| 1. Risk Criteria is the terms of reference (standards, measures, or expectations) used in making a judgement or a decision on the significance of risk to be assessed.
Note: Risk Criteria may include:
2. Terms of reference by which the significance of risk is assessed.
Notes (1) : Risk criteria can include associated cost and benefits, legal and statutory requirements, socio-economic and environmental aspects, the concerns of stakeholders, priorities and other inputs to the assessment.
(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.37
|3. Terms of reference against which the significance of a risk (2.1) is evaluated.
Notes (1) : Risk criteria are based on organizational objectives, and external (2.10) and internal context (2.11).
Notes (2) : Risk criteria can be derived from standards, laws, policies and other requirements.
[ISO Guide 73:2009, definition 18.104.22.168]
(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.22
4. Terms of reference against which the significance of a risk (Clause 3.19) is evaluated.
- Risk criteria are based on internal and external context, and are regularly reviewed to ensure
- Risk criteria can be derived from standards, laws and policies.
(Source: AS/NZS 5050.1 Australian and New Zealand Standards for business continuity management.
Part 1: Business continuity management system specification)