Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Risk related to our building

I am still in risk assessment process, and there is a risk related to our building: water damage. This risk has high likelihood (since our building is built above a low level ground water, I mean: if we dig the ground for 2 meter depth, we can easily find water) and resulted in medium risk level. According to our organization's risk assessment policy, this risk level has to be mitigated. But somehow we can not find any feasible mitigation to respond to this risk, due to high cost investment. So, in times like this, what do will you suggest? My plan is to raise this issue to management and ask their approval to accept the risk.

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

After the Risk Assessment you need to perform the Risk Treatment, and basically for each risk you have 4 options: a.- Apply security controls, b.- Transfer the risk to another party, c.- Avoid the risk by stopping an activity that is too risky, d.- Accept the risk (when the cost for mitigating the risk is higher that the damage itself). In accordance with the situation that you are described, the bes t option for your business is d. In this case, I recommend you to talk with Top Management, because they have to know this situation and they need to accept formally the risks.

Also I recommend you to read this article about the difference between the Risk Treatment Plan and the Risk Treatment process Risk Treatment Plan and Risk Treatment Process Whats the difference? : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community