ISO 31073:2022 pdf download – Risk management — Vocabulary.
1 Scope This document defines generic terms related to the management of risks faced by organizations. 2 Normative references There are no normative references in this document. 3? Terms? and? definitions ISO and IEC maintain terminology databases for use in standardization at the following addresses: — ISO Online browsing platform: available at https:// www .iso .org/ obp — IEC Electropedia: available at https:// www .electropedia .org/ 3.1 Terms related to risk 3.1.1 risk effect of uncertainty (3.1.3) on objectives (3.1.2) Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address, create or result in opportunities (3.3.23) and threats (3.3.13). Note 2 to entry: Objectives can have different aspects and categories, and can be applied at different levels. Note 3 to entry: Risk is usually expressed in terms of risk sources (3.3.10), potential events (3.3.11), their consequences (3.3.18) and their likelihood (3.3.16). 3.1.2 objective result to be achieved Note 1 to entry: An objective can be strategic, tactical or operational. Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process). Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a management system objective, or by the use of other words with similar meaning (e.g. aim, goal, target). 3.1.3 uncertainty state, even partial, of deficiency of information related to understanding or knowledge Note 1 to entry: In some cases, uncertainty can be related to the organization’s (3.3.7) context as well as to its objectives (3.1.2). Note 2 to entry: Uncertainty is the root source of risk (3.1.1), namely any kind of “deficiency of information” that matters in relation to objectives (and objectives, in turn, relate to all relevant interested parties’ (3.3.2) needs and expectations).
3.2 Terms related to risk management 3.2.1 risk management coordinated activities to direct and control an organization (3.3.7) with regard to risk (3.1.1) 3.2.2 risk management policy statement of the overall intentions and direction of an organization (3.3.7) related to risk management (3.2.1) [SOURCE: ISO Guide 73:2009, 2.1.2] 3.2.3 risk management plan scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk (3.1.1) Note 1 to entry: Management components typically include procedures, practices, assignment of responsibilities, sequence and timing of activities. Note 2 to entry: The risk management plan can be applied to a particular product, process and project, and part or whole of the organization (3.3.7). [SOURCE: ISO Guide 73:2009, 2.1.3] 3.3 Terms related to the risk management process 3.3.1 risk management process systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring (3.3.40) and reviewing risk (3.1.1) [SOURCE: ISO Guide 73:2009, 3.1] 3.3.2 interested party stakeholder person or organization (3.3.7) that can affect, be affected by, or perceives itself to be affected by a decision or activity 3.3.3 risk perception interested party’s (3.3.2) view on risk (3.1.1) Note 1 to entry: Risk perception reflects the interested party’s needs, issues, knowledge, beliefs and values. [SOURCE: ISO Guide 73:2009, 3.2.1.2, modified — “interested party” has replaced “stakeholder”, and “risk” has replaced “a risk” in the definition.]

Tags: ISO 31073 pdf Download