Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Risks registered is not effectives

  Quote
Guest
Guest user Created:   Feb 22, 2022 Last commented:   Feb 23, 2022

Risks registered is not effectives

We are SMB organization with 200 employees and 13 IT staff , the scope of implementation is only for IT department !! We are implementing ISO 27001, the main challenge with is to identify and register the risks on an effectives and realistic manner, We are working with the third party and they delivered 140 risks registered , we have couple of comments on the risks registered as the following 1- registered risks are not realistic and it's near to issue registered not risks 2- most of the risks registered are repeated with different way 3- 140 risks registered is very too much to manage it and maintain it third party is used risks based on asset group !! is it making sense, how we can resolve this issue ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 22, 2022

Some tips we can provide are:

  • you can exclude not realistic risks from your assessment, in case you understand they will not add value to your assessment.
  • for the registered issues, you can work on identifying potential root cases for them, and these root causes can be evaluated if they can be considered risks or not
  • you can rewrite repeated risks in a way to consolidate them in fewer controls
  • in fact, 140 risk for an organization of your size is an expected quantity. Please note that after the risk treatment option only part of them will need to receive additional treatment.

This article will provide you a further explanation about risk assessment:

These materials will also help you regarding risk assessment:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Feb 22, 2022

Feb 22, 2022