| 1. Risk Treatment is the selection and implementation of appropriate options for dealing with risk.
The options for the Risk Treatment includes :
Note (2): Often, there will be residual risk which cannot be removed totally as it is not cost-effective to do so, hence, the acceptance of risk.
Note (3): Risk Acceptance is sometimes referred to as Risk Tolerance.
Note (4): The highest rated risks should be addressed as a matter of urgency
2. Process of selection and implementation of measures to modify risk.
Notes (1) : The term “risk treatment” is sometimes used for the measures themselves.
Notes (2) : Risk treatment measures can include avoiding, optimizing, transferring or retaining risk.
(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.42
4. The selection and implementation of appropriate options for dealing with risk.
(Source: Singapore Standard 540 - SS 540:2008)
|5. The selection and implementation of relevant options for managing risk. The key treatments include:
(Source: Business Continuity Institute - BCI)
6. A systematic process of deciding which risks can be eliminated or reduced by remedial action and which must be tolerated.
(Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary)