User:AndyRMills/sandbox

Applied Risk Management

New ISO standards are based on Annex SL. This defines the high level structure to be adopted for new ISO standards. A core element of the new structure is risk management. Regardless of the subject of the standard, there is a requirement to assess the risk of not achieving the objectives. This may be the risk of not achieving the information security objectives (ISO/IEC 27001:2013) or the risk of not achieving the fulfillment of customer requirements (ISO 9001:2015).

Applying risk management will be core to the management systems of businesses and organisations wishing to be ISO certified. Risk management, therefore, is a core competence required by business and organisation owners.

ISO 31000 describes risk management and is a sub-process for other ISO standards-based management systems.