When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to link risks, treatment objectives, controls, control attributes, owners, and evidence.
| Risk ID | Risk statement | Treatment objective | Selected control | Control type | Owner | Evidence | SoA reference | Status |
|---|---|---|---|---|---|---|---|---|
| R-001 | Reduce likelihood / impact / improve detection / recovery | Preventive / detective / corrective | ||||||
| R-002 |
- Template
- Risk
- Controls
- Soa
Note Metadata
Aliases: Risk and Control Mapping Table
Source: 90 Templates/Risk and Control Mapping Table.md
Related Notes
- Control Attributes and Risk Treatment Effects
- Statement of Applicability
- ISO 27001 A.5.7 - Threat Intelligence
- ISO 27001 A.5.8 - Information Security in Project Management
- ISO 27001 A.5.9 - Inventory of Information and Other Associated Assets
- ISMS Implementation Roadmap
- ISO 27005 Risk Management Guide
- ISO 27005 Risk Process Notes
- A.5 Controls Implementation Audit Risk Mapping
- ISO 27005 Knowledge Base
- Asset Threat Vulnerability Risk Control Evidence Data Model
- GRC Knowledge Model
- Risk Knowledge Base
- Threat Intelligence Register
- Templates MOC