ISO 27001:2013
Assign topic to the user
The process you have set in place seems pretty systematic, but the auditor will look at the results, not the process itself. So for example, the auditor will check if risk owners are nominated for each risk (this is something that is new in 2013 revision), he won't care how you made this transition.
These articles will also help you:
How to make a transition from ISO 27001 2005 revision to 2013 revision https://advisera.com/27001academy/knowledgebase/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/
What has changed in risk assessment in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/what-has-changed-in-risk-assessment-in-iso-270012013/
Comment as guest or Sign in
Jan 12, 2016