The number of organisations with an ISO 27001 certification rose 22% in 2020. This was the second-highest rate of increase among ISO standards.
ISO 27001 compliance helps your organisation implement and coordinate an information security management system. The multi-step process involves assessing risks, choosing risk treatment, and implementing risk treatment controls.
A risk treatment plan is a fundamental part of the ISO 27001 process. It's critical to keep your assets secure. It's also an essential factor in getting certification.
Read on to learn more about a risk treatment plan and how to develop the right plan for your organisation.
In this article
- What is a Risk Treatment Plan?
- How does a Risk Treatment Plan fit into ISO 27001?
- Which risks need a Risk Treatment Plan?
- What does an ISO 27001 Risk Treatment Plan include?
- ISO 27001 Controls for Risk Treatment
- ISO 27001 Annex A and ISO 27002 for your Risk Treatment Plan
- Considerations when making a Risk Treatment Plan
- Implementing the security controls
- Measuring the effectiveness of controls
- Your Risk Treatment Plan and ISO 27001 Certification