Difference between revisions of "Risk Evaluation"
Jump to navigation
Jump to search
(→Australia) |
(→Standard Definition) |
||
| Line 15: | Line 15: | ||
===Standard Definition=== | ===Standard Definition=== | ||
| − | ==== ISO/IEC 27000:2014 ==== | + | ==== ISO/IEC 27000:2014 and ISO 31000:2009 ==== |
| − | {{definition|Process of comparing the results of [[Risk Analysis|risk analysis]] with risk criteria to determine whether the [[risk]]and/or its magnitude is acceptable or tolerable <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>) | + | {{definition|Process of comparing the results of [[Risk Analysis|risk analysis]] with risk criteria to determine whether the [[risk]] and/or its magnitude is acceptable or tolerable <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref> <br />(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}} |
<big> | <big> | ||
| − | * Risk criteria are the terms of reference against which the significance of [[risk]] is evaluated <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref> | + | * Risk criteria are the terms of reference against which the significance of [[risk]] is evaluated <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>. They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements. |
* Risk evaluation assists in the decision about [[Risk Treatment|risk treatment]].</big> | * Risk evaluation assists in the decision about [[Risk Treatment|risk treatment]].</big> | ||
Revision as of 23:34, 29 May 2015
Contents
Definitions
European Definitions
Other International Definitions
National Definitions
Australia
Risk evaluation is the process in which judgements are made on the tolerability of the risk on the basis of risk analysis and taking into account factors such as socioeconomic and environmental aspects. [1]
Risk evaluation is the process used to prioritise risks. [1]
Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable. [2]
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable [3] [4]
(based on the ISO Guide 73:2009[5])
(based on the ISO Guide 73:2009[5])
- Risk criteria are the terms of reference against which the significance of risk is evaluated [5]. They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements.
- Risk evaluation assists in the decision about risk treatment.
See also
Notes
- ↑ 1.0 1.1 Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ 5.0 5.1 ISO Guide 73:2009 Risk management -- Vocabulary
