Expert Advice Community

Guest

Risk treatment plan

  Quote
Guest
Lajvar Created:   Apr 29, 2024 Last commented:   May 06, 2024

Risk treatment plan


Is it necessary to implement a treatment plan for all identified risks, or is it only necessary to apply a treatment plan if a medium or high-risk is detected?

I am asking this question because in my risk assessment, all the residual risks are low, and according to my policy, only medium and high risks should receive a risk treatment plan. I want to know if it's appropriate to leave low risks without a risk treatment plan or if I should create one despite all risks being low.

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

Expert
Rhand Leal May 06, 2024

Thank you for your question.

We answered it through Experta - you can find the answer here: https://experta.com/shared-post/356983f7-e736-474d-b864-81cb855154a8

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 29, 2024

May 06, 2024

Suggested Topics

Guest user Created:   Apr 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan

Guest user Created:   Jan 21, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan