Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Risk Registers

  Quote
Guest
Guest user Created:   Jun 12, 2019 Last commented:   Jun 12, 2019

Risk Registers

1. How many risk registers can we have? Can we have a separate 1 for Business continuity and another for Security and another for the Enterprise? Or if we had 1 risk register how would we decide which risk belongs to which standard...?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 12, 2019

Answer: ISO management standards do not prescribe how to implement risk register, so both approaches are acceptable. A single risk register can show you a systemic view of all risks the organization is exposed to, but it is also more complex to analyze. A risk register for each aspect helps you focus on relevant risks for each aspect, but it will require more administrative effort to maintain. You have to evaluate these situations to identify which approach is better for your organization.

2. I also see that the risk assessment that came with the pack is asset based risk assessment.... is that mandatory?

Answer: ISO 27001 does not prescribe a methodology, only that one must be defined and documented, so you can adopt the methodology that best suits your needs. The asset-based risk assessment is includ ed in the toolkit because it is the most common approach used for information security risk assessment, and this is also the one that provides the best balance between precision and needed effort.

This article will provide you further explanation about risk assessment:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 12, 2019

Jun 12, 2019