What steps should I follow to determine the information security risk treatment plan?
Assign topic to the user
ISO 27001 does not prescribe how to develop the information security risk treatment plan, but as good practice, you should consider these steps:
- definition of security controls to be implemented
- who is responsible for implementing them
- what are the deadlines for the implementation
- which resources are needed (i.e. financial and human)
- how the results will be evaluated
To see how a risk treatment plan looks like, please access the free demo of our Risk Treatment Plan at this link: https://advisera.com/27001academy/documentation/risk-treatment-plan/
This article will provide you further explanation about the risk treatment plan:
- Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
Comment as guest or Sign in
Feb 04, 2021