Guest
Risk treatment options
Do we need to specify the treatment control for transferring risk to third party.
Assign topic to the user
Expert
Rhand Leal
Jul 02, 2020
Please note that "risk transfer" is the general approach to treat risk, and according to ISO 27001 you need to specify which controls you will apply to implement this option (e.g. controls from section A.15 for suppliers and control A.13.2.2 Agreements on information transfer for third parties in general).
These articles will provide you a further explanation about risk treatment:
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
This material will also help you regarding risk treatment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Jul 02, 2020
Jul 02, 2020
Jul 02, 2020