Join me as we walk through the requirements for defining and documenting a risk assessment process for ISO 27001 that actually works.
This edition of GRC Lab is brought to you by … Kertos
Europes #1 Compliance Platform Kertos, automates your compliance standards, such as ISO 27001, GDPR, SOC 2, or the EU AI Act – from the initial analysis to the audit and as a sustainable solution far beyond.
In this session, we cover:
The “Planning” vs. “Execution” Trap: Clarifying the difference between Clauses 6.1.2 and 8.2.
The 3 Pillars of Assessment: A detailed look at Risk Identification, Risk Analysis, and Risk Evaluation.
Risk Owners: Who they actually are (hint: it’s usually not the IT department).
Methodologies Explained:
Qualitative Analysis: How to use a Risk Matrix (Likelihood vs. Impact).
Quantitative Analysis: How to calculate Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE).
Real-World Scenario: A practical example involving a Data Center in Hawaii and... a volcano. 🌋
Learn ISO 27001 Together with Me
Watching videos is a great start, but implementing an entire ISMS requires a structured approach combined with advice from those who already did it.
If you are ready to master the standard and get certified, I invite you to enroll in my ISO 27001 Lead Implementer Course.
New Update: I have recently upgraded the program. You now have the unique opportunity to work directly with me inside the course. Whether you are stuck on risk methodology or need a second pair of eyes on your scope, I’m here to help you cross the finish line.
