- Virtual Consultant
- Learning center
WATCH THE WEBINAR RECORDING
Professionals with little or moderate experience in internal audit according to ISO 27001/ISO 22301, including:
Presenter: Dejan Kosutic
Format: Recorder webinar
Duration: 111m 29s (1h 51m 29s)
Why is risk treatment important?
Risk treatment is the second part of the risk management, right after the risk assessment process – the purpose of risk treatment is, once you know where the risks are, to define how to control those risks.
During risk treatment the controls from ISO 27001 Annex A are usually selected as a means to decrease risk – while doing it, it is very important to balance between decreasing the risks and the cost of controls, because you may end up investing too much in a certain control while you may have had a cheaper alternative.
Statement of Applicability is the key document listing all the controls from Annex A – not only does it define which controls will be used, but it also defines what should those controls achieve, why they were selected etc. This document serves as the starting point for the implementation process of the controls.