Risk management manual
Assign topic to the user
First is important to note that usually a methodology is written, not a manual.
To develop a risk assessment and treatment methodology compliant with ISO 27001 you must consider:
1) Define how to identify the risks that could cause the loss of confidentiality, integrity and/or availability of your information
2) Define how to identify the risk owners
3) Define criteria for assessing consequences and assessing the likelihood of the risk
4) Define how the risk will be calculated
5) Define criteria for accepting risks
To see how a Risk assessment and treatment methodology, I suggest you to take a look at the free demo of our Risk Assessment and Risk Treatment Methodology at this link: https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/
This article will provide you a further explanation about Risk assessment and treatment methodology:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
Comment as guest or Sign in
Sep 21, 2019