ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management.
Risk. According to ISO 31000, risk is the “effect of uncertainty on objectives” and an effect is a positive or negative deviation from what is expected. The following will explain what this means. ISO 31000 recognizes that all of us operate in an uncertain world.
ISO 31000 - Risk management. Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.
IT Risk Management caters principles and generic guidelines on risk management which can be implemented by public, private or community enterprise, association, group or individual. Organizations should implement standards to boost economic performance and safeguard professional reputation, environmental, safety and social relations.
ISO 31000:2009 can be implemented by any organization regardless of its size, activity or sector. It contains principles, framework and a process for managing risk.
ISO 31000:2009 helps organizations in identification of opportunities and threats and effectively allocate and use resources for risk treatment. It provides guidance for internal or external audit programs and helps them compare their risk management practices with an internationally recognized benchmark. ISO 31000:2009 replaces countless existing standards, methodologies and paradigms that differed between industries, subjects and regions.