Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Ѵ-u]-mb-1bॕm-1b;m7o&vo7;
m--|ub7;m࢙Ѵbvbv
21
ƓĺƑolru;mvbॕm7;Ѵ-v;1;vb7-7;v r;1|-ঞ-v7;Ѵ-v-u|;vm|;u;v-7-v
$Ĺovu;tbvb|ov7;Ѵ-vr-u|;vbm|;u;v-7-v
r;7;mbm1Ѵbuu;tbvb|ovѴ;]-Ѵ;vu;]Ѵ-|oubovķ
-vझ1oloo0Ѵb]-1bom;v1om|u-1|-Ѵ;vĺ
-u|;m|;u;v-7-;vm-r;uvom-ou]-mb-1bॕmt;r;7;-=;1|-uķ;uv;-=;1|-7-or;u1b0buv;1olo
-=;1|-7-roum-7;1bvbॕmo-1ঞb7-7ĺ
Ѵ]mov;f;lrѴov7;r-u|;vbm|;u;v-7-vĹ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
22
Ɠĺƒ ;|;ulbm-1bॕm7;ѴѴ1-m1;7;Ѵ"bv|;l-7;;vঞॕm7;Ѵ-";]ub7-77;Ѵ-
Información
-ou]-mb-1bॕm7;0;7;|;ulbm-uѴovѴझlb|;vѴ--rѴb1-0bѴb7-77;Ѵvbv|;l-7;];vঞॕm7;Ѵ-v;]ub7-7
7;Ѵ-bm=oul-1bॕmr-u-;v|-0Ѵ;1;uv-Ѵ1-m1;ĺ
-m7ov;7;|;ulbm-;v|;-Ѵ1-m1;ķѴ-ou]-mb-1bॕm7;0;1omvb7;u-uĹ
ĺ -v1;v|bom;v;|;um-v;bm|;um-vu;=;ub7-v;m;Ѵ-r-u|-7oƓĺƐĺ
ĺ ovu;tbvb|ovu;=;ub7ov;m;Ѵ-r-u|-7oƓĺƑĺ
ĺ -vbm|;u=-1;v7;r;m7;m1b-v;m|u;Ѵ-v-1|bb7-7;vu;-Ѵb-7-vrouѴ-ou]-mb-1bॕmѴ-vt;v;ѴѴ;-m
-1-0orouo|u-vou]-mb-1bom;vĺ
Ѵ-Ѵ1-m1;7;0;;v|-u7bvromb0Ѵ;1olobm=oul-1bॕm7o1l;m|-7-ĺ
23
-u-;Ѵ-Ѵ1-m1;;vu;Ѵ;-m|;|;m;u;m1;m|-Ѵovvb]b;m|;v-vr;1|ovĹ
վ ovu;vѴ|-7ov7;Ѵ1om|;|oĺ
վ ovu;vѴ|-7ov7;Ѵ-m࢙Ѵbvbv7;0u;1_-vĺ
վ ov"bv|;l-v7;;v|bॕm;bv|;m|;v;mѴ-ou]-mb-1bॕmĺ
վ -v࢙u;-v7;-rѴb1-1bॕmt;7-m-Ѵou-Ѵ-vr-u|;vbm|;u;v-7-vĺ
վ ovu;tbvb|ovѴ;]-Ѵ;vķu;]Ѵ-|oubovķ1om|u-1|-Ѵ;vĺ
վ ovo0f;|bov7;Ѵ-u]-mb-1bॕmĺ
վ ovѴझlb|;vou]-mb-1bom-Ѵ;vĺ
վ ovѴझlb|;v7;Ѵovvbv|;l-v7;bm=oul-1bॕmĺ
վ ovѴझlb|;v=झvb1ovĺ
&m7o1l;m|o7;7;Cmb1bॕm7;-Ѵ1-m1;ro7uझ-1omvb7;u-uѴovb]b;m|;Ĺ
վ ;=bmb1bॕm7;ѴѴ1-m1;ĺ
վ -u-1|;uझv|b1-v7;Ѵ-ou]-mb-1bॕmĺ
վ uo1;vov7;Ѵ-ou]-mb-1bॕmĺ
վ m1bom;vu;vromv-0bѴb7-7;vĺ
վ 1|bov7;m=oul-1bॕmĺ
վ "bv|;l-v7;m=oul-1bॕmĺ
վ &0b1-1bॕm];o]u࢙=b1-ĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
ƓĺƓ"bv|;l-7;;vঞॕm7;Ѵ-";]ub7-7
de la Información
- ou]-mb-1bॕm 7;0; ;v|-0Ѵ;1;uķ blrѴ;l;m|-uķ
l-m|;m;u l;fou-u 7; l-m;u- 1omঞm- m
