What is the exact difference between Risk and Opportunity in context of ISO 27001?

P

patkim

Registered Visitor
#1
#1
Hi All,
ISO 27001:2013 defines planning for Risks and Opportunities. It's bit confusing to understand Opportunity as a positive risk.
Unfortunately there's no documented definition of Opportunity available in ISO 27000 vocabulary.

Can someone help me understand the exact difference between Risk and Opportunity in the context of ISO 27001, preferably in layman terms?
Thanks and regards.
 
A

AndyN

A problem shared...
Staff member
Super Moderator
#2
#2
Risk is the effect of uncertainty (on something).

Opportunity might be, for example, to adopt "Industry 4.0" in a business. Using robots, big data, virtual reality, and so on may save an organization millions... but there's risk involved!
 
P

patkim

Registered Visitor
#3
#3
Thanks for the clarity. When ISMS standard says Identify Risk and Opportunities, are the two supposed to be interrelated or can they be independent?
Can a Risk mitigation lead to an Opportunity or can I just independently identify say adoption of Industry 4.0 as an opportunity?
 
John Broomfield

John Broomfield

Staff member
Super Moderator
#4
#4
As with every other part of your system they are linked. Indeed, the interactions between opportunity and risk are fundamental to the success of your organization working as a system of interacting parts to fulfill its purpose or mission.
 
A

AndyN

A problem shared...
Staff member
Super Moderator
#6
#6
patkim said:
Thanks for the clarity. When ISMS standard says Identify Risk and Opportunities, are the two supposed to be interrelated or can they be independent?
Can a Risk mitigation lead to an Opportunity or can I just independently identify say adoption of Industry 4.0 as an opportunity?
Click to expand...
They can be related. With some (business) opportunities, there may be risk. Conversely, not all risks are associated with opportunities.
 
S

smohanarangan

Starting to get Involved
#7
#7
patkim said:
Thanks for the clarity. When ISMS standard says Identify Risk and Opportunities, are the two supposed to be interrelated or can they be independent?
Can a Risk mitigation lead to an Opportunity or can I just independently identify say adoption of Industry 4.0 as an opportunity?
Click to expand...
Wherever there is risk you have opportunity to mitigate it. Opportunities can also be collected from various other inputs like audit finding especially on suggestion for improvement and also ideas that taken in for continual improvements.
 
John Broomfield

John Broomfield

Staff member
Super Moderator
#8
#8
Usually the bigger opportunities are taken to realize the purpose of the organization. In doing this organizations are planning to determine what is likely to impede their progress. They then take action to mitigate these risks.

Opportunities come with risks.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
D What is the exact Temperature Coefficient Value to be set on a Conductivity Meter? General Measurement Device and Calibration Topics 3
shrutisancheti Exact Classification for Trans Radial Compression Device per EU directive 93/42/EEC EU Medical Device Regulations 2
C Do titles that are called out in processes and procedures have to be exact? Document Control Systems, Procedures, Forms and Templates 3
C Calibration Dates - Exact day or end of month? General Measurement Device and Calibration Topics 24
L Control Plan vs. Inspection Plan - What exactly is the difference FMEA and Control Plans 5

Similar threads


Top Bottom