Removing approved risks in Conformio
Assign topic to the user
From your question I’m assuming you want to remove some threats and vulnerabilities associated with an asset once the risk assessment and treatment process is concluded.
It is not possible to remove threats or vulnerabilities, but it is possible to make the risk not relevant any more - for that purpose you have to enter the Risk Register, find the risk and decrease its likelihood and/or impact so that it becomes acceptable. Please note that this change will initiate changes in the Statement of Applicability and the Risk Treatment Plan, i.e. you will start a whole cycle of risk management. Therefore, we recommend these changes are made every 6 months.
In case the risk management process is not concluded, you can simply roll back the steps to eliminate/alter the risk.
Comment as guest or Sign in
Oct 07, 2021