Downloads

  
  Concerned about your IMS certification audits — engage IMS-Smart to review your ISMS and assist you to make certification audits a joy to look forward to
 

Mastering Risk Assessment and the Statement of Applicability — downloads

Use this page to download PDF copies of the documented information examples referred to in “Mastering Risk Assessment and the SOA”, available on Amazon. Instructions for using these examples are given in the book.

These downloads provide examples of the documented information required by ISO/IEC 27001, Clauses 6.1.2, 6.1.3, 8.2 and 8.3:

  • Example A.2: documented information about the risk assessment process (Clause 6.1.2)
  • Example A.3: documented information about the risk treatment process (Clause 6.1.3)
  • Example A.4: documented information about the risk assessment results (Clause 8.2)
  • Example A.5: documented information about the risk treatment results (Clause 8.3).

The documented information for the risk treatment results is presented in three parts – an example risk treatment plan (organisations following the prescription given in this book will have twelve of these); an example summary showing all twelve results together; and two examples (extracts) of a SOA.

The risk treatment plan example is itself presented in three parts: a template and two completed examples, one in list format and the other in story format.

Organisations are permitted to use these examples as given but treat them as a form to complete (as there are sections which require customisation). Alternatively, organisations can use them as examples and as inspiration for their own layouts and content.