Difference between revisions of "Risk Assessment"
Jump to navigation
Jump to search
(→ISO/IEC 27000:2014) |
(→ISO/IEC 27000:2014) |
||
| Line 21: | Line 21: | ||
===Standard Definition=== | ===Standard Definition=== | ||
| − | ==== ISO/IEC 27000:2014 ==== | + | ==== ISO/IEC 27000:2014 and ISO 31000:2009 ==== |
<big>The standard defines risk assessment as</big> | <big>The standard defines risk assessment as</big> | ||
| − | {{definition|the "overall process of [[Risk Identification|risk identification]], [[Risk Analysis|risk analysis]] and [[Risk Evaluation|risk evaluation]]<ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}} | + | {{definition|the "overall process of [[Risk Identification|risk identification]], [[Risk Analysis|risk analysis]] and [[Risk Evaluation|risk evaluation]]<ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>. (based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}} |
==See also== | ==See also== | ||
Revision as of 00:01, 15 July 2014
Contents
Definitions
European Definitions
Overall process of [1]:
- hazard identification (identification of a risk source capable of causing adverse effects to humans or the environment),
- hazard characterization (quantitative evaluation of the nature of the adverse health effects associated with the hazard),
- exposure assessment (evaluation of the likely exposure of man and/or the environment to risk sources) and
- risk characterisation (estimation, including attendant uncertainties, of the probability of occurrence and severity of known or potential adverse health effects in a given population).
Other International Definitions
UNISDR
A methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend [2].
According to UNISDR, risk assessments (and associated risk mapping) include:
- a review of the technical characteristics of hazards such as their location,intensity, frequency and probability;
- the analysis of exposure and vulnerability including the physical social, health, economic and environmental dimensions;
- and the evaluation of the effectiveness of prevailing and alternative coping capacities in respect to likely risk scenarios.
This series of activities is sometimes known as a risk analysis process.
National Definitions
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
The standard defines risk assessment as
the "overall process of risk identification, risk analysis and risk evaluation[3] [4]. (based on the ISO Guide 73:2009[5]).
See also
Notes
- ↑ European Commission's CBRN Glossary, 2012
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
