Difference between revisions of "Risk Treatment"
Line 14: | Line 14: | ||
'''''Note (1)''': [[Risk Reduction]] is used as a preferred term to Risk Termination or [[Risk Mitigation]]. | '''''Note (1)''': [[Risk Reduction]] is used as a preferred term to Risk Termination or [[Risk Mitigation]]. | ||
− | '''''Note (2)''': Often, there will be [[Residual Risk| residual risk]] which cannot be | + | '''''Note (2)''': Often, there will be [[Residual Risk| residual risk]] which cannot be removed totally as it is not cost-effective to do so, hence, the acceptance of risk. |
'''''Note (3)''': [[Risk Acceptance]] is sometimes referred to as Risk Tolerance.'' | '''''Note (3)''': [[Risk Acceptance]] is sometimes referred to as Risk Tolerance.'' | ||
+ | |||
+ | '''''Note (4)''': The highest rated risks should be addressed as a matter of urgency | ||
[[Image:3D BCM Series Analyzing and Reviewing in the context of BCM Books.jpg|thumb|left|140px|Analysing And Reviewing The Risks For Business Continuity Planning [http://store.bcm-institute.org/books/bcm-specialist-series BUY!]]] | [[Image:3D BCM Series Analyzing and Reviewing in the context of BCM Books.jpg|thumb|left|140px|Analysing And Reviewing The Risks For Business Continuity Planning [http://store.bcm-institute.org/books/bcm-specialist-series BUY!]]] | ||
Line 70: | Line 72: | ||
*retaining the risk by informed decision. | *retaining the risk by informed decision. | ||
− | '''''Notes (2)''''' : Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk | + | '''''Notes (2)''''': Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk |
elimination”, “risk prevention” and “risk reduction”. | elimination”, “risk prevention” and “risk reduction”. | ||
Revision as of 07:15, 5 June 2018
2. Process of selection and implementation of measures to modify risk.
Notes (1) : The term “risk treatment” is sometimes used for the measures themselves.
Notes (2) : Risk treatment measures can include avoiding, optimizing, transferring or retaining risk.
(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.42
- avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
- taking or increasing risk in order to pursue an opportunity;
- removing the risk source (2.16);
- changing the likelihood (2.19);
- changing the consequences (2.18);
- sharing the risk with another party or parties (including contracts and risk financing); and
- retaining the risk by informed decision.
4. The selection and implementation of appropriate options for dealing with risk.
(Source: Singapore Standard 540 - SS 540:2008)
5. The selection and implementation of relevant options for managing risk. The key treatments include:
(Source: Business Continuity Institute - BCI) 6. A systematic process of deciding which risks can be eliminated or reduced by remedial action and which must be tolerated. (Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary) |