Mitigation
The mitigation step identifies and implements detailed action plans to manage the potential impact of risks.
1. Overview
The primary objective of this step is to build action plans for identified risks. Action plans should minimize Threats and maximize Opportunities:
- A risk can have multiple action plans
- A single action plan can address multiple risks
- An action plan can be a new action or an existing control/procedure
- Be updated and kept current by the Action Owner for review
As action plans are established/reviewed and the current score is updated by the Risk Owner, it is worth circling back and checking the target score remains appropriate.