Expert Advice Community

Home / ISO 27001 & 22301 / Taking into account the existing controls during the risk assessment

Guest

Taking into account the existing controls during the risk assessment

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Taking into account the existing controls during the risk assessment

ISO 27001 & 22301
I have a quick question regarding the risk assessment template that I got from you. During the assessment, where assess the impact and likelihood do I take into account the existing controls that I already have? If yes, then in the column existing control do I fill in in accordance to ISO 27002 controls? Please advise.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.
Guest
DejanK Jan 12, 2016

Answer:

Yes, when you assess the impact and the likelihood, you have to take into account the existing controls. In such cases, in the column "Existing controls" you can fill in just a plain description of the control, without referring to ISO 27001 or ISO 27002.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Oct 01, 2019 ISO 27001 & 22301
Replies: 1
0 0

Treatment and management of risks
Atheer AlMartan Created:   Feb 11, 2024 ISO 27001 & 22301
Replies: 1
0 0

Statement of Acceptance of Residual Risks
Tanya S Created:   Dec 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual Risk Calculations