Difference between revisions of "Risk Evaluation"
Jump to navigation
Jump to search
(→Finland) |
(→ISO/IEC 27000:2014 and ISO 31000:2009) |
||
| Line 29: | Line 29: | ||
===Standard Definition=== | ===Standard Definition=== | ||
==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== | ==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== | ||
| − | {{definition|Process of comparing the results of [[Risk Analysis|risk analysis]] with risk criteria to determine whether the [[risk]] and/or its magnitude is acceptable or tolerable <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref> <br />(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}} | + | {{definition|Process of comparing the results of [[Risk Analysis|risk analysis]] with risk criteria to determine whether the [[risk]] and/or its magnitude is acceptable or tolerable. <ref name="ISO27000-14">[http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref> <br />(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}} |
<big> | <big> | ||
| − | * Risk criteria are the terms of reference against which the significance of [[risk]] is evaluated <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>. They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements. | + | * Risk criteria are the terms of reference against which the significance of [[risk]] is evaluated. <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>. They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements. |
* Risk evaluation assists in the decision about [[Risk Treatment|risk treatment]].</big> | * Risk evaluation assists in the decision about [[Risk Treatment|risk treatment]].</big> | ||
Revision as of 21:57, 26 November 2016
Contents
Definitions
European Definitions
ENISA
Risk Evaluation is the process of comparing the estimated risk against given risk criteria to determine the significance of risk (refers to ISO/IEC Guide 73). [1]
Other International Definitions
National Definitions
Australia
Risk evaluation is the process in which judgements are made on the tolerability of the risk on the basis of risk analysis and taking into account factors such as socioeconomic and environmental aspects. [2]
Risk evaluation is the process used to prioritise risks. [2]
Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable. [3]
Canada
The process of comparing the results of risk analysis with risk criteria to determine whether a risk and/or its magnitude is acceptable or tolerable. [4]
Processus de comparaison des résultats de l’analyse de risques avec les critères de risque afin de déterminer si un risque ou son importance sont acceptables ou tolérables. [5]
Processus de comparaison des résultats de l’analyse de risques avec les critères de risque afin de déterminer si un risque ou son importance sont acceptables ou tolérables. [5]
Finland
Risk evaluation is a part of Risk Management in which, on the basis of Risk Analysis information, the effect and tolerability of risks are considered and through which information basis for decision making in Risk Management is formed.
Riskin merkityksen arviointi / riskin arvottaminen: riskienhallinnan osa, jossa riskianalyysin tietojen pohjalta pohditaan riskien vaikutusta ja siedettävyyttä ja jonka avulla muodostetaan tietopohja riskienhallinnan päätöksen tekoa varten. [6]
Riskin merkityksen arviointi / riskin arvottaminen: riskienhallinnan osa, jossa riskianalyysin tietojen pohjalta pohditaan riskien vaikutusta ja siedettävyyttä ja jonka avulla muodostetaan tietopohja riskienhallinnan päätöksen tekoa varten. [6]
Switzerland
Die Risikobewertung umfasst den Prozess des Entscheidungsträgers und/oder der betroffenen Gemeinschaft, bei dem festgestellt wird, ob die definierten Schutzziele eingehalten sind. [7]
L’appréciation des risques englobe le processus appliqué par le décideur et/ou la collectivité concernée pour vérifier si les objectifs de protection définis sont remplis. [8]
La ponderazione dei rischi è il processo adottato dall’organo decisionale e/o dalla comunità per appurare se gli obiettivi di protezione predefiniti sono stati raggiunti. [9]
L’appréciation des risques englobe le processus appliqué par le décideur et/ou la collectivité concernée pour vérifier si les objectifs de protection définis sont remplis. [8]
La ponderazione dei rischi è il processo adottato dall’organo decisionale e/o dalla comunità per appurare se gli obiettivi di protezione predefiniti sono stati raggiunti. [9]
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable. [10] [11]
(based on the ISO Guide 73:2009[12])
(based on the ISO Guide 73:2009[12])
- Risk criteria are the terms of reference against which the significance of risk is evaluated. [12]. They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements.
- Risk evaluation assists in the decision about risk treatment.
See also
Notes
- ↑ ENISA Risk Glossary
- ↑ 2.0 2.1 Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ Derived from ISO 31000:2009
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Palo- ja pelastussanasto. Helsinki: Suomen Pelastusalan Keskusjärjestö ry ja Suomen Palopäällystöliitto, 2006. 350 s. (TSK 33.) ISBN 951-797-215-6; Fire and Rescue Vocabulary. Helsinki: the Finnish National Rescue Association SPEK and the Finnish Association of Fire Chiefs, 2006. 350 p. (TSK 33.) ISBN 951-797-215-6 (In Finnish.)
- ↑ Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
- ↑ Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
- ↑ Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ 12.0 12.1 ISO Guide 73:2009 Risk management -- Vocabulary
