|
|
Risk mitigation is a key part and mandatory component of
ISO27001. We will help you analyse the levels of information security risk within your organisations processes. Risk Assessment ISO27001 mandates an organisation to have a risk treatment process for compliance. Risk Process A risk process should ideally identify and display vulnerabilities, weaknesses and shortcomings to the security of the business operation. The risk process should consider risk treatment options and make appropriate recommendations for each risk identified. Risk Exercise Any organisation considering ISO27001 should carry out a risk treatment exercise at least annually, identifying which ISO27001 security controls are required to counter new and current risks. This will allow companies to demonstrate to the certification bodies (DNV, SGS, BSI, Lloyds and others) the actions that have been taken to identify and ultimately reduce the residual risk to an acceptable business or operational level. Traditional Risk Audits The concept is simple but effective. Reviewers will focus the planning, execution and reporting of ISO27001 risks on key management system processes and business objectives under the ISO27001 scoped area. Risk Based Audits Using this method a company will provide input as to which processes under the ISO27001 umbrella are most crucial to its business success. Naturally this type of review will focus on achieving and maintaining ISO27001 performance. |
Privacy
Copyright @ MCMXCVII - MMVIII ParkinsonHowe