Expert Advice Community

Guest

Risk Treatment and SoA

  Quote
Guest
Guest user Created:   May 06, 2017 Last commented:   May 06, 2017

Risk Treatment and SoA

I have a Question on ISO 27001 implementation. Do we need to address Risk treatment for all the SOA items?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 06, 2017

Answer: No. Risk treatment must be performed only for the controls stated as applicable in the SoA, unless they are already fully implemented and do not require corrections or improvements (sometime you will have a situation where a control already exist but is not performing as expected or you want to take the chance to improve its performance or efficiency, and the needed actions should be included in the risk treatment).

This article will provide you further explanation about Risk Treatment and SoA:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

These materials will also help you regarding Risk Treatment and SoA:
- Book ISO 27001 Risk Management in Plain Engli sh https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 06, 2017

May 06, 2017

Suggested Topics

Guest user Created:   Mar 24, 2017 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment and SOA

Guest user Created:   Apr 17, 2019 ISO 27001 & 22301
Replies: 1
0 0

Risk assessment and BIA