Risk owners and asset owners
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: In fact, the two combinations are possible: these can be two separate persons, or one person can perform both roles, but you should note that while the asset owner is responsible for the protection and management of an asset, considering all risks related to that asset, the risk owner is accountable for, and has authority for managing a risk, considering all assets that can be associated to that risk, which are quite different things. So, before assigning a person to these both roles you should ensure he/she will not be overburdened by these activities.
This article will provide you further explanation about Risk owner and asset owner:
- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
These materials will also help you regarding Risk owner and asset owner:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 20, 2017