Risk Management is the crucial process for protecting organization from various types of threats and risks. Many laws and regulations, both local and international, demand organization to establish formal risk management process.
ISO 31000 is the next-generation standard for risk management. It compliments all existing standards and recommends new approach and concept for easier and more effective risk management.
ISO 31000 Key Features:
- Applicable to all types of risk; Strategic, Operational, Financial, Compliance and Reporting Risks
- Risk assessment can be performed base on risk event (or scenario), thus eliminate the need for asset-based risk assessment
- Risk can have positive impact, rather than just negative impact
- Include risk as part of business decision-making
- Contain requirements for implementing Risk Management System (RMS)
- Recommended as suitable risk management approach for modern ISO standards (such as ISO 27001:2013)