Description
Annual update of information security risk assessment per ISO 27001 Clause 6.1.2.
Requirements
- Review and update asset inventory
- Identify new threats and vulnerabilities
- Reassess risk levels
- Update risk treatment plan
- Document changes
Applicable To
ISO 27001 Certified Organizations
Penalty Information
âš Outdated risk assessments can lead to non-conformity findings.