AS ISO 31000 2018 specifies guidelines on managing risk faced by organizations with the application of these guidelines able to be customized to any organization. As one of the risk management standards, this standard provides a common approach to managing any type of risk and is not industry or sector specific.
Table of contents
Header
About this publication
Preface
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Principles
5 Framework
5.1 General
5.2 Leadership and commitment
5.3 Integration
5.4 Design
5.4.1 Understanding the organization and its context
5.4.2 Articulating risk management commitment
5.4.3 Assigning organizational roles, authorities, responsibilities and accountabilities
5.4.4 Allocating resources
5.4.5 Establishing communication and consultation
5.5 Implementation
5.6 Evaluation
5.7 Improvement
5.7.1 Adapting
5.7.2 Continually improving
6 Process
6.1 General
6.2 Communication and consultation
6.3 Scope, context and criteria
6.3.1 General
6.3.2 Defining the scope
6.3.3 External and internal context
6.3.4 Defining risk criteria
6.4 Risk assessment
6.4.1 General
6.4.2 Risk identification
6.4.3 Risk analysis
6.4.4 Risk evaluation
6.5 Risk treatment
6.5.1 General
6.5.2 Selection of risk treatment options
6.5.3 Preparing and implementing risk treatment plans
