Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is an ISO 27001 risk treatment plan?

An ISO 27001 risk treatment plan should be developed following a company’s completion of its risk assessment, documenting its actions to address each risk identified during the assessment process. When determining how to respond to an identified risk, companies typically select from options: acceptance, mitigation, transfer, and avoidance. 


A risk treatment plan will frequently contain the following elements: 

  • Summary of each of the identified risks
  • Responses designed for each risk 
  • Assigned owner to each identified risk, who is accountable for their respective risks
  • Designated risk mitigation activity owners, responsible for performing the tasks required to address the identified risks
  • Target completion date for risk treatment activities 


A company will subsequently determine which controls to implement to help address identified risks. Annex A of ISO 27001 provides an ideal starting point; it contains 114 controls, divided into 14 sections, each tailored to a specific aspect of information security. When selecting controls from Annex A, a company will want to begin filling out the Statement of Applicability (SoA), a list of all of the Annex A controls, including the justification for each control's inclusion or exclusion as part of the organization’s Information Security Management System (ISMS) implementation.

Additional resources you might like:

Product updates
Blog
Introducing new products to secure and accelerate an AI-powered future

Today we’re excited to announce new and upcoming product capabilities that empower you to accelerate innovation and strengthen security in an increasingly AI-driven world.

Compliance
Event
Leverage Security and Compliance to Win Over Prospects

Curious about how security and compliance can help you build trust and win over prospects? On December 13th at 8:30am PST / 4:30pm GMT, join our AMAA

Product updates
Blog
New in Vanta | October 2023

This past month, we announced the single destination to showcase your security posture, Vanta Trust Center, 19 new integrations, Private links for Vendor Risk Management, and more.

Get compliant and
build trust, fast.