Risk assessment treatment
I have a problem with the RAT. Why are some of the controls listed on the Controls tab of the Risk Treatment Table in the video tutorial (How to implement risk assessment according to ISO 27001) different to those in the live document? For example, A7.1.2 in the video is 'Ownership of Assets' and in the live doc it is 'Terms & Conditions of Employment' ... and there are many more examples. Please explain
Assign topic to the user
First of all, sorry for this inconvenience. This particular video was made for an earlier revision of the standard, and you can disregard the information about controls identification (this situation does not affect the logic of the risk assessment implementation presented in the tutorial).
In the current version of the standard (2013), control A.7.1.2 refers to "Terms & Conditions of Employment".
Every time you find similar discrepancies between the tutorials and documentation, please consider the information in the templates as the correct one, because they are the most updated version.
If you still feel you need more information about this topic, you can schedule a meeting with one of our consultants. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/
Comment as guest or Sign in
May 05, 2021