Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Taking into account existing controls in the risk assessment

We are on a good way on doing the risk assessment at the moment. There are a lot of controls that are already on place. We have assessed the risks as if we did not have to existing control and then again with the control. Question is, should we add the existing controls already to the risk assessment table or only start thinking those at the risk treatment table?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Answer: During the risk assessment you should take into account the existing controls, because they decrease the probability of your risk.

If we take the existing controls into account only in risk treatment table, there will be a lot of risks that are actually already on the acceptable level, since the controls are already in use.

Answer: This is true, but in your Statement of Applicability you will define those controls as applicable because you're already using them.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community