1. I'm trying to find out who the risk owner would be for a technical risk (one of the nine from the STEEPCOIL)
2. With regards to the risk categories, do you know which one a power surge or a loss of power would fall under?
Assign topic to the user
1. I'm trying to find out who the risk owner would be for a technical risk (one of the nine from the STEEPCOIL)
I'm assuming that by STEEPCOIL you are referring to the acronym to Social, Technical, Economic, Environmental, Political, Commercial, Organizational, IT & Legal, used to grouping risks and opportunities.
Considering that, please note that ISO 27001 does not prescribes who the risk owner must be, so you can define any role you see fit. The concept adopted by ISO 27001 to risk owner is the one with the accountability and authority to manage a risk, i.e. the one who is both interested in resolving a risk, and with enough authority to do something about it.
For example, an asset owner of a server might be the IT administrator, and a risk owner for risks related to this server might be his boss, the head of the IT department.
For further information, see:
- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
2. With regards to the risk categories, do you know which one a power surge or a loss of power would fall under?
Considering common definitions used for STEEPCOIL: the most adequate category for power surge and loss of power would be organizational risks because it covers risks related to structure and ownership assets responsible for the establishment and operation of a process facility (e.g., a power plant, or electricity company).
Comment as guest or Sign in
Mar 18, 2020