Class: RiskTreatmentPlan
A risk treatment plan documenting planned actions to address identified risks through selected controls.
URI: iso27001:RiskTreatmentPlan
classDiagram
class RiskTreatmentPlan
click RiskTreatmentPlan href "../RiskTreatmentPlan/"
DocumentedInformation <|-- RiskTreatmentPlan
click DocumentedInformation href "../DocumentedInformation/"
RiskTreatmentPlan : approved_by
RiskTreatmentPlan : approved_date
RiskTreatmentPlan : author
RiskTreatmentPlan : classification
RiskTreatmentPlan : completion_date
RiskTreatmentPlan : controls_to_implement
RiskTreatmentPlan --> "*" SecurityControl : controls_to_implement
click SecurityControl href "../SecurityControl/"
RiskTreatmentPlan : created_date
RiskTreatmentPlan : description
RiskTreatmentPlan : document_reference
RiskTreatmentPlan : document_type
RiskTreatmentPlan --> "0..1" DocumentType : document_type
click DocumentType href "../DocumentType/"
RiskTreatmentPlan : effective_date
RiskTreatmentPlan : id
RiskTreatmentPlan : implementation_status
RiskTreatmentPlan --> "0..1" ImplementationStatus : implementation_status
click ImplementationStatus href "../ImplementationStatus/"
RiskTreatmentPlan : implementation_timeline
RiskTreatmentPlan : modified_date
RiskTreatmentPlan : name
RiskTreatmentPlan : owner
RiskTreatmentPlan : plan_scope
RiskTreatmentPlan : residual_risk_acceptance
RiskTreatmentPlan : resources_required
RiskTreatmentPlan : responsible_parties
RiskTreatmentPlan : retention_period
RiskTreatmentPlan : review_date
RiskTreatmentPlan : risk_owner_approval
RiskTreatmentPlan : risks_addressed
RiskTreatmentPlan --> "*" Risk : risks_addressed
click Risk href "../Risk/"
RiskTreatmentPlan : status
RiskTreatmentPlan : treatment_actions
RiskTreatmentPlan : version
Inheritance
- NamedEntity
- DocumentedInformation
- RiskTreatmentPlan
- DocumentedInformation
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| plan_scope | 0..1 String |
Scope of the plan | direct |
| risks_addressed | * Risk |
Risks addressed by this plan | direct |
| treatment_actions | * String |
Actions to be taken for treatment | direct |
| controls_to_implement | * SecurityControl |
Controls to be implemented as part of treatment | direct |
| resources_required | 0..1 String |
Resources required for implementation | direct |
| responsible_parties | * String |
Parties responsible for implementation | direct |
| implementation_timeline | 0..1 String |
Timeline for implementation | direct |
| risk_owner_approval | 0..1 String |
Risk owner who approved the plan | direct |
| approved_date | 0..1 Date |
Date when the risk treatment plan was approved | direct |
| residual_risk_acceptance | 0..1 String |
Documentation of residual risk acceptance | direct |
| implementation_status | 0..1 ImplementationStatus |
Current implementation status | direct |
| completion_date | 0..1 Date |
Date when implementation was completed | direct |
| document_type | 0..1 DocumentType |
Classification of the documented information | DocumentedInformation |
| document_reference | 0..1 String |
Unique reference number for document control | DocumentedInformation |
| author | 0..1 String |
Person who created the document | DocumentedInformation |
| owner | 0..1 String |
Person accountable for the document content and maintenance | DocumentedInformation |
| approved_by | 0..1 String |
Person who approved the document | DocumentedInformation |
| effective_date | 0..1 Date |
Date when the document becomes effective | DocumentedInformation |
| review_date | 0..1 Date |
Date when the document is due for review | DocumentedInformation |
| status | 0..1 String |
Current status of the document or entity | DocumentedInformation |
| classification | 0..1 String |
Information classification level | DocumentedInformation |
| retention_period | 0..1 DurationType |
Duration for which the document is retained | DocumentedInformation |
| id | 1 Uriorcurie |
Unique identifier for this entity instance | NamedEntity |
| name | 1 String |
Human-readable name or title | NamedEntity |
| description | 0..1 String |
Detailed description of the entity | NamedEntity |
| created_date | 0..1 Date |
Date when the entity was created | NamedEntity |
| modified_date | 0..1 Date |
Date when the entity was last modified | NamedEntity |
| version | 0..1 String |
Version identifier for the entity | NamedEntity |
Usages
| used by | used in | type | used |
|---|---|---|---|
| InformationSecurityManagementSystem | risk_treatment_plans | range | RiskTreatmentPlan |
| Risk | related_treatment_plan | range | RiskTreatmentPlan |
In Subsets
Comments
- Captures treatment execution plans with approval and acceptance metadata
- Supports implementation status and completion tracking
- Reference: ISO/IEC 27001:2022 Clause 6.1.3. ISO/IEC standards text is copyright ISO - not reproduced here.
