Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Events
Glossary
Guides and reports

Follow us

Linkedin iconFacebook icontwitter iconinstagram icon

What is an ISO 27001 risk treatment plan?

An ISO 27001 risk treatment plan should be developed following a company’s completion of its risk assessment, documenting its actions to address each risk identified during the assessment process. When determining how to respond to an identified risk, companies typically select from options: acceptance, mitigation, transfer, and avoidance. 

A risk treatment plan will frequently contain the following elements: 

  • Summary of each of the identified risks
  • Responses designed for each risk 
  • Assigned owner to each identified risk, who is accountable for their respective risks
  • Designated risk mitigation activity owners, responsible for performing the tasks required to address the identified risks
  • Target completion date for risk treatment activities 

A company will subsequently determine which controls to implement to help address identified risks. Annex A of ISO 27001 provides an ideal starting point; it contains 114 controls, divided into 14 sections, each tailored to a specific aspect of information security. When selecting controls from Annex A, a company will want to begin filling out the Statement of Applicability (SoA), a list of all of the Annex A controls, including the justification for each control's inclusion or exclusion as part of the organization’s Information Security Management System (ISMS) implementation.

{{cta_withimage2="/cta-modules"}}

Related Terms

Additional resources you might like:

Vendor Risk Management
Blog
Enhanced VRM solution unlocks how organizations manage, monitor, and maintain oversight of third-party risk

Vanta’s vendor risk management solution transforms vendor security from a manual checkbox exercise into an automated, continuous monitoring process.

Product updates
Vanta events | Vanta
Trust is a Team Sport

Join us on March 19th at 10 am PT for our upcoming virtual launch event! Jeremy Epling (CPO at Vanta) will introduce new product capabilities designed with teamwork in mind. Join us to see how Vanta can help you collaborate easily with your extended team of employees, vendors, auditors, and customers—and win together.

ISO 42001
Vanta events | Vanta
Compliance for AI in Europe: Preparing for Emerging AI Laws and Regulation

Join our webinar to explore how ISO 42001 and the EU AI Act help your company stay compliant, secure, and ahead of evolving AI regulations with expert insights and practical strategies.

Additional resources you might like:

Vendor Risk Management
Blog
Enhanced VRM solution unlocks how organizations manage, monitor, and maintain oversight of third-party risk

Vanta’s vendor risk management solution transforms vendor security from a manual checkbox exercise into an automated, continuous monitoring process.

Product updates
Vanta events | Vanta
Trust is a Team Sport

Join us on March 19th at 10 am PT for our upcoming virtual launch event! Jeremy Epling (CPO at Vanta) will introduce new product capabilities designed with teamwork in mind. Join us to see how Vanta can help you collaborate easily with your extended team of employees, vendors, auditors, and customers—and win together.

ISO 42001
Vanta events | Vanta
Compliance for AI in Europe: Preparing for Emerging AI Laws and Regulation

Join our webinar to explore how ISO 42001 and the EU AI Act help your company stay compliant, secure, and ahead of evolving AI regulations with expert insights and practical strategies.

ISO 27001
Vanta events | Vanta
Live Demo: Simplify ISO 27001 and SOC 2 compliance with Vanta

Join our live demo to see how Vanta automates up to 90% of your ISO 27001 and SOC 2 compliance work, saving you time and reducing manual effort.

Compliance
Vanta events | Vanta
Live Demo: Automate compliance to fuel your startup's growth

Join our 45-min live demo to discover how automating compliance can streamline processes, save time, and fuel your startup’s growth.

Compliance
Vanta events | Vanta
Live Demo: Automating security and compliance workflows

Join our product demo to discover how automation, continuous monitoring, and centralized workflows can streamline your GRC program, enhance control visibility, and improve vendor and buyer security management—all within a single platform.

GRC
Vanta events | Vanta
Unlocking the ROI of GRC: The Business Value of Vanta

Discover how Vanta empowers organizations to achieve exceptional results in their Governance, Risk, and Compliance (GRC) programs.

GRC
Vanta events | Vanta
AI & Security Maturity: Navigating Risks Across Every Stage with John Hammond & Vanta

Watch our on-demand webinar with John Hammond—cybersecurity researcher, practitioner, and content creator with nearly two million YouTube subscribers—and Matt Cooper, Vanta’s Director of GRC, for a fireside chat on AI, security maturity, and the top security risks in 2025.

Compliance
Vanta events | Vanta
Building Trust Beyond Compliance: A Continuous Approach to Security

Watch our special Ask Me Almost Anything (AMAA) session featuring Vanta CISO Jadee Hanson, along with Mandy Matthew, Senior Security Risk Program Manager at Duolingo, and Divya Singh, Senior Director of Compliance and Privacy at Chegg.

Get compliant and build trust—fast

Request a demo
G2 BadgeG2 BadgeG2 Badge