We are working on the ISO 27001 documents we purchased from Advisera.
1. We are discussing the implementation steps and we are a bit confused about the Risk Treatment Implementation and the Risk Treatment Plan. Please what’s the difference between the two. When are the risks actually treated?
2. Also, what’s the difference between the risk treatment methodology and the risk treatment plan.