important because the purpose of the report is to provide a snapshot of risks at a particular period).

Regarding documents to be used, besides the report itself, there are only two documents that need to be attached to the report (nothing more) - the risk assessment and risk treatment, and both of them are part of the toolkit.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 05, 2019

Sep 05, 2019

Suggested Topics