Risk Criteria: Difference between revisions

1. Risk Criteria is the terms of reference (standards, measures, or expectations) used in making a judgement or a decision on the significance of risk to be assessed. Note: Risk Criteria may include: Associated cost and benefits Legal and statutory requirements The concerns of stakeholders { BCMBoK Competency Level BCMBoK 2: Risk Analysis & Review CL 2B: Intermediate (BC) BCMBoK Competency Level BCMBoK 2: Risk Analysis & Review CL 2C: Intermediate (CM) BCMBoK Competency Level BCMBoK 2: Risk Analysis & Review CL 2D: Intermediate (DR) (Source: Business Continuity Management Institute - BCM Institute)

2. Terms of reference by which the significance of risk is assessed.

Notes (1) : Risk criteria can include associated cost and benefits, legal and statutory requirements, socio-economic and environmental aspects, the concerns of stakeholders, priorities and other inputs to the assessment.

(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.37

4. Terms of reference against which the significance of a risk (Clause 3.19) is evaluated.

NOTES:

• Risk criteria are based on internal and external context, and are regularly reviewed to ensure

continued relevance.

• Risk criteria can be derived from standards, laws and policies.

(Source: AS/NZS 5050.1 Australian and New Zealand Standards for business continuity management.

Part 1: Business continuity management system specification)