Risk treatment plan
If we have identified a control in the SoA that is a legal requirement or a management decision to implement, can I document the associqated tasks in the RTP or should I create a seperate spreadsheet to handle these?
Assign topic to the user
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now 
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now
ISO 27001 does not prescribe how to document the Risk Treatment Plan, so both approaches (single or separated plans) are acceptable for certification purposes. You can keep all tasks related to risk treatment plan in a single document.
For further information, see:
- Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Apr 21, 2020