Risk related to our building
Assign topic to the user
After the Risk Assessment you need to perform the Risk Treatment, and basically for each risk you have 4 options: a.- Apply security controls, b.- Transfer the risk to another party, c.- Avoid the risk by stopping an activity that is too risky, d.- Accept the risk (when the cost for mitigating the risk is higher that the damage itself). In accordance with the situation that you are described, the bes t option for your business is d. In this case, I recommend you to talk with Top Management, because they have to know this situation and they need to accept formally the risks.
Also I recommend you to read this article about the difference between the Risk Treatment Plan and the Risk Treatment process Risk Treatment Plan and Risk Treatment Process Whats the difference? : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
Comment as guest or Sign in
Jan 12, 2016