GlossaryFoundations

Risk Treatment

The step where an organization decides how to handle each assessed risk: reduce it, accept it, avoid the activity, or share it.

Risk treatment turns assessment results into decisions. For each significant risk the organization chooses an option: modify the risk by applying controls, retain it as an accepted risk, avoid it by not undertaking the activity, or share it through insurance or outsourcing.

In an ISMS, the controls chosen to modify risk are recorded in the Statement of Applicability, and a risk treatment plan tracks how and when each will be implemented.

Related frameworks

ISO 27001

Run BCMS, ISMS, DSMS, and AIMS as one system

Book a demo

Risk Treatment

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal

Risk Treatment

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal