The Ultimate Guide to ISO 27001 Clause 8.2 Information Security Risk Assessment

ISO 27001 Clause 8.2 Information Security Risk Assessment Essential Guide

What is ISO 27001 Clause 8.2?

The ISO 27001 standard requires an organisation to perform risk assessments and to keep evidence of the results.

ISO 27001 Clause 8.2 Information Security Risk Assessment clause is all about risk assessment.

Where we covered the planning in ISO 27001 Clause 6.1.2 here we look at the execution.

The ISO 27001 standard for ISO 27001 certification wants you define and implement a risk assessment process and then execute it and make sure it gets done.

That risk assessment process has to maintain evidence of the risk assessment which is done by using a risk register.

ISO 27001 Clause 8.2 Definition

The organisation shall perform information security risk assessments at planned intervals or when significant changes are proposed or occur, taking account of the criteria established in 6.1.2 a).
The organisation shall retain documented information of the results of the information security risk assessments.

ISO 27001 Clause 8.2 Information Security Risk Assessment

What is an example of a planned interval for ISO 27001 Clause 8.2?

Planned intervals means that you have a plan to conduct a risk assessment at a certain time. An example of a planned interval would be to conduct a risk assessment at least annually.

How often should you perform a risk assessment?

As a bench mark you would perform a full risk assessment at least annually.

In addition, you do a risk assessment every time there is a significant change.

Risks are actually regularly assessed at the management review team meeting as part of the structured management review team agenda.

It is best practice that these meeting should occur every month or at least once every 3 months.

How to conduct an ISO 27001 Risk Assessment

For details on how to conduct an ISO 27001 risk assessment read The Complete Guide to ISO 27001 Risk Assessment that talks you through it step by step.

The complete guide to ISO 27001 risk assessment

ISO 27001 Clause 8.2 Templates

ISO 27001 templates are a great way to implement your information security management system. Whilst an ISO 27001 toolkit can save you up to 30x in consulting fees and allow you to deliver up to 10x faster these individual templates help meet the specific requirements of ISO 27001 clause 8.2.

ISO 27001 Clause 8.2 FAQ

What is ISO 27001 Clause 8.2 Information Security Risk Assessment ?

The ISO 27001 standard requires an organisation to perform risk assessment at planned intervals or when things change and keep evidence of the risk assessment.

Where can I download ISO 27001 Clause 8.2 Information Security Risk Assessment?

You can download ISO 27001 Clause 8.2 Information Security Risk Assessment templates here: https://hightable.io/product/iso-27001-templates-toolkit/

ISO 27001 Clause 8.2 Information Security Risk Assessment example?

An example of ISO 27001 Clause 8.2 Information Security Risk Assessment can be found here: https://hightable.io/product/iso-27001-templates-toolkit/

Is there an ISO 27001 Clause 8.2 Information Security Risk Assessment risk register?

Yes. A complete guide to the ISO 27001 Clause 8.2 Information Security Risk Assessment risk register can be found here: https://hightable.io/risk-register/

Is there a guide to the risk management policy used in ISO 27001 Clause 8.2?

A guide to the ISO 27001 risk management policy used by ISO 27001 Clause 8.2 is located here: https://hightable.io/risk-management-policy/

How do you keep evidence of a risk assessment?

There are several ways to keep and how evidence of a risk assessment:
1. Hold an annual risk review meeting and minute the results
2. Maintain and use a risk register
3. Follow the structure agenda of the management review team meeting which covers risk assessment
4. Include risk assessment as part of your operational processes

How often do you conduct a risk assessment?

At least annually and as significant changes occur.

How do you conduct an ISO 27001 risk assessment?

Read the complete guide to ISO risk assessment here: https://hightable.io/iso-27001-risk-assessment-guide/

ISO 27001 Certification Requirements

Further Reading

For more on planning for risk assessment be sure to read: ISO 27001 Clause 6.1.2 Information security risk assessment Guide

For more on planning for risk treatment be sure to read: ISO 27001 Clause 6.1.3 Information Security Risk Treatment Guide

See Also

Reference

ISO/IEC 27001 Information Security Management

ISO 27001 Strategy Session
ISO 27001 ISO 27001 Toolkit
ISO 27001 Policy Bundle

ISO 27001 Templates Toolkit: Business Edition

ISO 27001 Policy Templates: Professional Edition

Stuart Barker

About the Author

Stuart Barker

Stuart is an ISO 27001 Consultant and author of the ISO 27001 Templates Toolkit. Over 20 years he has helped hundreds of organisations with the ISO 27001 standard and getting them ISO 27001 certification with a 100% success rate.

Shopping Cart