Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends July 18, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Risk Register vs Incident Log

  Quote
Guest
brianhopla Created:   Feb 06, 2018 Last commented:   Feb 08, 2018

Risk Register vs Incident Log

Are the risk register and incident log mutually exclusive or complementary documents? Are they both strictly necessary?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 08, 2018

Risk register and incident log are complementary documents. The first records what may happen, and the second what really happened.

Identified risks are required by ISO 27001, as part of the risk assessment and treatment process. Incident log is only required if there are unacceptable risks that justify controls that require its implementation (e.g., A.16.1.2 Reporting information security events).

These articles will provide you further explanation about risk register and incident log:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/

These materials will also help you regarding risk register and incident log:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-risk-management-in-plain-english/
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Feb 06, 2018

Feb 08, 2018

Suggested Topics

Guest user Created:   Oct 07, 2022 ISO 27001 & 22301
Replies: 1
0 0

Documentation request

Guest user Created:   Feb 07, 2023 ISO 27001 & 22301
Replies: 1
0 0

Conformio documentation