Identifier and Mapping Information
Annotations
| property | value |
|---|---|
| iso27001_clause | 6.1.3 |
Schema Source
- from schema: https://w3id.org/lmodel/iso27001
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | iso27001:RiskTreatmentPlan |
| native | iso27001:RiskTreatmentPlan |
LinkML Source
Direct
name: RiskTreatmentPlan
annotations:
iso27001_clause:
tag: iso27001_clause
value: 6.1.3
description: A risk treatment plan documenting planned actions to address identified
risks through selected controls.
comments:
- Captures treatment execution plans with approval and acceptance metadata
- Supports implementation status and completion tracking
- 'Reference: ISO/IEC 27001:2022 Clause 6.1.3. ISO/IEC standards text is copyright
ISO - not reproduced here.'
in_subset:
- risk_management
- documented_information
from_schema: https://w3id.org/lmodel/iso27001
is_a: DocumentedInformation
slots:
- plan_scope
- risks_addressed
- treatment_actions
- controls_to_implement
- resources_required
- responsible_parties
- implementation_timeline
- risk_owner_approval
- approved_date
- residual_risk_acceptance
- implementation_status
- completion_date
slot_usage:
approved_date:
name: approved_date
description: Date when the risk treatment plan was approved.
Induced
name: RiskTreatmentPlan
annotations:
iso27001_clause:
tag: iso27001_clause
value: 6.1.3
description: A risk treatment plan documenting planned actions to address identified
risks through selected controls.
comments:
- Captures treatment execution plans with approval and acceptance metadata
- Supports implementation status and completion tracking
- 'Reference: ISO/IEC 27001:2022 Clause 6.1.3. ISO/IEC standards text is copyright
ISO - not reproduced here.'
in_subset:
- risk_management
- documented_information
from_schema: https://w3id.org/lmodel/iso27001
is_a: DocumentedInformation
slot_usage:
approved_date:
name: approved_date
description: Date when the risk treatment plan was approved.
