Expert Advice Community

Home / ISO 27001 & 22301 / Which assets to assess during the risk assessment

Guest

Which assets to assess during the risk assessment

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Which assets to assess during the risk assessment

ISO 27001 & 22301
My client is currently in the gap analysis phase of ISO 27001. The question I ave is: they have over 500 business applications. Do we need to risk assess all 500 applications?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.
Guest
DejanK Jan 12, 2016

If all of these 500 applications are within the ISMS scope, they have to assess all of them. However, if you have similar applications then you do not have to perform risk assessment for each of them separately - you can treat all similar applications as a single asset during the risk assessment process.

See also these articles:
- ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
- How to organize initial risk assessment according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/04/29/how-to-organize-initial-risk-assessment-according-to-iso-27001-and-iso-22301/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits
Guest user Created:   May 25, 2020 ISO 27001 & 22301
Replies: 3
0 0

Risk Assessment
Guest user Created:   Aug 17, 2017 ISO 27001 & 22301
Replies: 1
0 0

Risk assessment and business analysis impact