| 1. Risk Evaluation is the process used to compare the estimated risk against the given risk criteria so as to determine the significance of the risk.
Note: Risk evaluation may be used to assist in the decision to risk treatment.
2. Process of comparing the results of risk analysis (2.21) with risk criteria (2.22) to determine whether the risk (2.1) and/or its magnitude is acceptable or tolerable
Notes (1) : Risk evaluation assists in the decision about risk treatment (2.25).
[ISO Guide 73:2009, definition 3.7.1]
(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.24
| 3. The process of determining the significance of risk.
(Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary)