Risk treatment options
Do we need to specify the treatment control for transferring risk to third party.
Assign topic to the user
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now 
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now
Please note that "risk transfer" is the general approach to treat risk, and according to ISO 27001 you need to specify which controls you will apply to implement this option (e.g. controls from section A.15 for suppliers and control A.13.2.2 Agreements on information transfer for third parties in general).
These articles will provide you a further explanation about risk treatment:
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
This material will also help you regarding risk treatment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Jul 02, 2020