Step 5 — Risk treatments
A risk treatment is the way in which you respond to a risk.
Options for risk treatments include:
- Share: if practical, share all or some of the risk with outsourced parties or insurers.
- Terminate: cease the activity altogether.
- Accept: this will require appropriate authority.
- Reduce: apply additional treatments until the risk is reduced to an acceptable level.
The way you treat a risk will depend on the outcome of your evaluation:
- Risks that are rated high or extreme require treatment to reduce risk to a more acceptable level. You may also choose to share or terminate the risk as long as that option will reduce the risk rating.
- Risks that are rated low or medium do not necessarily require further actions to reduce and are considered acceptable.
Risk treatment is a cyclical process:
- assess the risk
- decide whether the risk level is acceptable
- implement a treatment option
- conduct a second assessment to confirm that the treatment has reduced the risk to expected level. (This second evaluation is called the ‘target assessment’.)
A treatment that reduces the risk level may become a new control.
Reviewed 26 May 2020