Guest user Created: Mar 06, 2018 Last commented: Mar 06, 2018

Risk treatment plan

I have finished doing your e-learning course on 27001 Internal auditor and am still not sure if you need to include the treatment of all risks in the Risk Treatment Plan or just those for the risks that you have evaluated as unacceptable? Can you help ?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 06, 2018

Answer: The Risk Treatment Plan must include actions only to:
- treat risks evaluated as unacceptable (as result of risk assessment)
- improve the performance of already existing controls (based on a top management decision)

This article will provide you further explanation about risk treatment plan:
- Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment

These materials will also help you regarding risk treatment plan:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 06, 2018

Expert Advice Community