Expert Advice Community

Home / ISO 27001 & 22301 / Who should access risk management documents

Guest

Who should access risk management documents

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Aug 24, 2018 Last commented:   Aug 24, 2018

Who should access risk management documents

ISO 27001 & 22301
Who in the company should have access to the SOA and the Risk assessment and the risk treatment tables? Is this something that is okay for internal use? Can all employees have access? or only managers? or only certain people?
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Dejan Kosutic Aug 24, 2018

Answer: When you perform the risk assessment, you should also assess the risks related to these ISMS documents - if the risks are high, then you should allow only a very few people to access them; if the risks are low, then you can allow a wider circle of people to access them.

This principle is called the classification of information - you can find more information in this article: https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 24, 2018

Aug 24, 2018

Suggested Topics
Guest user Created:   Jul 07, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 and ISO23301 Policies
Guest user Created:   Jun 30, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 questions
Guest user Created:   May 08, 2021 ISO 27001 & 22301
Replies: 4
0 0

Questions about scope, requirements and controls