Risk management
Assign topic to the user
Answer: For risk management in ISO 27001 you can use ISO 27005.
For risk management for ISO 9001, ISO 14001, ISO 45001 and ISO 22000 you can use ISO 31000 (which covers the risk management process) and ISO 31010 (which covers techniques and methodologies). ISO 27005 is based on ISO 31000, so you can easily integrate both approaches.
These articles will provide you further explanation about risk management:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/ 2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
These materials will also help you regarding risk management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
Jan 30, 2018