In the recent ISO22000 audit, our auditor suggested - "Site Security System Assessment is conducted to assess potential threats but without following the risk assessment methodology".
We already had monthly security assessment checklist. But auditor suggested the assessment shall be made based on RISK ASSESSMENT. Can anyone give me draft security risk assessment references