In the context of security and privacy, ‘Risk management plans’ refers to the process of identifying risks, assessing their potential impact and plan responses with appropriate technical and organisational measures. Based on the latest technological developments, these measures must ensure that the level of security is commensurate with the degree of the risk.

Reference Doc: Revised EIF