Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Risk register and incident register

  Quote
Guest
Guest user Created:   Jul 14, 2018 Last commented:   Jul 14, 2018

Risk register and incident register

We have a risk register and a risk methodology in place. I'm a bit confused as to whether a reported incident should be recorded on the risk register or whether incidents and risks should be recorded separately?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 14, 2018

Answer: An incident should be recorded separately, because this has really happened (risk has materialized) , while a risk is a potential occurrence (register them together may cause confusion). Information to be recorded shold not be limited to the event identified, but also contain information about how it was treated, so this record can be used as reference in the future.

These articles will provide you further explanation about risk management and incident management:
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

These materials will also help you regarding risk man agement and incident management:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 14, 2018

Jul 14, 2018

Suggested Topics

brianhopla Created:   Feb 06, 2018 ISO 27001 & 22301
Replies: 1
0 0

Risk Register vs Incident Log

Guest user Created:   Oct 07, 2022 ISO 27001 & 22301
Replies: 1
0 0

Documentation request

Guest user Created:   Sep 04, 2018 ISO 27001 & 22301
Replies: 1
0 0

Risk likelihood