• jt

What Is the ISO31000 Process?

ISO31000 Process


The key stages of the security risk management process (as per ISO31000:2018) are:


  • Scope, Context, and Criteria

  • Risk Assessment, which comprises three elements:

  1. Risk Identification

  2. Risk Analysis

  3. Risk Evaluation

  • Risk Treatment

  • Monitoring and Review

  • Recording and Reporting

  • Communication and Consultation

Note: Monitoring and Review, Recording, and Reporting, and Communication and Consultation, are typically considered to be continual and concurrent practices. This means that they can occur at the same time, and run constantly throughout the risk assessment.



Scope, Context, Criteria, RiskAssessment, and Risk Treatment, may be one-off as part of a risk assessment or, ideally may be conducted continuously.




©2019 by Julian Talbot