vbv|;l- 7; ];vঞॕm 7; Ѵ- v;]ub7-7 7; Ѵ-
bm=oul-1bॕmķ 7; -1;u7o 1om Ѵov u;tbvb|ov 7;
;v|-moul-bm|;um-1bom-Ѵĺ
24
$-ѴѴ;uĹ ;=bmbu;ѴѴ1-m1;7;Ѵ""
25
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
26
Ɣĺb7;u-]o
5.1 Liderazgo y Compromiso
ĺ olmb1-m7oѴ-blrou|-m1b-7;m-];v|bॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕm;=b1-1om=oul;
1omѴovu;tbvb|ov7;Ѵvbv|;l-7;];v|bॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ v;]u-m7ot;;Ѵvbv|;l-7;];v|bॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕm1omvb];Ѵovu;vѴ|-7ov
ru;bv|ovĺ
ĺ bub]b;m7o -ro-m7o - Ѵ-v r;uvom-vķ r-u- 1om|ub0bu - Ѵ- ;=b1-1b- 7;Ѵ vbv|;l- 7; ];v|bॕm 7; Ѵ-
v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ uolob;m7oѴ-l;fou-1om|bm-ĺ
Ѵ1olruolbvo7;Ѵ-Ѵ|- bu;11bॕmr;7;7;lov|u-uv;rou;f;lrѴorouĹ
վ v|-0Ѵ;1b;m7oķruo0-m7oro-m7o;Ѵ1lrѴblb;m|om-oѴझ|b1-7;";]ub7-77;Ѵ-bm=oul-1bॕmĺ
վ ruo0-uv;]u-uѴovu;1uvovm;1;v-ubovr-u-;Ѵ""ĺ
վ v;]u-m7ot;;Ѵ""|b;m;7;=bmb7ovѴovuoѴ;vķѴ-vu;vromv-0bѴb7-7;vѴ-v-|oub7-7;vĺ
վ olmb1-m7oѴ-blrou|-m1b-7;Ѵ-";]ub7-77;Ѵ-m=oul-1bॕmĺ
վ o|b-m7o-Ѵov1oѴ-0ou-7ou;vr-u-1om|ub0bu-Ѵ-;=b1-1b-7;Ѵ""ĺ
վ ou|-Ѵ;1b;m7oѴ-u;m7b1bॕm7;1;m|-vrouu;vѴ|-7ov7;];v|bॕm7;v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
վ v|-0Ѵ;1b;m7oѴ-v1om7b1bom;v-7;1-7-vr-u-;ѴbmoѴ1u-lb;m|o7;Ѵov1oѴ-0ou-7ou;v;m;ѴѴo]uo
7;Ѵovo0f;|bov7;v;]ub7-77;bm=oul-1bॕm7;Ѵ-ou]-mb-1bॕmĺ
27
ƔĺƑoѴझঞ1-
--Ѵ|-7bu;11bॕm7;0;;v|-0Ѵ;1;um-roѴझঞ1-7;v;]ub7-77;Ѵ-bm=oul-1bॕmt;Ĺ
ĺ ";--7;1-7--Ѵruorॕvb|o7;Ѵ-ou]-mb-1bॕmĺ
ĺ m1Ѵ-o0f;|bov7;v;]ub7-77;Ѵ-bm=oul-1bॕmŐ࣐-v;ѵĺƑőoruorou1bom;ml-u1o7;u;=;u;m1b-
r-u-;Ѵ;v|-0Ѵ;1blb;m|o7;Ѵovo0f;|bov7;v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ m1Ѵ-;Ѵ1olruolbvo7;1lrѴbu1omѴovu;tbvb|ov-rѴb1-0Ѵ;v-Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ m1Ѵ-;Ѵ1olruolbvo7;l;fou-1om|bm-7;Ѵvbv|;l-7;];v|bॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
