Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is an ISO 27001 risk treatment plan?

An ISO 27001 risk treatment plan should be developed following a company’s completion of its risk assessment, documenting its actions to address each risk identified during the assessment process. When determining how to respond to an identified risk, companies typically select from options: acceptance, mitigation, transfer, and avoidance. 

A risk treatment plan will frequently contain the following elements: 

  • Summary of each of the identified risks
  • Responses designed for each risk 
  • Assigned owner to each identified risk, who is accountable for their respective risks
  • Designated risk mitigation activity owners, responsible for performing the tasks required to address the identified risks
  • Target completion date for risk treatment activities 

A company will subsequently determine which controls to implement to help address identified risks. Annex A of ISO 27001 provides an ideal starting point; it contains 114 controls, divided into 14 sections, each tailored to a specific aspect of information security. When selecting controls from Annex A, a company will want to begin filling out the Statement of Applicability (SoA), a list of all of the Annex A controls, including the justification for each control's inclusion or exclusion as part of the organization’s Information Security Management System (ISMS) implementation.

{{cta_withimage2="/cta-modules"}}

Additional resources you might like:

Compliance
Event
Fostering a culture of security in an AI world

Join our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Compliance
Event
Strategies for scaling your GRC program with automation and AI

As your business grows, there are increasing demands around GRC programs. Join us live, as we discuss what to consider when scaling your GRC program.

Security
Event
How Trust Centers Help Save Time and Accelerate Sales

Join us on October 3rd to discover how trust centers enhance customer confidence, streamline security processes, and drive sales growth, based on IDC’s latest research.

Additional resources you might like:

Compliance
Event
Fostering a culture of security in an AI world

Join our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Compliance
Event
Strategies for scaling your GRC program with automation and AI

As your business grows, there are increasing demands around GRC programs. Join us live, as we discuss what to consider when scaling your GRC program.

Security
Event
How Trust Centers Help Save Time and Accelerate Sales

Join us on October 3rd to discover how trust centers enhance customer confidence, streamline security processes, and drive sales growth, based on IDC’s latest research.

Compliance
Event
Streamline governance, risk, and compliance workflows and save hours

Join us to learn how Vanta can streamline governance, risk, and compliance workflows, automate control monitoring, and help your team save valuable time.

Compliance
Event
How to streamline ISO 27001 and SOC 2 compliance with automation

Join Vanta’s 45-minute live product demo to learn how Vanta can help you achieve security standards like ISO 27001 or SOC 2 move towards a state of continuous compliance.

Product updates
Blog
Vanta’s latest product capabilities accelerate compliance for startups

For startups, Vanta has what you need to get compliant fast and stay compliant with ease in one integrated platform.

Product updates
Event
The Future of GRC

Join our virtual event broadcast to hear product updates and renowned security experts on the future of GRC.

Compliance
Event
Save time on security reviews with Questionnaire Automation & Trust Center

Join us to learn how Questionnaire Automation & Trust Center help security teams with questionnaires.

HIPAA
Event
Choosing the right HITRUST certification level and streamlining implementation

As an authorized reseller, Vanta’s pre-built HITRUST solution natively includes the necessary controls, documents, and policies - eliminating the manual “do-it-yourself” approach that other platforms require. Curious to see this in action? Join Vanta and HITRUST for a live session!