Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Events
Glossary
Guides and reports

Follow us

Linkedin iconFacebook icon

What is an ISO 27001 risk treatment plan?

An ISO 27001 risk treatment plan should be developed following a company’s completion of its risk assessment, documenting its actions to address each risk identified during the assessment process. When determining how to respond to an identified risk, companies typically select from options: acceptance, mitigation, transfer, and avoidance. 

A risk treatment plan will frequently contain the following elements: 

  • Summary of each of the identified risks
  • Responses designed for each risk 
  • Assigned owner to each identified risk, who is accountable for their respective risks
  • Designated risk mitigation activity owners, responsible for performing the tasks required to address the identified risks
  • Target completion date for risk treatment activities 

A company will subsequently determine which controls to implement to help address identified risks. Annex A of ISO 27001 provides an ideal starting point; it contains 114 controls, divided into 14 sections, each tailored to a specific aspect of information security. When selecting controls from Annex A, a company will want to begin filling out the Statement of Applicability (SoA), a list of all of the Annex A controls, including the justification for each control's inclusion or exclusion as part of the organization’s Information Security Management System (ISMS) implementation.

{{cta_withimage2="/cta-modules"}}

Related Terms

Additional resources you might like:

Compliance
Event
Simplify Compliance and Enhance Your Customer’s Trust

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo where you’ll learn how Vanta goes beyond compliance to enhance your overall security and trust management.

Compliance
Event
State of Trust in AI

Join us, live, for a fireside chat with three leading AI companies, Factory, avoMD, and Stravito, where their leaders will discuss how their organizations leverage security best-practices and compliance with AI frameworks.

Compliance
Blog
How to scale your GRC program with automation

Manual GRC processes aren’t sustainable for growing businesses. That’s where GRC automation comes in. Read more.

Additional resources you might like:

Compliance
Event
Simplify Compliance and Enhance Your Customer’s Trust

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo where you’ll learn how Vanta goes beyond compliance to enhance your overall security and trust management.

Compliance
Event
State of Trust in AI

Join us, live, for a fireside chat with three leading AI companies, Factory, avoMD, and Stravito, where their leaders will discuss how their organizations leverage security best-practices and compliance with AI frameworks.

Compliance
Blog
How to scale your GRC program with automation

Manual GRC processes aren’t sustainable for growing businesses. That’s where GRC automation comes in. Read more.

Compliance
Blog
3 trends shaping the future of GRC and how to adapt today

Managing GRC today still requires a ton of manual work—but it doesn’t have to. Find how the future of GRC is evolving and how you can adapt today.

Compliance
Event
Audit Prep Excellence: Your Path to Success

Join our interactive webinar featuring experts in compliance auditing for a live Q&A session. We'll dive into essential tips for preparing for various compliance audits, guide you through the nuances of both ISO 27001 and SOC 2 standards, and discuss best practices for maintaining continuous compliance.

Product updates
Event
What's New in Vanta: July

Are you curious about new Vanta features? Join Vanta's 'What's New in Vanta' webinar to discover new features and enhancements. Register now!

Compliance
Event
How Fireant Achieved ISO 27001 Compliance Fast & Secured Government Business

Join Vanta and FireAnt as we demystify the compliance journey. We will explore how FireAnt, a Sydney-based software provider, leveraged Vanta’s automation to streamline their ISO 27001 certification process and unlock new business opportunities.

Compliance
Event
How to Automate ISO 27001 & SOC 2 Compliance

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
How to Automate SOC 2 & ISO 27001 Compliance

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo on July 9th at 11 am PST. Two of our team members will walk you through the platform and answer your questions in real time.

Get compliant and build trust—fast

Request a demo
G2 BadgeG2 BadgeG2 Badge