Actions to address risks and opportunities
This lesson pertains to close six off the ISO 27,000 and one standard.
Due to the length of this section, we will be studying this up into three many lessons.
Listen full 0.9 point one
actions to address risks and opportunities
specific to close 6.1 point one general.
In this lesson, we will cover the understanding off the two types of risks focused on by the icer 27,001 standard.
With this lesson, we're getting back into the specifics off the ice. So standard
for 6.1 pertains to actions to address risks and opportunities,
and this close is broken down into three main sections.
Name Nick was 6.1 point one general
Close 6.1 point two Information Security Risk Assessment.
An information security risk treatment in 6.1 point three
The previous sections we went into I so 27,000 and five,
which is the guidance document that gives a lot more detail around how to manage information security risk
close six and risk management as a whole
are extremely important processes in your SMS
and when you go through your certification orders. Ah, lot of time will be spent on this area to ensure that you as the person heading up the ice melts project
as well as the key organizations stakeholders as a whole as well
understand the risk management concepts and processes for your is a mess.
So there are two types of risks to be considered as part of the risk management process.
You will have your information security risks,
which directly relate to the loss off confidentiality, integrity or availability off information within your SMS scope.
The second type of risk,
which is other risks which could affect the outcomes and success off the ice. Miss,
a risk to your eyes. Miss Success
could be top management commitment
not being present or sufficient.
When you go through your pre certification and certification audits, the orderto will want to see if you have thought about risks that could impact the success off your ice mess.
Implementing an icy mess and successfully maintaining one is no easy measure.
Even when everything is perfectly aligned and because of the nature of what we do, there will always be some type of risk or obstacle, which may hinder your process.
Having these documented as early as possible in the process is really important.
You can really start thinking about these risks when you go through your organizational context back in close for
and the needs and expectations of your interested parties.
A lot of the risks to SMEs are often contained in that information.
It is up to you whether you want to handle the two categories of risk in the same way or keep them separate.
The key thing is at risks must be documented and evident to show the auditors.
Although we are talking about this as a stand alone concept, this is something that will be repeated throughout your isom is
as the goal is always to continually improve by addressing the identified risks and opportunities,
while close 6.1 point one general doesn't require specific mandatory documentation,
ensure that the concepts discussed here are documented somewhere
either as part of your overall risk assessment
was separately in, for example,
your own estimates manual.
Let's go through this information quickly.
The general Clause states that information security risks must be handled according to your risk management process,
and satisfy the steps discussed in previous sections,
meaning your risks must be identified, the likelihood and impact determined
and the risk level evaluated.
All other risks that could affect the SMS must be documented,
along with how these risks will be managed and mitigated throughout the ice. Amie's life cycles
opportunities that are identified should also be documented.
These can be ways in which the ice amiss can be made better or more effective
In this lesson recovered. The general section off closed 6.1,
and we also looked at the two main types of risks as defined by ISO 27,001.
I so looks at your general information security risks specifically pertaining to the information falling within the scope of your eye, Smith's
as well as the risks as well as opportunities
to the success of your SMS.