The next feature is Infosec Risk Treatment Planning, conducted after the risk assessment to strategize the treatment of identified risks through the implementation of controls, such as policies and other measures. To create a risk treatment plan, follow these steps:
Navigate to the "Planning" menu. Hover over "Infosec Risk Treatment Planning" and click on "Create". Complete the form by selecting additional controls from the dropdown menus and resources dropdowns as below
-
RTP ID: This is a unique identifier for the Risk Treatment Plan (RTP) being prepared. It helps track and reference the plan when needed.
-
Date: Specify the date when the risk treatment plan is being created or documented.
-
Organizational Control Action Plan: Select the organisational control reference
-
People Control Action Plan: Select the people control reference
-
Physical Control Action Plan: Select the physical control reference
-
Technological Control Action Plan: Select the technical control reference
-
AssignedTo: Identify the individual or department accountable for the overall execution of the risk treatment plan.
-
Frequency of Review: Set a schedule for reviewing/ continuos implementation of the risk treatment plan.
Upon clicking submit, the system will generate a report recommending various action plans that you can implement to further mitigate the risks.
Verification of Risk Treatment Plans:
To verify the plan, Navigate to the "Planning" menu, Hover over "Infosec Risk Treatment Planning" and click on "Verify". A list of planned activities will be displayed and Select each activity one by one and click the "Verify" button
-
Verification Status: Indicate the status of the verification process for the risk treatment plans.
-
Completion Date: Specify the date when the verification process for the risk treatment plans was completed. This helps establish a timeline for assessing the effectiveness of the implemented measures.
-
Completed by: Identify the individual or team responsible for conducting the verification process. This field helps attribute accountability for the verification activities.
-
Comments/ Remarks: Provide any relevant comments or lessons learned during the verification process. This can include observations, feedback, or insights gained from evaluating the effectiveness of the risk treatment plans.
-
Attachment: If applicable, include any supporting documents or evidence related to the verification process. This can include reports, assessment findings, or other relevant materials.
The list will not clear, allowing you to come back and reverify periodically as part of the review process.
Risk Treatment Plan Report
To check the Risk Treatment Plan:
- Navigate to the "Planning" menu.
- Hover over "Infosec Risk Treatment Planning" and click on "Report".
- View all plans and their status of implementation in the generated report.
