Guest
Risks registered is not effectives
We are SMB organization with 200 employees and 13 IT staff , the scope of implementation is only for IT department !!
We are implementing ISO 27001, the main challenge with is to identify and register the risks on an effectives and realistic manner,
We are working with the third party and they delivered 140 risks registered , we have couple of comments on the risks registered as the following
1- registered risks are not realistic and it's near to issue registered not risks
2- most of the risks registered are repeated with different way
3- 140 risks registered is very too much to manage it and maintain it
third party is used risks based on asset group !!
is it making sense, how we can resolve this issue ?
Assign topic to the user
Expert
Rhand Leal
Feb 22, 2022
Some tips we can provide are:
- you can exclude not realistic risks from your assessment, in case you understand they will not add value to your assessment.
- for the registered issues, you can work on identifying potential root cases for them, and these root causes can be evaluated if they can be considered risks or not
- you can rewrite repeated risks in a way to consolidate them in fewer controls
- in fact, 140 risk for an organization of your size is an expected quantity. Please note that after the risk treatment option only part of them will need to receive additional treatment.
This article will provide you a further explanation about risk assessment:
- ISO 27001 Risk Assessment, Treatment, & Management: The Complete Guide https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/
These materials will also help you regarding risk assessment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-risk-management-in-plain-english/
Comment as guest or Sign in
Feb 22, 2022
Feb 22, 2022
Feb 22, 2022