Enterprise Risk Management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives.
ISO standards also aim to increase probability of success by following accredited practices that can be audited and confirmed by several external auditors or - without auditing - can represent confidence on services and products.
By analysing ISO 9001 - Quality Management System we can realize into section 6.1.2 a few recommendations to identify, analyse and prioritize, plan actions to address risks and check the effectiveness of some kind of Risk Management. Chapter 8 also tells us to follow risk management procedures for listen customer needs and Annex SL, Appendix 2 shows us some templates to do it.
ISO 14001 - Environmental Management System is based on ISO 9001 and confirm those recommendations and templates, besides Environmental Risk Management approach.
Risk Assessment is the foundation of the Information Security Management System (ISMS) standard on ISO 27001 and it contains into its clause 8.2 similar recommendation for risk identify, access and treatment, but ISO 27003 is the document where we can find how to conductiong risk assessment and planning risk treatment. ISO 27001:2013 contains on clause 6.2.1 how to do information security risk assessment and 6.1.3 tells us how to do information security risk treatment.
For knowing real security thechniques we should take a look at ISO 27005 and ISO 31010 where very interesting templates can be found.
ISO 22301:2012 for Business Continuity Management (BCMS) tells us to:
ISO standards also aim to increase probability of success by following accredited practices that can be audited and confirmed by several external auditors or - without auditing - can represent confidence on services and products.
By analysing ISO 9001 - Quality Management System we can realize into section 6.1.2 a few recommendations to identify, analyse and prioritize, plan actions to address risks and check the effectiveness of some kind of Risk Management. Chapter 8 also tells us to follow risk management procedures for listen customer needs and Annex SL, Appendix 2 shows us some templates to do it.
ISO 14001 - Environmental Management System is based on ISO 9001 and confirm those recommendations and templates, besides Environmental Risk Management approach.
Risk Assessment is the foundation of the Information Security Management System (ISMS) standard on ISO 27001 and it contains into its clause 8.2 similar recommendation for risk identify, access and treatment, but ISO 27003 is the document where we can find how to conductiong risk assessment and planning risk treatment. ISO 27001:2013 contains on clause 6.2.1 how to do information security risk assessment and 6.1.3 tells us how to do information security risk treatment.
For knowing real security thechniques we should take a look at ISO 27005 and ISO 31010 where very interesting templates can be found.
ISO 22301:2012 for Business Continuity Management (BCMS) tells us to:
- evaluate the potential impact;
- systematic analysing and prioritizing risk treatment with their related costs;
- analyse business impact and risk assessment.
Comentários
Postar um comentário