Hi, I'm not clear on why we would use 2 different documents for how we treat a risk identified and using the corrective action form. Can you give me examples so I can see the difference when they're used?
Risk Treatment Plan and Corrective Actions fulfill different purposes and requirements, that's why we provide different documents.
You use the Risk Treatment Plan to define actions to treat risks, i.e, actions to prevent them to happen, or to minimize their impact in case they occur.
On the other hand, you use Corrective actions to treat controls or processes that failed to fulfill their objectives, or are not performing as planned.
For example, to treat a risk of data loss you can define the implementation of a backup process in the Risk Treatment Plan.
Now consider that this backup process is implemented, and it was identified that for some reason the backup was not performed as scheduled, or that the process has failed (in both situations the original data wasn't lost). To treat this situation you have to open a Correcti ve Action.