Risk Treatment according to ISO31000

By Global Trust Association

27 February, 2020 | 00:02hrs

No organization is free from external and internal factors which may make uncertain the achievement of its objectives. According to the definition set out in ISO 31000, a risk is the effect of this uncertainty on the objectives.

The standard sets out some reference principles and guidelines to address risk treatment. The process is cyclical and involves assessing the risk treatment, defining whether the levels of residual risk are acceptable or whether it is necessary to generate a new risk treatment, and then assessing the effectiveness of such treatment.

When choosing the most appropriate options for risk treatment, it is necessary to consider balancing the costs and efforts to be implemented with the resulting benefits.

It is also possible to identify risks whose treatment is not justifiable due to economic reasons.  Therefore, the organization must ensure an appropriate balance between the possible benefits of retaining risk and the potential cost or negative impact the risk may represent.

Risks treatment requires continuous review and updating as the context, internal or external factors, strategies, and objectives of the organization may change.

  • <
  • 6/126
  • >

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: El titular del sitio.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio.
  • Derechos: Acceder, rectificar y suprimir los datos.

This website uses cookies, you can see here the