Difference between revisions of "Residual Risk"

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
|-
 
|-
 
| '''1.''' Residual Risk is the remaining [[Risk|risk]] which cannot be defined in more detail after elimination or inclusion of all conceivable quantified [[Risk|risks]] in a [[Risk|risk]] consideration.  
 
| '''1.''' Residual Risk is the remaining [[Risk|risk]] which cannot be defined in more detail after elimination or inclusion of all conceivable quantified [[Risk|risks]] in a [[Risk|risk]] consideration.  
 +
{{Template:BL-BCM-5Banner}}
  
 
'''Notes''': Residual risk is the level of uncontrolled risk remaining after the [[Risk_Treatment|risk treatment]].  
 
'''Notes''': Residual risk is the level of uncontrolled risk remaining after the [[Risk_Treatment|risk treatment]].  
{{Template:BL-BCM-5Banner}}
 
  
 
'''Related Terms''': [[Risk_Acceptance|Risk Acceptance]], [[Risk_Treatment|Risk Treatment]], [[Risk_Tolerance|Risk Tolerance]]
 
'''Related Terms''': [[Risk_Acceptance|Risk Acceptance]], [[Risk_Treatment|Risk Treatment]], [[Risk_Tolerance|Risk Tolerance]]
 
+
<br><br>
 
{{Template:BCM Course}}
 
{{Template:BCM Course}}
{{BcmBoK 2 CL 2B}}<br/> <br/> {{BcmBoK 2 CL 2C}}<br/> <br/> {{BcmBoK 2 CL 2D}}
+
{{BcmBoK 2 CL 2B}}<br><br>
 
+
{{BcmBoK 2 CL 2C}}<br><br>
 +
{{BcmBoK 2 CL 2D}}
  
 
{{Template:BLCoursesBanner}}
 
{{Template:BLCoursesBanner}}
Line 21: Line 22:
 
{{ISO 22399 Source}} - clause 3.30
 
{{ISO 22399 Source}} - clause 3.30
  
{| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px"
+
 
|-
+
'''3.''' Risk (2.1) remaining after risk treatment (2.25)  
| '''3.''' Risk (2.1) remaining after risk treatment (2.25)  
+
 
 
'''''Notes (1)'''''&nbsp;: Residual risk can contain unidentified risk.
 
'''''Notes (1)'''''&nbsp;: Residual risk can contain unidentified risk.
  
Line 32: Line 33:
 
{{ISO 31000 Source}} - clause 2.27
 
{{ISO 31000 Source}} - clause 2.27
  
|}
 
  
 
'''4.''' The level of uncontrolled [[Risk|risk]] remaining after all cost-effective actions have been taken to lessen the [[Impact|impact]] and [[Probability|probability]] of a specific [[Risk|risk]] or group of [[Risk|risks]], subject to the [[Organization|organizations]] [[Risk|risk]] appetite.
 
'''4.''' The level of uncontrolled [[Risk|risk]] remaining after all cost-effective actions have been taken to lessen the [[Impact|impact]] and [[Probability|probability]] of a specific [[Risk|risk]] or group of [[Risk|risks]], subject to the [[Organization|organizations]] [[Risk|risk]] appetite.

Latest revision as of 15:29, 29 October 2020

1. Residual Risk is the remaining risk which cannot be defined in more detail after elimination or inclusion of all conceivable quantified risks in a risk consideration.

Notes: Residual risk is the level of uncontrolled risk remaining after the risk treatment.

Related Terms: Risk Acceptance, Risk Treatment, Risk Tolerance

BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2B: Intermediate (BC)


BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2C: Intermediate (CM)


BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2D: Intermediate (DR)

(Source: Business Continuity Management Institute - BCM Institute)

2. Risk remaining after risk treatment.

(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.30


3. Risk (2.1) remaining after risk treatment (2.25)

Notes (1) : Residual risk can contain unidentified risk.

Notes (2) : Residual risk can also be known as “retained risk”.

[ISO Guide 73:2009, definition 3.8.1.6]

(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.27


4. The level of uncontrolled risk remaining after all cost-effective actions have been taken to lessen the impact and probability of a specific risk or group of risks, subject to the organizations risk appetite.

(Source: Business Continuity Institute - BCI)