Create a Risk Treatment Plan
Navigate to the Risk Treatment from the left navigation. This is your hub for managing all treatment plans.
Click the Create a Risk Treatment Plan button.
Select a Group for which you want to create a Risk Treatment plan.
Click the What If Analysis button.
Scroll down to the control list of findings list.
Apply filters to the controls list or findings list based on your requirements.
Select the Controls/Findings by marking the checkboxes available against them.
Change the Target Maturity/Target Status as per your requirement.
Please review the changes you made to the Likelihood, Loss Magnitude, and ALE for the Maturity/Status.
Adjust the Target Maturity/Target Status till you achieve the desired reduction in Likelihood, Loss Magnitude, and ALE.
Click the Save as a Treatment Plan button.
Enter a name for the plan and click the Create button. The system redirects you to the plan details page.
Click the Edit button and add other details such as Treatment Type, Priority, Owner Email, Assignee Email, Start Date, End Date, and Rationale.
Click the Save button.
Important: If SAFE is integrated with the ServiceNow ITSM platform, you can directly create a ServiceNow ticket for a Risk Treatment Plan—streamlining the remediation workflow and ensuring seamless task tracking.
Monitor Progress
Use the Risk Treatment Trend timeline graph on the Risk Treatment page to track the risk burn-down progress.
Use Cases
Strategic Planning: Focuses on improving major controls like WAF and MFA for long-term risk reduction. Use this approach to allocate budgets effectively.
Tactical Operations: Prioritize specific vulnerabilities for immediate action and risk mitigation.