-roѴझঞ1-7;v;]ub7-77;Ѵ-bm=oul-1bॕm7;0;Ĺ
ĺ
v|-u 7bvromb0Ѵ; 1olo bm=oul-1bॕm
7o1l;m|-7-ĺ
ĺ olmb1-uv;7;m|uo7;Ѵ-ou]-mb-1bॕmĺ
ĺ v|-u 7bvromb0Ѵ; r-u- Ѵ-v r-u|;v bm|;u;v-7-vķ
v;]িmv;--ruorb-7oĺ
Ѵ]movl࣐|o7ov7;1olmb1-1bॕmbm|;um-7;Ѵ-
oѴझঞ1-7;";]ub7-77;Ѵ-m=oul-1bॕmr;7;m
v;uѴovvb]b;m|;vĹ
վ m711bॕm;m|u;m-lb;m|ol;7b-m|;1_-uѴ-vĺ
վ mझorou1ouu;o;Ѵ;1|uॕmb1oĺ
m|u;]-7;l-m;u-r;uvom-Ѵĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
վ
վ 0Ѵb1-1bॕm ;m |-0Ѵom;v 7; -mm1bov
Ő ;1Ѵ-u-1bॕm 7; oѴझ|b1- 7; ";]ub7-7 7; Ѵ-
m=oul-1bॕmőĺ
վ 0Ѵb1-1bॕm;mѴ-m|u-m;|1ourou-|b-ĺ
oo0v|-m|;;v|ovl࣐|o7ovr;7;mv-uv;7;l-m;u-bm7bb7-Ѵo7;=oul-1ol0bm-7-1olor-u|;
7;muo]u-l-r;ul-m;m|;7;";mvb0bѴb-1bॕm;m";]ub7-77;Ѵ-m=oul-1bॕmv;7;0;-v;]u-u
t;Ѵov1oѴ-0ou-7ou;v1olru;m7-m;mঞ;m7-mѴ-oѴझঞ1-7;";]ub7-77;Ѵ-m=oul-1bॕmĸ;v|ov
u;vѴ|-7ov r;7;m l;7buv; l;7b-m|; Ѵ- u;-Ѵb-1bॕm 7; ;-Ѵ-1bom;v r;ubॕ7b1-v -vझ ];m;u-u
u;]bv|uov1omѴovu;vѴ|-7ovo0|;mb7ov7;|;ulbm-ul;fou-vĺ
28
5.3 Roles, Responsabilidades y Autoridades en la Organización
--Ѵ|-7bu;11bॕm7;0;-v;]u-uv;t;Ѵ-vu;vromv-0bѴb7-7;v-|oub7-7;vr-u-ѴovuoѴ;vr;uঞm;m|;v
-Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmv;-vb]m;m1olmbt;m7;m|uo7;Ѵ-ou]-mb-1bॕmĺ
ĺ v;]u-uv; t; ;Ѵ vbv|;l- 7; ];v|bॕm 7; Ѵ- v;]ub7-7 7; Ѵ- bm=oul-1bॕm ;v 1om=oul; 1om Ѵov
u;tbvb|ov7;;v|-moul-bm|;um-1bom-Ѵĺ
ĺ m=oul-u-Ѵ--Ѵ|-7bu;11bॕmvo0u;;Ѵ1olrou|-lb;m|o7;Ѵvbv|;l-7;];v|bॕm7;Ѵ-v;]ub7-77;Ѵ-
bm=oul-1bॕmĺ
$Ĺ--Ѵ|-7bu;11bॕm|-l0b࣐mr;7;-vb]m-uu;vromv-0bѴb7-7;v-|oub7-7;vr-u-bm=oul-uvo0u;
;Ѵ 1olrou|-lb;m|o 7;Ѵ vbv|;l- 7; ];vঞॕm 7; Ѵ- v;]ub7-7 7; Ѵ- bm=oul-1bॕm 7;m|uo 7; Ѵ-
ou]-mb-1bॕmĺ
29
m;v|-=-v;7;_-7;7;Cmbu1Ѵ-u-l;m|;Ѵov!oѴ;vķ!;vromv-0bѴb7-7;v|oub7-7;vvo0u;";]ub7-7
7;Ѵ-m=oul-1bॕmr-u-;ѴѴo;vm;1;v-ubo7;vb]m-u-Ѵu;vromv-0Ѵ;7;v;]ub7-77;Ѵ-m=oul-1bॕmķ
;v|-0Ѵ;1;uѴ-v-|oub7-7;vt;r;7;mv;ul;7b-m|;Ѵ-7;vb]m-1bॕm7;molb|࣐""ĺ
