{"id":976,"date":"2010-01-22T09:20:48","date_gmt":"2010-01-22T03:50:48","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=976"},"modified":"2010-01-30T09:43:55","modified_gmt":"2010-01-30T04:13:55","slug":"managing-risk-with-iso-31000","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/managing-risk-with-iso-31000\/","title":{"rendered":"Managing Risk with ISO 31000"},"content":{"rendered":"<p align=\"justify\">\nThe first International <strong>Risk Management Standard ISO 31000<\/strong>:2009, together with ISO Guide 73:2009, was released by the International Organisation for\u00a0Standardisation (ISO) on 15 November 2009.<\/p>\n<p>&nbsp;<\/p>\n<p align=\"justify\">\nAnd since IT Security is an integral part of Risk Management, it is useful for anybody interested in IT Security to know the basics of this new Risk\u00a0Management ISO Standard.<\/p>\n<p>&nbsp;<\/p>\n<p><!--more--><\/p>\n<p align=\"justify\">\nISO:31000 is a generic risk management standard and each organization will need to customize its risk process to its own needs. \u00a0To support the new standard,\u00a0ISO has also published &#8220;<strong>ISO Guide 73:2009 Risk Management \u2013 Terminology<\/strong>&#8221; which complements ISO 31000 by providing a collection of terms and definitions\u00a0relating to the management of risk. Further, &#8220;<strong>ISO\/IEC 31010:2009 Risk Management \u2013 Risk Assessment Techniques<\/strong>&#8221; provides guidance on selection and application\u00a0of systematic techniques for risk assessment.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Key Concepts<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p align=\"justify\">\n<ul>\n<li>ISO 31000:2009 provides principles and generic guidelines on risk management.<\/li>\n<li>ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any\u00a0industry or sector.<\/li>\n<li>ISO 31000:2009 can be applied throughout the life of an organisation, and to a wide range of activities, including strategies and decisions, operations,\u00a0processes, functions, projects, products, services and assets.<\/li>\n<li>ISO 31000:2009 can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.<\/li>\n<li>Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organisations. The design and\u00a0implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organisation, its particular\u00a0objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.<\/li>\n<li>ISO 31000:2009 is not intended for the purpose of certification.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Key Definitions<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p align=\"justify\">\n<ul>\n<li><strong>Risk<\/strong> &#8211; Effect of uncertainty on objectives<\/li>\n<li><strong>Risk Management<\/strong> &#8211; Coordinated activities to direct and control an organisation with regard to risk<\/li>\n<li><strong>Risk Management Framework<\/strong> &#8211; Set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing\u00a0and continually improving risk management throughout the organisation<\/li>\n<li><strong>Risk Management Policy<\/strong> &#8211; Statement of the overall intentions and direction of an organisation related to risk management<\/li>\n<li><strong>Risk Management Plan<\/strong> &#8211; Scheme within the risk management framework specifying the approach, the management components and resources to be applied to the\u00a0management of risk<\/li>\n<li><strong>Risk Management Process<\/strong> &#8211; Systematic application of management policies, procedures and practices to the activities of communicating, consulting,\u00a0establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Framework for managing risk<\/strong><\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_987\" aria-describedby=\"caption-attachment-987\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.qadit.com\/blog\/wp-content\/framework-300x194.jpg\" alt=\"ISO 31000 Framework for Managing Risk\" width=\"300\" height=\"194\" class=\"size-medium wp-image-987\" srcset=\"https:\/\/qadit.com\/blog\/wp-content\/uploads\/framework-300x194.jpg 300w, https:\/\/qadit.com\/blog\/wp-content\/uploads\/framework.JPG 697w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><figcaption id=\"caption-attachment-987\" class=\"wp-caption-text\">ISO 31000 Framework for Managing Risk<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p><strong>Process for managing risk<\/strong><\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_988\" aria-describedby=\"caption-attachment-988\" style=\"width: 292px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.qadit.com\/blog\/wp-content\/process-for-managing-risk-292x300.gif\" alt=\"ISO 31000 Process for Managing Risk\" width=\"292\" height=\"300\" class=\"size-medium wp-image-988\" srcset=\"https:\/\/qadit.com\/blog\/wp-content\/uploads\/process-for-managing-risk-292x300.gif 292w, https:\/\/qadit.com\/blog\/wp-content\/uploads\/process-for-managing-risk.gif 400w\" sizes=\"auto, (max-width: 292px) 100vw, 292px\" \/><figcaption id=\"caption-attachment-988\" class=\"wp-caption-text\">ISO 31000 Process for Managing Risk<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The first International Risk Management Standard ISO 31000:2009, together with ISO Guide 73:2009, was released by the International Organisation for\u00a0Standardisation (ISO) on 15 November 2009. &nbsp; And since IT Security is an integral part of Risk Management, it is useful for anybody interested in IT Security to know the basics of this new Risk\u00a0Management ISO &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/qadit.com\/blog\/managing-risk-with-iso-31000\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Managing Risk with ISO 31000&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[24],"tags":[130,131],"class_list":["post-976","post","type-post","status-publish","format-standard","hentry","category-grc","tag-iso-31000","tag-risk-management"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-fK","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/976","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=976"}],"version-history":[{"count":0,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/976\/revisions"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=976"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=976"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=976"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}