*** Welcome to piglix ***

ISO 31000


ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.

Currently, the ISO 31000 family is expected to include:

ISO also designed its ISO 21500 Guidance on Project Management standard to align with ISO 31000:2009.

ISO 31000 was published as a standard on 13 November 2009, and provides a standard on the implementation of risk management. A revised and harmonised ISO/IEC Guide 73 was published at the same time. The purpose of ISO 31000:2009 is to be applicable and adaptable for "any public, private or community enterprise, association, group or individual." Accordingly, the general scope of ISO 31000 - as a family of risk management standards - is not developed for a particular industry group, management system or subject matter field in mind, rather to provide best practice structure and guidance to all operations concerned with risk management. It began the process for its first revision on May 13, 2015. A draft International standard (DIS) which is open for public comment, was published on February 17, 2017.

ISO 31000:2009 provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organization. This approach to formalizing risk management practices will facilitate broader adoption by companies who require an enterprise risk management standard that accommodates multiple ‘silo-centric’ management systems.

The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.

Accordingly, ISO 31000:2009 is intended for a broad stakeholder group including:

One of the key paradigm shifts proposed in ISO 31000 is a controversial change in how risk is conceptualised and defined. Under both ISO 31000:2009 and ISO Guide 73, the definition of "risk" is no longer "chance or probability of loss", but "effect of uncertainty on objectives" ... thus causing the word "risk" to refer to positive consequences of uncertainty, as well as negative ones.

A similar definition was adopted in ISO 9001:2015 (Quality Management System Standard), in which risk is defined as, "effect of uncertainty." Additionally, a new risk related requirement, "risk-based thinking" was introduced there.


...
Wikipedia

...