Risk treatment
Assign topic to the user
Answer: No. Risk owners are persons from the organization that are responsible for the risks. What can happen is that the risk treatment can be transferred to a 3rd party, but the ultimate responsibility for the risk still is with the organization.
This article will provide you further explanation about risk treatment:
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
2 - And what about rules for interns?
Answer: The establishment of information security rules for interns must follow the local laws, regulations and other legal requirements applicable. On top of that, you can set any security rules for interns that reflect the risks related to their work.
This article will provide you further explanation about identification of requirements:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advis era.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
Additionally, in the video tutorials that came with your toolkit, you can see examples of how to fill out all the data for Risk assessment and Risk treatment.
Comment as guest or Sign in
Mar 16, 2017