Risk owner's approval
Assign topic to the user
My question is when we need to obtain risk owner's approval and its' should be record as evidence?"
Answer:
Basically, the owner's approval is required before the Risk treatment plan is to be implemented. As evidence you can maintain a meeting with the risk owner (you need a minute of the meeting).
This article about the steps of the risk assessment & treatment can be interesting for you “ISO 27001 risk assessment & treatment – 6 basic steps” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
And also this article about the risk owners “Risk owners vs. Asset owners in ISO 27001:2013” : https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
Finally, maybe our online course can be also very interesting for you because we also talk about the risk owners “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 26, 2016