A document that outlines the organisation's risk management process. This plan should show how to identify the organisation’s risks, assess their likelihood and impact, and outline mitigation strategies.
What is risk management, and how can companies identify risks?
How to set up a risk management process and improve information security