Discussion in 'ISO 31000:2009 - Risk Management' started by Dilek, Dec 14, 2015.
How do you define a Risk Management Process? What are the inputs and outputs?
Did you google Risk Management Process? Inputs are associated with 4.1= internal and external issues affecting the QMS and the strategy. Outputs are mitigation to minimize risk
I prefer to express more clear... Such as incidents, new assets, changing policy/objectives etc. Do you want to add more data?
I think If we read the guidance document itself - it is pretty much clear on the approach. Do not fall into the various methods of risk - there are many of them (31000 being one of them) . This is where we get confused and our focus gets deviated from the core concepts of Risk Management. Therefore I suggest to prepare your mind, pick 1 or 2 good books,ensure complete reading, do not google out much (cause of frustration/lack of focus), jot down key points in your note book. I think that's enough to get you started.
Another thing I want to mention is 31000:2009 is the High-level guidance document for organization to have Enterprise level Risk Management process. It requires you to adjust to meet requirements for specific standards like for ISO27001, ISO9001:2015. However the standards itself doesnt have requirement to follow this method except a note as a reference / guidance document.
Have you looked at Chapter 7.3 Risk Management - part of the Supply Chain Management Handbook
I am sorry for moving a little fast without even thinking that maybe you need guidance. Somewhere in this forum there is a Risk Based Planner based on ISO3100. I am using it and it is saving me a lot of work. I got this template from the Resource section of this forum. I hope it will help you.
Separate names with a comma.