Fundamental principles and concepts in Risk Management
ISO 31000 Risk Manager
Risk management – Principles and guidelines, provides
principles, framework and a process for managing risk. It can be used by any
organization regardless of its size, activity or sector. Using ISO 31000 can
help organizations increase the likelihood of achieving objectives, improve the
identification of opportunities and threats and effectively allocate and use
resources for risk treatment.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programmes. Organizations using it can compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programmes. Organizations using it can compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.
ISO 27005 Risk Manager
ISO/IEC 27005:2008 provides guidelines for information
security risk management. It supports the general concepts specified in ISO/IEC
27001 and is designed to assist the satisfactory implementation of information
security based on a risk management approach. Knowledge of the concepts,
models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC
27002 is important for a complete understanding of ISO/IEC 27005:2008. ISO/IEC
27005:2008 is applicable to all types of organizations (e.g. commercial
enterprises, government agencies, non-profit organizations) which intend to
manage risks that could compromise the organization's information security.
