ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Could you explain essence and main differences between next tree documents?
Appendix_1_Risk_Assessment_Table_EN.xlsx, Appendix_2_Risk_Treatment_Table_EN.xlsx, and Risk_Treatment_Plan_EN.docx
Answer: Sure.
The Appendix_1_Risk_Assessment_Table_EN.xlsx is the document used to list all identified risks during the risk assessment and currently related implemented controls (when they exist).
The Appendix_2_Risk_Treatment_Table_EN.xlsx is the document used to select treatment options and controls.
Finally, the Risk_Treatment_Plan_EN.docx is the document where you list all the actions and resources needed to implement the treatment options identified on the Risk Treatment Table, as well as the respective deadlines and responsible people.
As you can see, from the Risk assessment table to the risk treatment table, the information becomes more focused on the risks that must be treated. You could have all this information on a single document, but this will make it more complex to handle.
By the way, included in the toolkit you bought you have access to video tutorials that will explain you about these documents and how to fill them in.
This article will provide you further explanation about risk treatment and risk treatmewnt plan:
- Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
Comment as guest or Sign in
Nov 12, 2017