Most organizations have a very diversified risk portfolio. Unknown by most Covers, ISO 31000 is being developed to address a comprehensive and holistic approach to Risk Management. Scheduled for a 2009 release.
ISO 31000 - Enterprise Risk Management Standard
- Thread starter Sidney Vianna
- Start date
I
ISOgal2
Not to mention ISO 27000, and in particular the proposed ISO 27005 security risk management standard, which has been on the table for a long time.
This is rather confusing, isn't it.
I
ISOgal2
I went searching Google on this topic. It looks like I am not the only one who is confused by the numbering here.
I wonder if there is anyone on here who can clear up some of these matters, or maybe someone who has a contact within ISO. I'd really like to know how ISO 31000 relates to the 27000 series in particular given that they are both at the heart of risk management.
Is there anyone within ISO who might be prepared to respond on this I wonder? I don't expect so, but I am more than happy to contact them and report back if anyone has a name.
I wonder if there is anyone on here who can clear up some of these matters, or maybe someone who has a contact within ISO. I'd really like to know how ISO 31000 relates to the 27000 series in particular given that they are both at the heart of risk management.
Is there anyone within ISO who might be prepared to respond on this I wonder? I don't expect so, but I am more than happy to contact them and report back if anyone has a name.
You can try
Nicki Dennis
Head of Market Development
Risk, Quality, Health & Safety, Security & Fire
British Standards Institution
[email protected]
I agree that that ISO 31000 is not clearly defined, but to me, most ISO Standards deal with specific sub-sets of risk. For example, 27000 deals with risks associated with information security, 14000 deals with environmental risks, 28000 deals with supply chain security risks.
The risk portfolio of each organization is unique. The little that I found out about ISO 31000 is an attempt to address the risk portfolio, in a holistic and balanced manner. Others, including my current employer, refer to this as Enterprise Risk Management. Helping organizations understand their risk exposures and improve the balance between risk adversity and conscious risk taking. I hope that is the direction ISO 31000 gets developed.
I
ISOgal2
Thanks for that. I will follow it up and post back if I find anything further.
It does sound like your perspective is probably correct. It would be nice to have confirmation though.
Thanks again.
It does sound like your perspective is probably correct. It would be nice to have confirmation though.
Thanks again.
Anyway the Target publication date os ISO 31000, is still 2009-06-30!
And the DIS version is still being sold for 64 Swiss Francs.
http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=43170
And the DIS version is still being sold for 64 Swiss Francs.
http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=43170
I realize that this isn't the latest draft, but the committee draft of ISO 31000 is still available for download from NSAI here: http://web.archive.org/web/20071221...ds/file/N047_Committee_Draft_of_ISO_31000.pdf
The committee draft of ISO/IEC Guide 73 (Risk Management – Vocabulary) is also available here: http://web.archive.org/web/20071221.../N048_Committee_Draft_of_ISO_IEC_Guide_73.pdf
Both are linked from this page: http://web.archive.org/web/20071221...area/news/action/article/information/ISO31000
The committee draft of ISO/IEC Guide 73 (Risk Management – Vocabulary) is also available here: http://web.archive.org/web/20071221.../N048_Committee_Draft_of_ISO_IEC_Guide_73.pdf
Both are linked from this page: http://web.archive.org/web/20071221...area/news/action/article/information/ISO31000
Last edited:
Similar threads
