IS.D.OR.210 Information security risk treatment

• Regulation (EU) 2022/1645 found in: Information Security (No 2023/203 and 2022/1645) Part-IS (Jun 2024)

IS.D.OR.210 Information security risk treatment Regulation (EU) 2022/1645 (a)     The organisation shall develop measures to address unacceptable risks identified in accordance with point [IS.D.OR.205](#_DxCrossRefBm1193569684), implement them in a timely manner and check their continued effectiveness. Those measures shall enable the organisation to: (1)     control the circumstances that contribute to the effective occurrence of the threat scenario; (2)     reduce the consequences on aviation safety associated with the materialisation of the threat scenario; (3)     avoid the risks. Those measures shall not introduce any new potential unacceptable risks to aviation safety. (b)     The person referred to in point [IS.D.OR.240](#_DxCrossRefBm1193569689)(a) and (b) and other affected personnel of the organisation shall be informed of the outcome of the risk assessment carried out in accordance with point [IS.D.OR.205](#_DxCrossRefBm1193569684), the corresponding threat scenarios and the measures to be implemented. The organisation shall also inform organisations with which it has an interface in accordance with point [IS.D.OR.205](#_DxCrossRefBm1193569684)(b) of any risk shared between both organisations.