CONTROL
• A control is any measure or action that modifies risk. • Controls include any policy, procedure, practice, process, technology, technique, method, or device that modifies or manages risk. • Risk treatments become controls, or modify existing controls, once they have been implemented.
5.5.2 SELECT THE ORGANIZATION'S RISK TREATMENT OPTIONS
• Select the most appropriate risk treatment options. • Plan the implementation of the risk treatments.
AVOID
REDUCE
RISK
ACCEPT
TRANSFER
Made with FlippingBook - Share PDF online