Guest user Created: Apr 10, 2019 Last commented: Apr 10, 2019

Risks and opportunities

In the organization in which we work, we have implemented and certified the Information Security System according to ISO 27001: 2013, as well as Quality in accordance with ISO 9001: 2015. It turns out that in the observations generated in the audits is that we must implement, justify and better evidence the Opportunities in what corresponds to the requirement 6.1.1 Actions to address risks and opportunities or Actions to address risks and opportunities.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 10, 2019

In our Integrated Management System we have implemented Risks and we have qualified very well in the audits, but insist that we need to better determine the Opportunities according to this common requirement for the 2 Norms (9001 and 27001).

Can you guide me to implement in a strategic and simple way this of the Opportunities, to fulfill of a part with the requirement and to qualify in the audits but mainly to administer properly this in our Integrated System of Management.)

Answer:

The most straightforward way to fulfill this treatment of opportunities is by means of continual impr ovements implemented to fulfill interested party requirements and achieve the ISMS expected goals. For example, if one of the ISMS's objectives is to increase employees productivity, implementing teleworking may be an opportunity to achieve that.

This article will provide you further explanation about risks and opportunities:
- How to address opportunities in ISO 27001 risk management using ISO 31000 https://advisera.com/27001academy/blog/2018/04/13/how-to-address-opportunities-in-iso-27001-risk-management-using-iso-31000/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 10, 2019

Expert Advice Community