Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

Structure of the Risk Treatment Plan

Hi friends, I have a doubt about the Risk Treatment Plan, How to structure it? For example, can I to organize the RTP according to risks? controls? assets? o according what? Which columns should have it? and which is the best way to do this document according the ISO? Thank you.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

ISO 27001 does not prescribe the structure of the Risk Treatment Plan, but if you follow the logic of clause 6.2, then you should include the following information: what to implement, by whom, when, using which resources, etc. You can see a preview of the Risk treatment plan here (look for the "Free Demo" tab): https://advisera.com/27001academy/documentation/risk-treatment-plan/

In my opinion, the best would be to organize the Risk treatment plan according to controls - first of all RTP is based on Statement of Applicability (which is also based on controls), and second the implementation will be much easier if the planning is done control by control.

Read also this article: Risk Treatment Plan and risk treatment process Whats the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community