-v0;m-vru-1ঞ1-vmovbm7b1-mt;;v|;olb|࣐""r;7;;v|-u1om=oul-7orouu;ru;v;m|-m|;vѴ-v
࢙u;-v7;Ѵ-u;Ѵ;-m|;v7;Ѵ-ou]-mb-1bॕm1olorou;f;lrѴoѴ|- bu;11bॕmķ7lbmbv|u-1bॕm bm-m-vķ
!;1uvovl-movķ$;1moѴo]झ-7;m=oul-1bॕm;]-Ѵĺ
vblbvlov;7;0;m;v|-0Ѵ;1;uѴ-vu;vromv-0bѴb7-7;vr-u-;ѴC1b-Ѵ7;";]ub7-77;Ѵ-m=oul-1bॕmķ
;Ѵolb|࣐""Ő7;v;u;Ѵ1-voőѴovoѴ-0ou-7ou;v7;Ѵ-u]-mb-1bॕmĺ
vblrou|-m|;t;|;m;u;m1;m|-t;;Ѵu;vromv-0Ѵ;7;";]ub7-77;Ѵ-m=oul-1bॕmmo7;0;
7;r;m7;u f;u࢙utb1-l;m|; 7;Ѵ ࢙u;- 7; $ rout; v; 7;0; |;m;u bm7;r;m7;m1b- r;ulbঞu
-7;1-7-l;m|;v;1lrѴ-1omѴ-v;]u;]-1bॕm7;=m1bom;vĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
30
ѵĺѴ-mb=b1-1bॕm
31
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
6.1 Acciones para Tratar los Riesgos y Oportunidades
ѴrѴ-mbC1-u;Ѵvbv|;l-7;];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmķѴ-ou]-mb-1bॕm7;0;1omvb7;u-u
Ѵ-v1;vঞom;v-Ѵ-vt;v;_-1;u;=;u;m1b-;m;Ѵ-r-u|-7oƓĺƐѴovu;tbvb|ovbm1Ѵb7ov;m;Ѵapartado
ƓĺƑķ7;|;ulbm-uѴovub;v]ovorou|mb7-7;vt;;vm;1;v-ubo|u-|-u1om;ѴCm7;Ĺ
ĺ v;]u-ut;;Ѵvbv|;l-7;];v|bॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmr;7-1omv;]buvvu;vѴ|-7ov
ru;bv|ovĺ
ĺ u;;mbuou;71bu;=;1|ovbm7;v;-7ovĺ
ĺ o]u-uѴ-l;fou-1om|bm-ĺ
-ou]-mb-1bॕm7;0;rѴ-mbC1-uĹ
ĺ -v-11bom;vr-u-|u-|-u;v|ovub;v]ovorou|mb7-7;vĺ
ĺ -l-m;u-7;Ĺ
Ɛĺ m|;]u-u;blrѴ;l;m|-uѴ-v-11bom;v;mѴovruo1;vov7;Ѵvbv|;l-7;];v|bॕm7;Ѵ-v;]ub7-77;
Ѵ-bm=oul-1bॕmĺ
Ƒĺ -Ѵ-uѴ-;=b1-1b-7;;v|-v-11bom;vĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
-ou]-mb-1bॕm7;0;7;Cmbu-rѴb1-umruo1;vo7;-ru;1b-1bॕm7;ub;v]ov7;v;]ub7-77;Ѵ-
bm=oul-1bॕmt;Ĺ
ĺ v|-0Ѵ;1-l-m|;m]-1ub|;ubovvo0u;ub;v]ov7;v;]ub7-77;Ѵ-bm=oul-1bॕmbm1Ѵ;m7oĹ
Ɛĺ ov1ub|;ubov7;-1;r|-1bॕm7;Ѵovub;v]ovĺ
Ƒĺ ov1ub|;ubovr-u-ѴѴ;-u-1-0oѴ-v-ru;1b-1bom;v7;Ѵovub;v]ov7;v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ v;]u;t;Ѵ-vv1;vb-v-ru;1b-1bom;v7;Ѵovub;v]ov7;v;]ub7-77;Ѵ-bm=oul-1bॕm];m;u-m
