The Basics of a Risk Treatment Plan

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

A risk treatment plan (RTP) is an essential part of an organization’s InfoSec program. In fact, ISO 27001 requires an RTP while SOC 2 and other frameworks ask for similar documentation. 

A solid risk assessment and risk treatment process produce a stable InfoSec program. It’s like spending money on an alarm system and only protecting half your doors. Or buying a security camera and pointing it at the wall. Your risk assessment tells you where your risks are so you can protect them and mitigate them. It can also help you save money by not spending on protection mechanisms you don’t need. 

So let’s look at the bigger picture and explore risk treatment plans. 

What Is Risk Management?

Risk management is the identification, evaluation, and prioritization of risks. Followed by the coordinated and economical application of resources to minimize, monitor and control the probability or impact of unfortunate events. 

See, during a risk assessment, you identify your risks and determine the potential impact they could

Read the article