Risk Assessment responsibilities

Answer: ISO 27001 does not prescribe who must perform risk assessment, but common practice is that people who have the most knowledge and understanding of related processes should perform the risks assessment. So, in case of IT or Cybersecurity Risk Assessment, you should consider someone from your IT staff.

This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

These materials will also help you regarding risk assessment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

2 - Do you have a sample Risk M anagement and Risk Assessment RACI chart ?

Answer: ISO 27001 does not require such chart to be developed, and to make documentation simpler to small business, our templates document roles and responsibilities as part of policies and procedures.

If you want to know how the documentation of a risk assessment and treatment process looks like, I suggest you to take a look at the free demo of our ISO 27001/ISO 22301 Risk Assessment Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/