u;vѴ|-7ov1omvbv|;m|;vķ࢙Ѵb7ov1olr-u-0Ѵ;vĺ
32
ĺ 7;m|b=bt;Ѵovub;v]ov7;v;]ub7-77;Ѵ-bm=oul-1bॕmĹ
Ɛĺ Ѵ;-m7o - 1-0o ;Ѵ ruo1;vo 7; -ru;1b-1bॕm 7; ub;v]ov 7; v;]ub7-7 7; Ѵ- bm=oul-1bॕm r-u-
b7;m|b=b1-uѴovub;v]ov-vo1b-7ov-Ѵ-r࣐u7b7-7;1om=b7;m1b-Ѵb7-7ķbm|;]ub7-77bvromb0bѴb7-77;
Ѵ-bm=oul-1bॕm;m;Ѵ-Ѵ1-m1;7;Ѵvbv|;l-7;];v|bॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
Ƒĺ 7;m|b=b1-m7o-Ѵov7;ोov7;Ѵovub;v]ovĺ
Riesgo: =;1|o7;Ѵ-bm1;uঞ7l0u;;mѴovo0f;ঞovĺ
&m;=;1|o;vm-7;vb-1bॕm7;Ѵo;vr;u-7oĸr;7;v;urovbঞoķm;]-ঞoo-l0ovķr;7;-0ou7-uķ
1u;-uou;vѴ|-u;morou|mb7-7;v-l;m--vĺ
ovbঞoĹ-m-m1b-o|;m1b-Ѵņ;]-ঞoĹ"1;vor;uf7b1b-Ѵĺ
Ѵub;v]ov;;ru;v-];m;u-Ѵl;m|;;m|࣐ulbmov7;=;m|;v7;ub;v]oķ;;m|ovro|;m1b-Ѵ;vķvv
1omv;1;m1b-vvruo0-0bѴb7-7ĺ
Nivel de riesgo:-]mb|77;mub;v]o;ru;v-7-;m|࣐ulbmov7;Ѵ-1ol0bm-1bॕm7;Ѵ-v1omv;1;m1b-v
7;vruo0-0bѴb7-7ĺ
ovub;v]ov7;v;]ub7-77;Ѳ-bm=oul-1bࡱmvomѲov-vo1b-7ov-Ѳ-rߪu7b7-7;Ѳ-1omC7;m1b-Ѳb7-7Ķbm|;]ub7-7
y disponibilidad para la información.
33
Propietario del riesgo:;uvom-o;mঞ7-7t;ঞ;m;Ѵ-u;vromv-0bѴb7-7-|oub7-7r-u-];vঞom-um
ub;v]oĺ
Amenaza:-v-ro|;m1b-Ѵ7;mbm1b7;m|;mo7;v;-7oķ;Ѵ1-Ѵr;7;o1-vbom-u7-ोo-mvbv|;l-
o-m-ou]-mb-1bॕmĺ
Vulnerabilidad: ;0bѴb7-77;m-1ঞoo1om|uoѴt;r;7;v;u-ruo;1_-7oroum-ol࢙v-l;m--vĺ
Control:l;7b7-t;lo7bC1-;Ѵub;v]oĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
ĺ m-Ѵb1;Ѵovub;v]ov7;v;]ub7-77;Ѵ-bm=oul-1bॕmĹ
Ɛĺ (-Ѵou-m7o Ѵ-v rovb0Ѵ;v 1omv;1;m1b-v t; u;vѴ|-uझ-m vb Ѵov ub;v]ov b7;m|b=b1-7ov ;m ;Ѵ rm|o
6.1.2 c) 1)ѴѴ;]-v;m-l-|;ub-Ѵb-uv;ĺ
Ƒĺ (-Ѵou-m7o 7; =oul- u;-Ѵbv|- Ѵ- ruo0-0bѴb7-7 7; o1uu;m1b- 7; Ѵov ub;v]ov b7;m|b=b1-7ov ;m ;Ѵ
rm|o6.1.2 c) 1).
ƒĺ ;|;ulbm-m7oѴovmb;Ѵ;v7;ub;v]oĺ
ĺ -Ѵি;Ѵovub;v]ov7;v;]ub7-77;Ѵ-bm=oul-1bॕmĹ
Ɛĺ olr-u-m7oѴovu;vѴ|-7ov7;Ѵ-m࢙Ѵbvbv7;ub;v]ov1omѴov1ub|;ubov7;ub;v]o;v|-0Ѵ;1b7ov;m;Ѵ
rm|o6.1.2 a).
