Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is an ISO 27001 risk treatment plan?

An ISO 27001 risk treatment plan should be developed following a company’s completion of its risk assessment, documenting its actions to address each risk identified during the assessment process. When determining how to respond to an identified risk, companies typically select from options: acceptance, mitigation, transfer, and avoidance. 

A risk treatment plan will frequently contain the following elements: 

  • Summary of each of the identified risks
  • Responses designed for each risk 
  • Assigned owner to each identified risk, who is accountable for their respective risks
  • Designated risk mitigation activity owners, responsible for performing the tasks required to address the identified risks
  • Target completion date for risk treatment activities 

A company will subsequently determine which controls to implement to help address identified risks. Annex A of ISO 27001 provides an ideal starting point; it contains 114 controls, divided into 14 sections, each tailored to a specific aspect of information security. When selecting controls from Annex A, a company will want to begin filling out the Statement of Applicability (SoA), a list of all of the Annex A controls, including the justification for each control's inclusion or exclusion as part of the organization’s Information Security Management System (ISMS) implementation.

{{cta_withimage2="/cta-modules"}}

Additional resources you might like:

SOC 2
Vanta events | Vanta
Live Demo: Automating Compliance for SOC 2, ISO 27001, and More

Discover how automation can transform your compliance efforts into a streamlined, efficient process. Join the live demo to see it in action and get your compliance questions answered.

Compliance
Vanta events | Vanta
Demystifying the EU AI Act

Discover how Vanta can streamline your journey through this new regulatory landscape, ensuring your AI operations are secure and future-ready.

Compliance
Blog
The founders guide to accelerating growth with compliance in ANZ

Proactively investing in security compliance can help ANZ startups unlock bigger deals and build trust with customers long before compliance becomes mandatory.

Additional resources you might like:

SOC 2
Vanta events | Vanta
Live Demo: Automating Compliance for SOC 2, ISO 27001, and More

Discover how automation can transform your compliance efforts into a streamlined, efficient process. Join the live demo to see it in action and get your compliance questions answered.

Compliance
Vanta events | Vanta
Demystifying the EU AI Act

Discover how Vanta can streamline your journey through this new regulatory landscape, ensuring your AI operations are secure and future-ready.

Compliance
Blog
The founders guide to accelerating growth with compliance in ANZ

Proactively investing in security compliance can help ANZ startups unlock bigger deals and build trust with customers long before compliance becomes mandatory.

Compliance
Vanta events | Vanta
Live Demo: Automating Compliance for ISO 27001, GDPR and more with Vanta

Unlock the power of automated compliance and streamlined security workflows—join our live demo to see how Vanta can save you time, money, and help build trust with your customers.

Compliance
Vanta events | Vanta
Live Demo: Automating Compliance for SOC 2, ISO 27001, HIPAA, and More

Discover how Vanta’s automation tools can simplify compliance for SOC 2, ISO 27001, HIPAA, and more, helping you build a stronger security foundation with ease.

Compliance
Vanta events | Vanta
Live Demo: Simplify ISO 27001 and SOC 2 Compliance to Fuel Growth

See how Vanta can simplify and automate your compliance efforts, helping you scale your business while building trust with customers!

Product updates
Vanta events | Vanta
Trust is a Team Sport

Jeremy Epling (CPO at Vanta) introduces new product capabilities designed with teamwork in mind. Watch to see how Vanta can help you collaborate easily with your extended team of employees, vendors, auditors, and customers—and win together.

Compliance
Vanta events | Vanta
Live Demo: Automate compliance to fuel your startup's growth

Discover how automating compliance can streamline processes, save time, and fuel your startup’s growth.

Vendor Risk Management
Blog
Enhanced VRM solution unlocks how organizations manage, monitor, and maintain oversight of third-party risk

Vanta’s vendor risk management solution transforms vendor security from a manual checkbox exercise into an automated, continuous monitoring process.