ISO 31000 Risk Management
ISO 31000 is an international standard issued in 2009 by ISO (International Organization for Standardization), and it is intended to serve as a guide for the design, implementation and maintenance of risk management.
All types and sizes of organizations face internal and external factors and influences that make it uncertain whether and when they will achieve their objectives.
The effect this uncertainty has on an organization’s objectives is risk.
Risk is involved in any activity of an organization. ISO 31000:2009 describes a systematic and logical process, during which organizations manage risk by identifying it, analyzing and then evaluating whether the risk should be modified by risk treatment in order to satisfy their risk criteria.
Risk management can be applied to an entire organization, at its many areas and levels, at any time, as well as to specific functions, projects and activities.
An overview of ISO 31000:2009
ISO 31000 provides principles and generic guidelines to assist organizations in establishing, implementing, operating, maintaining and continually improving their risk management framework.
It is not specific to any industry or sector, so it can be used by any public, private or community enterprise, association, group or individual. This standard can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.
This standard is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.
An overview of ISO 31000:2009
ISO 31000 provides principles and generic guidelines to assist organizations in establishing, implementing, operating, maintaining and continually improving their risk management framework.
It is not specific to any industry or sector, so it can be used by any public, private or community enterprise, association, group or individual. This standard can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.
This standard is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.