attributes:
plan_scope:
name: plan_scope
description: Scope of the plan.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: plan_scope
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
range: string
risks_addressed:
name: risks_addressed
description: Risks addressed by this plan.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: risks_addressed
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
range: Risk
multivalued: true
treatment_actions:
name: treatment_actions
description: Actions to be taken for treatment.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: treatment_actions
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
range: string
multivalued: true
controls_to_implement:
name: controls_to_implement
description: Controls to be implemented as part of treatment.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: controls_to_implement
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
range: SecurityControl
multivalued: true
resources_required:
name: resources_required
description: Resources required for implementation.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: resources_required
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
- CorrectiveAction
range: string
responsible_parties:
name: responsible_parties
description: Parties responsible for implementation.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: responsible_parties
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
range: string
multivalued: true
implementation_timeline:
name: implementation_timeline
description: Timeline for implementation.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: implementation_timeline
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
range: string
risk_owner_approval:
name: risk_owner_approval
annotations:
iso27001_clause:
tag: iso27001_clause
value: 6.1.3 f)
description: Risk owner who approved the plan.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: risk_owner_approval
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
range: string
approved_date:
name: approved_date
description: Date when the risk treatment plan was approved.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: approved_date
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
- RiskTreatmentPlan
range: date
residual_risk_acceptance:
name: residual_risk_acceptance
annotations:
iso27001_clause:
tag: iso27001_clause
value: 6.1.3 f)
description: Documentation of residual risk acceptance.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: residual_risk_acceptance
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
range: string
implementation_status:
name: implementation_status
description: Current implementation status.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: implementation_status
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
- SoAEntry
- SecurityControl
range: ImplementationStatus
completion_date:
name: completion_date
description: Date when implementation was completed.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: completion_date
owner: RiskTreatmentPlan
domain_of:
- RiskTreatmentPlan
range: date
document_type:
name: document_type
description: Classification of the documented information.
in_subset:
- documented_information
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: document_type
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
range: DocumentType
document_reference:
name: document_reference
description: Unique reference number for document control.
comments:
- Per 7.5.2 a) identification and description
examples:
- value: ISMS-POL-001
- value: RA-2024-003
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: document_reference
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
range: string
author:
name: author
description: Person who created the document.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: author
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
range: string
owner:
name: owner
description: Person accountable for the document content and maintenance.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: owner
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
range: string
approved_by:
name: approved_by
description: Person who approved the document.
comments:
- Per 7.5.2 c) review and approval
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: approved_by
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
- StatementOfApplicability
range: string
effective_date:
name: effective_date
description: Date when the document becomes effective.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: effective_date
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
range: date
review_date:
name: review_date
description: Date when the document is due for review.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: review_date
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
- ManagementReview
range: date
status:
name: status
description: Current status of the document or entity.
comments:
- Examples include draft, approved, active, superseded, archived
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: status
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
- Nonconformity
- CorrectiveAction
- ImprovementOpportunity
range: string
classification:
name: classification
description: Information classification level.
comments:
- Per A.5.12, classification based on confidentiality, integrity, availability
examples:
- value: confidential
- value: internal
- value: public
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: classification
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
- Asset
range: string
retention_period:
name: retention_period
description: Duration for which the document is retained.
comments:
- Per 7.5.3 f) retention and disposition
- Use ISO 8601 duration notation such as P1Y or P90D
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: retention_period
owner: RiskTreatmentPlan
domain_of:
- DocumentedInformation
range: duration type
id:
name: id
description: Unique identifier for this entity instance.
comments:
- Should use consistent URI/CURIE format across the dataset
examples:
- value: iso27001:risk-001
- value: iso27001:control-5.1
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
identifier: true
alias: id
owner: RiskTreatmentPlan
domain_of:
- NamedEntity
range: uriorcurie
required: true
name:
name: name
description: Human-readable name or title.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: name
owner: RiskTreatmentPlan
domain_of:
- NamedEntity
range: string
required: true
description:
name: description
description: Detailed description of the entity.
comments:
- Should provide sufficient detail for understanding without external reference
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: description
owner: RiskTreatmentPlan
domain_of:
- NamedEntity
range: string
created_date:
name: created_date
description: Date when the entity was created.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: created_date
owner: RiskTreatmentPlan
domain_of:
- NamedEntity
range: date
modified_date:
name: modified_date
description: Date when the entity was last modified.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: modified_date
owner: RiskTreatmentPlan
domain_of:
- NamedEntity
range: date
version:
name: version
description: Version identifier for the entity.
comments:
- Supports document control requirements per 7.5.3 e)
examples:
- value: '1.0'
- value: 2.3.1
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: version
owner: RiskTreatmentPlan
domain_of:
- NamedEntity
range: string