ISO 27001 Information Security Risk Assessment is an ISO 27001 clause and a requirement of ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems to get ISO 27001 certification.
What is ISO 27001 Clause 8.2?
The organisation shall perform information security risk assessments at planned intervals or when significant changes are proposed or occur, taking account of the criteria established in 6.1.2 a).
The organisation shall retain documented information of the results of the information security risk assessments.
ISO 27001:2022 Clause 8.2 Information Security Risk Assessment