ISO Issues Risk Assessment Standard - ISO/IEC 31010
February 8, 2010 // Published as a news service by IHS
It was developed jointly by ISO and International Electrotechnical Commission (IEC), expanding upon the previously published ISO 31000:2009, which was complemented by ISO Guide 73:2009 on risk management vocabulary.
The latest standard deals with:
- Risk assessment concepts
- Risk assessment process
- Selection of risk assessment techniques
The standard reflects current good practice and answers the following questions:
- What can happen and why?
- What are the consequences?
- What is the probability of their future occurrence?
- Are there any factors that mitigate the consequences of the risk or that reduce the probability of the risk?
In general, risk assessment is meant to provide an understanding of risks that could affect achievement of objectives and the adequacy and effectiveness of controls already in place. ISO/IEC 31010 provides a basis for decisions about the approach to use to treat particular risks and to select between options.
Risk assessment is not a stand-alone activity and should be integrated into the other components in the risk management process, said ISO.
ISO/IEC 31010:2009 was prepared by IEC technical committee 56, Dependability, together with the ISO technical management board's risk management working group.