A risk action plan is a document that outlines the actions to be taken to mitigate or avoid a risk. A risk action plan should be revised when the risk associated with a new technology is found to be increasing, as this indicates that the current plan is not effective or sufficient. Revising the risk action plan can help identify the root causes of the risk increase, evaluate the effectiveness of current controls, and implement additional or alternative controls as needed. Re-evaluatingcurrent controls, escalating the risk to senior management, and implementing additional controls are possible steps in the revision process, but they are not the first course of action. The first course of action should be to update the risk action plan to reflect the current risk situation and the appropriate risk response.