top of page

The SRMBOK Risk Treatment Schedule template is an editable MS Word document based on template 13.4 from the Security Risk Management Body of Knowledge (SRMBOK). It is a variation on template 13.3, which some organizations may prefer.

 

Overview

 

The Risk Treatment Schedule template is designed to systematically document and manage risks identified during an assessment. Each risk is listed in priority order, with corresponding treatment plans, residual risks, responsibilities, timelines, and monitoring procedures. This ensures a structured approach to risk management, promoting accountability and effective monitoring.

 

Columns and Instructions

 

  • Risks (in priority order)

    • Purpose: To list the risks identified during the assessment in order of priority.
    • Guidance: Begin with the highest priority risk and proceed to lower priority risks. Each risk should be described clearly and concisely. Consider using risk assessment results to determine the priority order.
    • Example: "Unauthorized access to sensitive areas."
  • Risk treatments

    • Purpose: To outline the strategies or actions to mitigate each identified risk.
    • Guidance: For each risk listed, describe the specific treatment or control measures that will be implemented to reduce or eliminate the risk. Ensure the treatments are practical and achievable.
    • Example: "Install biometric access controls and enhance physical security measures."
  • Residual risk

    • Purpose: To estimate the level of risk remaining after the implementation of risk treatments.
    • Guidance: Assess the effectiveness of the risk treatments and determine the residual risk. This should be done using the same criteria as the initial risk assessment. Document any remaining risk and its potential impact.
    • Example: "Moderate risk of unauthorized access due to potential technical failures."
  • Person responsible for implementation

    • Purpose: To assign accountability for the implementation of each risk treatment.
    • Guidance: Identify the individual or team responsible for executing the risk treatment plan. Ensure that the person responsible has the authority and resources necessary to implement the treatments.
    • Example: "John Smith, Head of Security."
  • Date/time for implementation

    • Purpose: To set a deadline for the implementation of each risk treatment.
    • Guidance: Specify the date and, if relevant, the time by which each risk treatment should be completed. This helps to ensure timely action and facilitates progress tracking.
    • Example: "30th September 2024."
  • How will risk and the treatment be monitored?

    • Purpose: To outline the methods and frequency of monitoring the risks and the effectiveness of the treatments.
    • Guidance: Describe the processes and tools that will be used to monitor both the risk and the effectiveness of the treatment over time. Include details on reporting mechanisms, review schedules, and any key performance indicators (KPIs) that will be tracked.
    • Example: "Weekly security audits and quarterly review meetings. Monitor access logs and incident reports."

 

Additional Notes

 

  • Date of assessment: Ensure to document the date when the risk assessment was conducted.
  • Compiled by: Record the name of the individual who compiled the risk treatment schedule.
  • Reviewed by: Include the name of the individual who reviewed the schedule for accuracy and completeness.

 

Reference

 

For additional guidance on risk treatment and management, refer to the SRMBOK Guides and Templates available at www.srmbok.com.

SRMBOK Template 13.4 Risk Treatment Schedule

0,00$Precio
Impuesto incluido