Risk Criteria

1. Risk Criteria is the terms of reference (standards, measures, or expectations) used in making a judgement or a decision on the significance of risk to be assessed.

Note: Risk Criteria may include:

Associated cost and benefits
Legal and statutory requirements
The concerns of stakeholders

{

	BCMBoK	Competency Level
	BCMBoK 2: Risk Analysis & Review	CL 2B: Intermediate (BC)

	BCMBoK	Competency Level
	BCMBoK 2: Risk Analysis & Review	CL 2C: Intermediate (CM)

	BCMBoK	Competency Level
	BCMBoK 2: Risk Analysis & Review	CL 2D: Intermediate (DR)

(Source: Business Continuity Management Institute - BCM Institute)

2. Terms of reference by which the significance of risk is assessed.

Notes (1) : Risk criteria can include associated cost and benefits, legal and statutory requirements, socio-economic and environmental aspects, the concerns of stakeholders, priorities and other inputs to the assessment.

(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.37

3. Terms of reference against which the significance of a risk (2.1) is evaluated.

Notes (1) : Risk criteria are based on organizational objectives, and external (2.10) and internal context (2.11).

Notes (2) : Risk criteria can be derived from standards, laws, policies and other requirements.

[ISO Guide 73:2009, definition 3.3.1.3]

(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.22

4. Terms of reference against which the significance of a risk (Clause 3.19) is evaluated.

NOTES:

Risk criteria are based on internal and external context, and are regularly reviewed to ensure

continued relevance.

Risk criteria can be derived from standards, laws and policies.

(Source: AS/NZS 5050.1 Australian and New Zealand Standards for business continuity management.

Part 1: Business continuity management system specification)

Risk Criteria

Navigation menu

Search