ISO31000 Process
The key stages of the security risk management process (as per ISO31000:2018) are:
Scope, Context, and Criteria
Risk Assessment, which comprises three elements:
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Monitoring and Review
Recording and Reporting
Communication and Consultation
Note: Monitoring and Review, Recording and Reporting, and Communication and Consultation are typically considered continual and concurrent practices. This means they can occur simultaneously and run constantly throughout the risk assessment.
Scope, Context, Criteria, Risk Assessment, and Risk Treatment may be one-off as part of a risk assessment or, ideally, may be conducted continuously.
Comments