Information security risk assessment for ISO 27001 8.2

ISO 27001 Clause 8. 2 – Information security risk assessment

The organisation must perform risk assessments as determined in the work carried out under section 6.1 where the organization should define and apply an information security risk assessment process with defined information security risk and acceptance criteria. It must also include the criteria to carry out the assessments in order to ensure consistent, valid, and comparable results. The risk assessment process must include risk identification, analyses, and evaluation, and the process must be kept as documented information that includes the outcomes of those assessments.

Ready to take action?

Discover how ISMS.online can help you achieve or improve on your ISMS objectives

 

Need ISO 27001 policies and controls for your ISMS?

ISMS.online includes practical policies and controls for your organisation to easily adopt, adapt and add to, giving you up to 77% head start with ISO 27001 documentation. 

 

 

Ready to take action?

Discover how ISMS.online can help you achieve or improve on your ISMS objectives

ISMS Online Rating: 5 out of 5
Share This