Expert Advice Community

Guest

Some questions about ISO 27001:2013

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Some questions about ISO 27001:2013

ISO 27001 indicates to identify the risks owners (clause 6.1.2 c.2 ). what is the purpose of this clause? how do we determine the risk owners ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 12, 2016

The purpose is to define a person or entity with the accountability and authority to manage a risk (this a definition that you can find in the ISO 27000:2014). And to determine the risk owners you should aim for someone who is closely related to processes and operations where the risks have been identified. Please read this article for more information “Risk owners vs. Asset owners in ISO 27001:2013”: https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

 

Is a communication plan mandatory in the ISMS documentation ? (clause 7.4)

 

Answer:

No, it is not mandatory. You can find a list of mandatory documents here “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

 

 The objectives mentioned in clause 6.2, does it refer to the objectives in the Statement Of Applicability (e.g. : in my company, we chose the whole Annex A for our SoA) 

 

Answer:

The objectives in ISO 27001 clause 6.2 can be set both for the whole ISMS, and/or for the control objectives in the Statement of Applicability - usually, the objectives are set at two levels: (1) the general ISMS level, and (2) at the level of security processes or security controls. See also this article: ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Guest user Created:   Jan 08, 2021 ISO 27001 & 22301
Replies: 1
0 0

Audit

Guest user Created:   Jun 23, 2020 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 implementation