Free PDF download: Risk Assessment and ISO 27001
ISO 27001 requires the organisation to produce a set of reports, based on the risk assessment, for audit and certification purposes.
Section 6.1.2 of ISO 27001 explicitly requires compliant organisations to carry out risk assessments based on agreed risk acceptance criteria. Conducting the risk assessment is often a tricky and complicated task, especially if it is your first time doing so.
Download this informative guide to risk assessment and ISO 27001 to discover:
- The three stages of the ISO 27005 risk assessment process: risk identification, analysis and evaluation;
- Risk assessment and the ISO 27001 Statement of Applicability;
- How to use risk assessments to achieve maximum benefits from minimum security costs; and
- How risk assessments fit into the continuous improvement cycle.