Risk Criteria

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
1. Risk Criteria is the terms of reference (standards, measures, or expectations) used in making a judgement or a decision on the significance of risk to be assessed.
BL-B-5 Click to know more

Note: Risk Criteria may include:

  • Associated cost and benefits
  • Legal and statutory requirements
  • The concerns of stakeholders
BCM Institute's Professional Training and Certification
{
BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2B: Intermediate (BC)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2C: Intermediate (CM)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2D: Intermediate (DR)
Click to know more about expert level training

(Source: Business Continuity Management Institute - BCM Institute)

2. Terms of reference by which the significance of risk is assessed.

A Manager’s Guide to ISO 22301 Standard for Business Continuity Management System

Notes (1) : Risk criteria can include associated cost and benefits, legal and statutory requirements, socio-economic and environmental aspects, the concerns of stakeholders, priorities and other inputs to the assessment.

(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.37

3. Terms of reference against which the significance of a risk (2.1) is evaluated.

Notes (1) : Risk criteria are based on organizational objectives, and external (2.10) and internal context (2.11).

Notes (2) : Risk criteria can be derived from standards, laws, policies and other requirements.

[ISO Guide 73:2009, definition 3.3.1.3]

(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.22

4. Terms of reference against which the significance of a risk (Clause 3.19) is evaluated.

NOTES:

  • Risk criteria are based on internal and external context, and are regularly reviewed to ensure

continued relevance.

  • Risk criteria can be derived from standards, laws and policies.

(Source: AS/NZS 5050.1 Australian and New Zealand Standards for business continuity management.

Part 1: Business continuity management system specification)