Loading
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Create a Risk Treatment Plan for IT Compliance

            You are here:

            1. Salesforce Help
            2. Docs
            3. Agentforce IT Service

            Create a Risk Treatment Plan for IT Compliance

            Decide how your team will respond to a risk and put a plan in motion. Create a treatment plan to attach an Action Plan Template, kicking off the tasks your team needs to mitigate, accept, transfer, or avoid the risk.

            Required Editions

            Available in: Lightning Experience
            Available in: Enterprise, Performance, and Unlimited Editions with Agentforce IT Service.
            User Permissions Needed
            To create a risk treatment plan: Compliance Admin permission set

            A risk treatment plan records the strategy your organization is taking on a specific risk and attaches the Action Plan Template that drives the work. The template you choose determines whether the plan generates tasks focused on implementing controls (Mitigate), formalizing acceptance (Accept), shifting the burden to a vendor or insurer (Transfer), or eliminating the activity altogether (Avoid).

            Create a treatment plan from a Risk record when you want a long-running strategy for the risk overall, or from a Risk Evaluation when you want a remediation plan tied to a specific evaluation cycle. When Continuous Evaluation is turned on, the AI agent also attaches the published mitigate action plan template to evaluations it suggests as Mitigate, so your team can review and confirm the generated tasks instead of building the plan from scratch.

            1. From App Launcher, go to the IT Compliance app and select Risks. Open the record you want to attach the plan to:
              • From a Risk record, go to the Tasks tab and click New Plan.
              • From a Risk Evaluation record, go to the Treatment Plan tab and click Add Treatment Plan.
            2. Fill in the treatment plan details:
              • Action Plan Template. Select one of the out-of-the-box Compliance templates (Mitigate, Accept, Transfer, or Avoid), or a custom template your admin has published.
              • Plan Name. A short label that identifies the plan, including the strategy and what it covers.
              • Owner. The person or team accountable for executing the plan.
              • Start Date. The date when work on the plan begins.
            3. Save your changes.

              The plan attaches to the record and the template's tasks are created automatically. Each task can be assigned, tracked, and closed from the plan record. As tasks are completed and controls get implemented, the residual risk score updates on the next evaluation to reflect the new posture.

            Example: mitigate plan for the North America Sales phishing risk
            Example: mitigate plan for the North America Sales phishing risk

            Suppose your compliance team has registered a Phishing Attack risk for the North America Sales business unit, mapped the mitigating controls, and run an evaluation. The residual risk score still indicates further action is needed, so they create a treatment plan to drive the remediation work:

            • Action Plan Template: Mitigate.
            • Plan Name: Mitigate Phishing — North America Sales (Q1 2026).
            • Owner: Jordan Kim, CISO for North America.
            • Start Date: Apr 1, 2026.

            As tasks are completed, the residual risk score on the parent evaluation reflects the new posture.

             
            Loading
            Salesforce Help | Article