• jt

What Is the ISO31000 Process?

ISO31000 Process


The key stages of the security risk management process (as per ISO31000:2018) are:


  • Scope, Context, and Criteria

  • Risk Assessment, which comprises three elements:

  1. Risk Identification

  2. Risk Analysis

  3. Risk Evaluation

  • Risk Treatment

  • Monitoring and Review

  • Recording and Reporting

  • Communication and Consultation

Note: Monitoring and Review, Recording, and Reporting, and Communication and Consultation, are typically considered to be continual and concurrent practices. This means that they can occur at the same time, and run constantly throughout the risk assessment.



Scope, Context, Criteria, RiskAssessment, and Risk Treatment, may be one-off as part of a risk assessment or, ideally may be conducted continuously.




37 views0 comments

Recent Posts

See All

Other Security Frameworks

Security Frameworks The following is a partial list of sources for security-related frameworks. Their presence here is not an endorsement, just a resource if you are looking for more references. I hav

©2019 by Julian Talbot