Skip to content
Log in

Risk treatment plan

Definition

A document that records, for each identified risk, the chosen treatment option (accept, avoid, transfer, or reduce), the specific controls selected to reduce it, the asset owner responsible, and the target completion date. It is the direct input to the SoA.

Related terms

Annex A
The normative annex to ISO/IEC 27001 that lists 93 information security controls across four themes: organisational (37 controls), people (8), physical (14),...
Continual improvement
The ISO/IEC 27001 requirement (clause 10) that the organisation must actively improve the suitability, adequacy, and effectiveness of the ISMS over time....
ISMS scope
The explicit boundaries of the management system: which organisational units, sites, processes, and information assets are covered. Defined under ISO/IEC 27001 clause...
Management review
The annual governance meeting required under ISO 17025 Clause 8.9, at which laboratory management reviews the aggregated quality performance data (PT results,...
Statement of Applicability (SoA)
A mandatory document listing every ISO/IEC 27001 Annex A control with a statement of whether it is included or excluded, the justification...

Explained in

  • Designing and Implementing an ISMSA document that records, for each identified risk, the chosen treatment option (accept, avoid, transfer, or reduce), the specific controls selected to reduce i...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account