Assign ownership and accountabilities for strategic, aggregated, dynamic risks
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now 
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
Regardless of the type of risk, the risk owner should be someone with interest and authority to treat the risk.
Considering that, for strategic risks, the owner should be someone from top management.
By aggregated risks, I'm assuming you are referring to a set of related risks. In this case, the risk owner should be a role that can have the authority to treat all risks.
Regarding dynamic risks, the general rule about interest and authority applies.
This article will provide you a further explanation about risk owner:
- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
This material will also help you regarding Risk management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Oct 30, 2020