What is ISO 27001 Risk Assessment?
ISO 27001 Risk Assessment requires an organization to measure the risk (threats and vulnerabilities) to assets within the scope. There are two types of risk assessed within ISO 27001.
- Risk to the loss of confidentiality, integrity and availability (CIA) or preservation of CIA.
- Risk of non-compliance including legal / regulatory and contractual compliance.
The outputs of risk assessment include the risk treatment plan (RTP), statement of applicability (SoA) and also populate the ISMS controls such as policies, processes, training and awareness, business continuity, etc.
