I wonder if there is anyone on here who can clear up some of these matters, or maybe someone who has a contact within ISO. I'd really like to know how ISO 31000 relates to the 27000 series in particular given that they are both at the heart of risk management.
Is there anyone within ISO who might be prepared to respond on this I wonder? I don't expect so, but I am more than happy to contact them and report back if anyone has a name.
You can try
Nicki Dennis
Head of Market Development
Risk, Quality, Health & Safety, Security & Fire
British Standards Institution
[email protected]
I agree that that ISO 31000 is not clearly defined, but to me, most ISO Standards deal with specific sub-sets of risk. For example, 27000 deals with risks associated with information security, 14000 deals with environmental risks, 28000 deals with supply chain security risks.
The risk portfolio of each organization is unique. The little that I found out about ISO 31000 is an attempt to address the risk portfolio, in a holistic and balanced manner. Others, including my current employer, refer to this as Enterprise Risk Management. Helping organizations understand their risk exposures and improve the balance between risk adversity and conscious risk taking. I hope that is the direction ISO 31000 gets developed.