Risk Reduction: Difference between revisions

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
No edit summary
 
(No difference)

Latest revision as of 22:54, 29 October 2020

1. Risk Reduction is to take appropriate actions to lessen the likelihood, negative consequences or both, associated with a risk.
BL-B-5 Click to know more

Note (1): The purpose of Risk Reduction is to reduce the risk to a level which is acceptable to management; by identifying, evaluating and implementing suitable controls or countermeasures.

Note (2): Examples of a control is the deployment of more security guards (physical control) and clean desk policy (procedural control).

Related Terms: Risk Treatment, Risk Mitigation, Risk Transference.

BCM Institute's Professional Training and Certification



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2B: Intermediate (BC)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2C: Intermediate (CM)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2CC: Intermediate (CC)
Click to know more about expert level training

(Source: Business Continuity Management Institute - BCM Institute)

A Manager’s Guide to ISO 22301 Standard for Business Continuity Management System

2. Actions taken to lessen the probability, negative consequences, or both, associated with a risk. (Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.39

3. A selective application of appropriate techniques and management principles to reduce either probability of an occurrence or its impact, or both. (Source: Singapore Standard 540 - SS 540:2008)

Analyzing & Reviewing the Risks for Business Continuity Planning

4. A selective application of appropriate techniques and management principles to reduce or mitigate either likelihood of an occurrence or its consequences, or both. (Source: Business Continuity Institute - BCI)

5. Plans and processes that will allow an organization to avoid, preclude, or limit the impact of a crisis occurring. The tasks included in prevention should include compliance with corporate policy, mitigation strategies, and behavior and programs to support avoidance and deterrence and detection.

(Source: ASIS International - ASIS International)

6. The implementation of the preventative measures which Risk Assessment has identified.

(Source: Business Continuity Institute - BCI)

(Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary)