Risk and Treatment with ISMS.online
Inside the risk register and treatment plan
The risk bank contains a number of risks that are easy to adopt, adapt and add to your plan. At this stage, you will have done your 4.1, 4.2, 4.3 and identified your own internal and external issues, your scope and interested parties from that. All of which factors into the risk.
The input area on the left is simple to follow. Thetable at the bottom automatically builds as your risks appear. If you select a risk from the risk map on the right it will display the details in the input area. This includes threat and consequences. The level that you would want to get to is where you are tolerating your residual risk, by managing and treating them. Each risk should have an owner and a due date based on the risk’s position in the risk map.
Down the table will show you how you are treating the risk. We provide you with examples in the risk bank ofthat will help you around the risk that you have identified, but you might also choose to add additional and treat the risk outside of Annex A. So you might task and document in this area about how you are dealing with the risk. Really good practice is to link it back to the Annex A controls. Your auditor will be expecting to see and understand that you are doing that.