What exactly does the ISO 27001 risk analysis entail?
ISO 27001 risk analysis
Organisations wanting to demonstrate that they take measures to secure information internally can request an ISO 27001 certification audit. If the company meets the ISO 27001 requirements it will be granted an ISO 27001 certificate. Part of the ISO 27001 certification audit is an assessment of the risk analysis. The auditor considers whether the organisation requesting the audit has identified the possible risks and associated control measures properly. DEKRA can perform this as an independent party.
Need for ISO 27001 risk analysis
Content of ISO 27001 risk analysis
- a detailed list of potential risks for each business
- a list of those responsible for each risk
- the probability of a threat occurring
- a (measurable) summary of the impact if a threat occurs
- a consideration of whether to accept the risk or take control measures
- concrete control measures for each risk
- the actions required to implement new control measures