ISO 31000:2009 Risk management - Principles and guidelines
From ISO's website:
ISO 31000:2009 provides principles and generic guidelines on risk management.
ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector.
ISO 31000:2009 can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.
The guide is made up of the following main sections:
- Terms and definitions
- Risk management creates and protects value.
- Risk management is an integral part of all organizational processes.
- Risk management is part of decision making.
- Risk management explicitly addresses uncertainty.
- Risk management is systematic, structured and timely.
- Risk management is based on the best available information.
- Risk management is tailored.
- Risk management takes human and cultural factors into account.
- Risk management is transparent and inclusive.
- Risk management is dynamic, iterative and responsive to change.
- Risk management facilitates continual improvement of the organization.
- Annex a: Attributes of enhanced risk management
- Key outcomes