ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

What's the difference between ISO 27005 and ISO 31000?

user-image
تم إضافة السؤال من قبل Ahmed OUESLATI , IT Risk Manager | Auditor | Security Consultant | Quality Manager , National Digital Certification Autority (Certified ISO 9001:2008 by TUV Rheinland)
تاريخ النشر: 2016/03/16
Nancy Refai
من قبل Nancy Refai , Health, safety and environmental management Trainer and consultant , Freelancer

ISO 27005 standard ‘provides guidelines for information security risk management’ and ‘supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. While ISO 31000 provides principles, framework and a process for managing risks. It gives consideration to all types of risks unlike the former mentioned 27005 which is specific for information security risks

ISO5 was designed to provide guidelines on Information Security Risk Management. It supports the implementation of ISMS based on ISO1 & ISO2 from a risk management perspective or approach.

ISO0 on the other hand was designed to provide guidelines on the management of risks be it strategic risk, credit risk, financial risk, operational risk, information security risk and all other risks you can think of. It is general and not tied to a particular risk. It talks about frameworks for the management of general risk.

So, the difference here is; ISO5 is specifically for managing Information Security risks while ISO0 is general to all types of risks.

Muhammad Saif ud-din Qureshi
من قبل Muhammad Saif ud-din Qureshi , Freelance QHSE & other Management Systems Auditing, Compliance, Development, Training & Maintenance , Working as a Free Lancer

Both are Guidelines for the Risk Management, but

ISO 27005 are the Guidelines for the Risk Management Evaluation and Implementation as per requirements of ISO 27001 Standard - Which is Information Security Management System.

On the other hand ISO 31000 are Guidelines for the Risk Management designing, Implementation and Maintenance throughout the Organization and emphasizes on ERM (Enterprise Risk Management). The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.

المزيد من الأسئلة المماثلة