Risk management guidelines

ISO 31000 is an international standard first published in 2009, the current version published in 2018. The standard contains principles and guidelines for effective risk management. It outlines a general approach to risk management that can be applied to and used by all organisations. ISO 31000 can easily be linked to the ISO 27005 standard for risk assessment and risk management in information security. Based on the ISO 31000 framework, the ISO 27005 standards explain how risk assessments and risk management can be carried out in the context of information security. ISO IEC 31010 is a supporting standard to ISO 3100 and provides a framework for developing and implementing risk management, risk analysis, and data and information management. ^[1]

[1]       E. LACHAPELLE and B. HUNDOZI, “ISO 31000 Risk Management – Principles and Guidelines,” PECB, Jan. 09, 2015. https://pecb.com/whitepaper/iso-31000-risk-management–principles-and-guidelines (accessed Jan. 07, 2021).