Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Relationship between Risk Treatment Plan and SOA

I want to ask about implementation ISO/IEC 27001:2013. I don't understand about relationship between risk treatment plan and SOA. Can you explain to me? I need more knowledge.

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

Both concepts are related with the same thing: risks. Let me explain the relation:

What is the SOA? Is a document that includes the applicability of all controls (basically each control can apply or not)

What is the risk treatment? Basically is a plan that include actions to reduce risks.

The actions that you need to include in the risk treatment, are related to the security controls, but What security controls? Only the controls that apply to the organization, and What controls can apply? Depends on the SOA. So, in other words, the Risk Treatment Plan is the "implementation plan" for the Statement of Applicability.

Also you can read this article where you can find more information about this: https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community