Guest user Created: Feb 26, 2016 Last commented: Feb 26, 2016

Risk owner's approval

"6.1.3 (f) obtain risk owners's approval of the information security risk treatment plan and acceptance of the residual information security risks.

0 0

Assign topic to the user

Select user

Guest

Antonio Jose Segovia Feb 26, 2016

My question is when we need to obtain risk owner's approval and its' should be record as evidence?"

Answer:
Basically, the owner's approval is required before the Risk treatment plan is to be implemented. As evidence you can maintain a meeting with the risk owner (you need a minute of the meeting).

This article about the steps of the risk assessment & treatment can be interesting for you “ISO 27001 risk assessment & treatment – 6 basic steps” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

And also this article about the risk owners “Risk owners vs. Asset owners in ISO 27001:2013” : https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

Finally, maybe our online course can be also very interesting for you because we also talk about the risk owners “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 26, 2016

Expert Advice Community