Ƒĺ uboub-m7o;Ѵ|u-|-lb;m|o7;Ѵovub;v]ov-m-Ѵb-7ovĺ
- ou]-mb-1bॕm 7;0; 1omv;u-u bm=oul-1bॕm 7o1l;m|-7- vo0u; ;Ѵ ruo1;vo 7; -ru;1b-1bॕm 7;
ub;v]ov7;v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
34
6.1.3 Tratamiento de los Riesgos de Seguridad de la Información
-ou]-mb-1bॕm7;0;7;Cmbu;=;1|-umruo1;vo7;|u-|-lb;m|o7;Ѵovub;v]ov7;v;]ub7-77;Ѵ-
bm=oul-1bॕmr-u-Ĺ
ĺ ";Ѵ;11bom-u Ѵ-v or1bom;v -7;1-7-v 7; |u-|-lb;m|o 7; ub;v]ov 7; v;]ub7-7 7; Ѵ- bm=oul-1bॕm
|;mb;m7o;m1;m|-Ѵovu;vѴ|-7ov7;Ѵ--ru;1b-1bॕm7;ub;v]ovĺ
ĺ ;|;ulbm-u|o7ovѴov1om|uoѴ;vt;v;-mm;1;v-ubovr-u-blrѴ;l;m|-uѴ-Ővőor1bॕmŐ;vő;Ѵ;]b7-Ővő7;
|u-|-lb;m|o7;ub;v]ov7;v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
NOTA:-vou]-mb-1bom;vr;7;m7bv;ो-u1om|uoѴ;vv;]িmv;-m;1;v-uboķob7;mঞC1-uѴov-r-uঞu7;
1-Ѵtb;u=;m|;ĺ
ĺ olr-u-uѴov1om|uoѴ;v7;|;ulbm-7ov;m;Ѵrm|o6.1.3 b)1omѴov7;Ѵ-m;o1olruo0-ut;mo
v;_-molb|b7o1om|uoѴ;vm;1;v-ubovĺ
NOTA 2Ĺovo0f;ঞov7;1om|uoѴv;bm1Ѵ;mblrѴझ1b|-l;m|;;mѴov1om|uoѴ;vv;Ѵ;11bom-7ovĺov
o0f;ঞov7;1om|uoѴѴov1om|uoѴ;v;ml;u-7ov;m;Ѵ-m;omovom;_-vঞovķrouѴot;r;7;m
v;um;1;v-ubovo0f;ঞov7;1om|uoѴ1om|uoѴ;v-7b1bom-Ѵ;vĺ
35
ĺ oulѴ-uun plan de tratamiento de riesgos7;v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ 0|;m;u Ѵ- -ruo0-1bॕm 7;Ѵ rѴ-m 7; |u-|-lb;m|o 7; ub;v]ov 7; v;]ub7-7 7; Ѵ- bm=oul-1bॕm Ѵ-
-1;r|-1bॕm7;Ѵovub;v]ovu;vb7-Ѵ;v7;v;]ub7-77;Ѵ-bm=oul-1bॕmrour-u|;7;Ѵov7;ोov7;Ѵov
ub;v]ovĺ
- ou]-mb-1bॕm 7;0; 1omv;u-u bm=oul-1bॕm 7o1l;m|-7- vo0u; ;Ѵ ruo1;vo 7; |u-|-lb;m|o 7;
ub;v]ov7;v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
NOTAĹ--ru;1b-1bॕm7;Ѵovub;v]ov7;v;]ub7-77;Ѵ-bm=oul-1bॕm;Ѵruo1;vo7;|u-|-lb;m|o
u;1o]b7o;m;v|-moul-bm|;um-1bom-Ѵv;-Ѵbm;-m1omѴovrubm1brbov7bu;1|ub1;v];m࣐ub1-v7;Cmb7ov
;mѴ-oul-"ƒƐƏƏƏĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
Estrategias
