I purchased your ISO 27001 document toolkit, along with various books.
With regard to the risk assessment, it’s my first time doing this exercise – while the training & templates are useful, I am a little concerned I’m making it more complicated than it needs to be for a business of our size.
As with anything, there are levels of detail you can take it to, and I suspect I might be going too deep.
I was wondering if you had any real example risk assessments for a small/medium-sized *** company that you think are good and would be able to share with me (even if they are a little old)?
While the theory and examples are useful, I think seeing a real one would help me measure the depth required and if I’m on the right track.