Guest user Created: Apr 25, 2016 Last commented: Apr 25, 2016

Alternative options for treating unacceptable risks

In the case of simple Risk assessment where Risk Score is computed by adding impact and likelihood, it may happen that (implemented or to-be-implemented) controls reduce the likelihood but not the impact. If the Risk score is above the acceptable level of risk, what actions could be taken please other than accepting the risk?

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Apr 25, 2016

Answer: Basically, when treating the risks you have these 4 options: (1) reducing the risk by applying controls, (2) accepting the risk, (3) transferring the risk to third parties, and (4) avoiding the risk.

So you have already tried the option (1), and you can try also options (3) and (4) before you accept the risk. So perhaps you can get an insurance policy for your assets or transfer the risk to your supplier? Or you can stop doing the activity altogether?

See this article for more help: Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 25, 2016

Expert Advice Community