ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1. The first column of the Risk Assessment Table and Risk Treatment Table ("Number"): should I refer to the applicable unique Asset ID Number that I placed in the first column of the Asset Inventory Table? or do I have to place complete new numbers (i.e. Risk Identification Number)?
Answer: No, you do not need to refer to the ID number from the inventory list, only use the asset name and asset owner information. You will have to place new numbers, one for each risk associated to the assets in the Risk Assessment Table.
2. The Risk Assessment (likelihood / consequence) do I have to score from a residual risk perspective (i.e. keeping in mind the effect of all existing control measures that are already in place)?
Answer: Yes, you have to assess the risk considering the effects of all the already implemented controls, and you should identify these implemented controls in the observation column.
In the vid eo tutorials that come with your toolkit you can access videos that can guide and help you fill the risk assessment table and risk treatment table.
Comment as guest or Sign in
May 12, 2017