Are you looking for product guides, support articles and setup instructions?

The Basics of a Risk Treatment Plan

elizabeth_sande Tugboat Employee Tugboat Team

A risk treatment plan (RTP) is an essential part of an organization’s InfoSec program. In fact, ISO 27001 requires an RTP while SOC 2 and other frameworks ask for similar documentation. 

A solid risk assessment and risk treatment process produce a stable InfoSec program. It’s like spending money on an alarm system and only protecting half your doors. Or buying a security camera and pointing it at the wall. Your risk assessment tells you where your risks are so you can protect them and mitigate them. It can also help you save money by not spending on protection mechanisms you don’t need. 

So let’s look at the bigger picture and explore risk treatment plans. 

Read the entire blog here