Asumir: ";-vl;ou;ঞ;m;;Ѵub;v]o;mvmb;Ѵ
-1|-Ѵĺ
Transferir: olr-u|o;Ѵub;v]o1omr-u|;v;|;um-v
Ő1olru-7;mv;]uoo|;u1;ub-1bॕm7;v;ub1bovőĺ
Eliminar:-m1;ѴoѴ--1ঞb7-7t;];m;u-;Ѵub;v]oĺ
36
Plan de Tratamiento de Riesgos
Riesgo residual:ub;v]ou;l-m;m|;7;vr࣐v7;Ѵ|u-|-lb;m|o7;Ѵub;v]oĺ
վ v|; 7o1l;m|o ruorou1bom- 7bu;1|ub1;v r-u- ];v|bom-u ;Ѵ ub;v]o -Ѵ t; v; ;m=u;m|-m Ѵ-v
ou]-mb-1bom;vĺ--rѴb1-1bॕm7;;v|-v7bu;1|ub1;vr;7;-7-r|-uv;-1-Ѵtb;uou]-mb-1bॕm-v
1om|;|oĺ
վ v|;7o1l;m|oruorou1bom-m;m=ot;1olিmr-u-];v|bom-u1-Ѵtb;u|bro7;ub;v]omo;v
;vr;1झ=b1o7;m-bm7v|ub-omv;1|ouĺ
վ v|;7o1l;m|or;7;|bѴb-uv;-ѴoѴ-u]o7;Ѵ-b7-7;Ѵ-ou]-mb-1bॕmr;7;-rѴb1-uv;-1-Ѵtb;u
-1|bb7-7ķbm1Ѵ;m7oѴ-|ol-7;7;1bvbom;v-|o7ovѴovmb;Ѵ;vĺ
37
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
38
$-ѴѴ;uĹ ;=bmbu ;1Ѵ-u-1bॕm 7;
rѴb1-0bѴb7-7 r-u- Ɣ om|uoѴ;v 7;Ѵ
m;o
39
ѵĺƑ0f;ঞov7;";]ub7-77;Ѵ-m=oul-1bॕmѴ-mbC1-1bॕmr-u-vomv;11bॕm
- ou]-mb-1bॕm 7;0; ;v|-0Ѵ;1;u Ѵov o0f;ঞov 7; v;]ub7-7 7; Ѵ- bm=oul-1bॕm ;m Ѵ-v =m1bom;v
mb;Ѵ;vr;uঞm;m|;vĺ
ovo0f;ঞov7;v;]ub7-77;Ѵ-bm=oul-1bॕm7;0;mĹ
ĺ ";u1o_;u;m|;v1omѴ-roѴझ|b1-7;v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ ";ul;7b0Ѵ;vŐvb;vrovb0Ѵ;őĺ
ĺ $;m;u ;m 1;m|- Ѵov u;tbvb|ov 7; v;]ub7-7 7; Ѵ- bm=oul-1bॕm -rѴb1-0Ѵ;v Ѵov u;vѴ|-7ov 7; Ѵ-
-ru;1b-1bॕm7;Ѵ|u-|-lb;m|o7;Ѵovub;v]ovĺ
ĺ ";u1olmb1-7ovĺ
ĺ ";u-1|-Ѵb-7ovķv;]িmv;--ruorb-7oĺ
-ou]-mb-1bॕm7;0;1omv;u-ubm=oul-1bॕm7o1l;m|-7-vo0u;Ѵovo0f;ঞov7;v;]ub7-77;Ѵ-
bm=oul-1bॕmĺ
-m7ov;_-1;Ѵ-rѴ-mbC1-1bॕmr-u-Ѵ-1omv;11bॕm7;Ѵovo0f;ঞov7;v;]ub7-77;Ѵ-bm=oul-1bॕmķ
Ѵ-ou]-mb-1bॕm7;0;7;|;ulbm-uĹ
ĺ ot;v;--_-1;uĺ
ĺ ࣐u;1uvovv;u;t;ubu࢙mĺ
ĺ b࣐mv;u࢙u;vromv-0Ѵ;ĺ
ĺ ࢙m7ov;=bm-Ѵb-u࢙ĺ
ĺ ॕlov;;-Ѵ-u࢙mѴovu;vѴ|-7ovĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
f;lrѴo7;mo0f;ঞo7;Ѵ""r-u-;Ѵ";ub1bo7;";]ub7-7;vঞom-7-roum";1ub|r;u-ঞom
;m|;uŐ"őĺ
40