1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Risk Management Process

Discussion in 'ISO 31000:2009 - Risk Management' started by Dilek, Dec 14, 2015.

  1. Dilek

    Dilek New Member

    Joined:
    Dec 14, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    How do you define a Risk Management Process? What are the inputs and outputs?
     
  2. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Did you google Risk Management Process? Inputs are associated with 4.1= internal and external issues affecting the QMS and the strategy. Outputs are mitigation to minimize risk
     
  3. Dilek

    Dilek New Member

    Joined:
    Dec 14, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I prefer to express more clear... Such as incidents, new assets, changing policy/objectives etc. Do you want to add more data?
     
  4. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    I think If we read the guidance document itself - it is pretty much clear on the approach. Do not fall into the various methods of risk - there are many of them (31000 being one of them) . This is where we get confused and our focus gets deviated from the core concepts of Risk Management. Therefore I suggest to prepare your mind, pick 1 or 2 good books,ensure complete reading, do not google out much (cause of frustration/lack of focus), jot down key points in your note book. I think that's enough to get you started.

    Another thing I want to mention is 31000:2009 is the High-level guidance document for organization to have Enterprise level Risk Management process. It requires you to adjust to meet requirements for specific standards like for ISO27001, ISO9001:2015. However the standards itself doesnt have requirement to follow this method except a note as a reference / guidance document.
     
    Raymond@1 likes this.
  5. David Sanabria

    David Sanabria Active Member

    Joined:
    Jan 2, 2016
    Messages:
    50
    Likes Received:
    4
    Trophy Points:
    7
  6. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    I am sorry for moving a little fast without even thinking that maybe you need guidance. Somewhere in this forum there is a Risk Based Planner based on ISO3100. I am using it and it is saving me a lot of work. I got this template from the Resource section of this forum. I hope it will help you.
     

    Attached File(s): 1. Scan for viruses before using. 2. Report any 'bad' files by reporting this post. 3. Use at your own Risk.: