What is the purpose of an ISO 27001 risk assessment?
To identify, evaluate, and treat security risks that could affect your business data and operations. Risk assessment is a requirement of ISO 27001 Clause 6 Planning. The output of the risk assessment includes mapping info security controls to Annex A Controls in the required Statement of Applicability (SOA) and categorizing similar controls in related Policies, Processes and Procedures.
