Expert Advice Community

Home / ISO 27001 & 22301 / Risk owner for the use of mobile devices

Guest

Risk owner for the use of mobile devices

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 17, 2019 Last commented:   Jan 17, 2019

Risk owner for the use of mobile devices

ISO 27001 & 22301
As most companies, many staff use their own mobile to access company emails. So they are the Asset owner but who is the Risk Owner?
0 0

Assign topic to the user

ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS

Basics of identification of interested parties and their requirements.

ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS

Basics of identification of interested parties and their requirements.
Expert
Dejan Kosutic Jan 17, 2019

Answer: This depends on the risk(s) you identified related to this activity. If there is a risk of loss of data or data leakage, the risk owner could be the Head of IT department; if there is a risk of inappropriate usage of the device, the risk owner could be the security officer, etc.

See also this article: Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 16, 2019

Jan 16, 2019

Suggested Topics
Anna Browne Created:   Feb 13, 2025 ISO 27001 & 22301
Replies: 0
0 0

Edit Risk register
Igor Created:   Dec 09, 2024 ISO 27001 & 22301
Replies: 0
0 0

Access Control Policy - Map Job titles to User Profiles
Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan