Guest
What to list in Risk assessment table
In the column Asset of my Risk Assessment Table shall I list also processes and activities which could have any risk, or just hardware, software, network, human resources?
Assign topic to the user
Answer:
ISO 27001 allows you to list anything you want, however we suggest you list only assets since we recommend using the asset-based risk assessment.
Since our Risk assessment methodology templates requires listing only the assets, if you decide to list processes/activities also, you should then change the methodology document as well.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016