Expert Advice Community

Guest

Risk Treatment Implementation and Risk Treatment Plan

  Quote
Guest
Guest user Created:   Jun 17, 2020 Last commented:   Jun 17, 2020

Risk Treatment Implementation and Risk Treatment Plan

We are working on the ISO 27001 documents we purchased from Advisera.

1. We are discussing the implementation steps and we are a bit confused about the Risk Treatment Implementation and the Risk Treatment Plan. Please what’s the difference between the two. When are the risks actually treated?

2. Also, what’s the difference between the risk treatment methodology and the risk treatment plan.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 17, 2020

1. We are discussing the implementation steps and we are a bit confused about the Risk Treatment Implementation and the Risk Treatment Plan. Please what’s the difference between the two. When are the risks actually treated?

In the risk treatment implementation, you need to define what to do with risks (e.g., risk mitigation, risk avoidance, risk acceptance, and risk transfer), while in the Risk Treatment Plan you define the actions, responsible, and deadlines to implement the chosen option. For example:

  • Risk: information loss due to virus
  • Risk Treatment: mitigate the risk
  • Risk treatment plan: The IT manager must develop and implement a backup policy in the following 90 days.

These articles will provide you a further explanation about risk treatment and risk treatment plan:

2. Also, what’s the difference between the risk treatment methodology and the risk treatment plan?

The risk treatment methodology refers to the rules (e.g., steps and criteria) to be followed when performing the risk treatment, while the Risk Treatment Plan is one of the outputs of the risk assessment and risk treatment process as a whole (together with the Statement of Applicability). Please note that the most common reference you will find is about the Risk Assessment and Risk Treatment Methodology because ISO 27001 requires the definition of processes for both risk assessment and risk treatment.

These articles will provide you a further explanation about risk management process and risk treatment methodology:

These materials will also help you regarding risk management:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jun 17, 2020

Jun 17, 2020

Suggested Topics