ShareTerm ‘residual risk’ is mandatory in the risk management process according to ISO 27001, but is unfortunately very often used without appreciating the real meaning of the concept.
What is residual risk?
According to ISO 27001, residual risk is “the risk remaining after risk treatment”.
Here is how it works: first you have to identify the risks, and [...]
![]()