Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

Expert Advice Community

Home / ISO 27001 & 22301 / Controls in Risk Treatment Plan

Guest

Controls in Risk Treatment Plan

ISO 27001 & 22301
  Quote
Guest
Guest post Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Controls in Risk Treatment Plan

ISO 27001 & 22301
Hi friends, I have a doubt, if in the risk assessment I identified that the organization already implemented a control of the ISO 27002; is necessary to include that control in the Risk Treatment Plan?? Thank you. Best regards
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
AntonioS Jan 12, 2016

In the risk assessment, the important is the acceptable level of risk (and remember that in a risk assessment asset-based it is related with each asset). If the risk is above of the acceptable level, then you need to reduce it with security controls in the Risk Assessment Plan, if not, it is not necessary. And the Risk Treatment Plan will have all controls that you need to reduce the risks identified in the risk assessment.

For more information about the risk assessment & treatment, please read this article "ISO 27001 risk assessment & treatment - 6 basic steps": https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   May 01, 2017 ISO 27001 & 22301
Replies: 1
0 0

Control mapping
Evelin Created:   Jun 12, 2024 ISO 27001 & 22301
Replies: 3
0 0

How comprehensive and specific should we describe the implementation methods in SoA?
Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 1

ISO 27001 Internal Audits