Alternative options for treating unacceptable risks
Assign topic to the user
Answer: Basically, when treating the risks you have these 4 options: (1) reducing the risk by applying controls, (2) accepting the risk, (3) transferring the risk to third parties, and (4) avoiding the risk.
So you have already tried the option (1), and you can try also options (3) and (4) before you accept the risk. So perhaps you can get an insurance policy for your assets or transfer the risk to your supplier? Or you can stop doing the activity altogether?
See this article for more help: Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
Comment as guest or Sign in
Apr 25, 2016