Expert Advice Community

Guest

Risk treatment plan

  Quote
Guest
John O'Doneely Created:   Apr 17, 2020 Last commented:   Apr 21, 2020

Risk treatment plan

 If we have identified a control in the SoA that is a legal requirement or a management decision to implement, can I document the associqated tasks in the RTP or should I create a seperate spreadsheet to handle these?

 

 

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

Expert
Rhand Leal Apr 21, 2020

ISO 27001 does not prescribe how to document the Risk Treatment Plan, so both approaches (single or separated plans) are acceptable for certification purposes. You can keep all tasks related to risk treatment plan in a single document. 

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 17, 2020

Apr 21, 2020

Suggested Topics

Guest user Created:   Apr 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan

Guest user Created:   Jan 21, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan