Risk Assessment

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to: navigation, search
1. Risk Assessment is the overall process of risk identification, risk analysis and risk evaluation.
Risk Assessment as part of the ISO31000 Risk Management Framework

Related Terms: Risk Appetite, Risk Likelihood, Risk Impact, Risk Rating, Risk Level, Period of Disruption, Risk Analysis and Review.

Note: Risk Assessment is a process to show the assets, impact, likelihood of damage; estimate of the costs of recovery; summary of all possible control measures and their costs, and estimated probable savings from better protection.

Analysing And Reviewing The Risks For Business Continuity Planning BUY!
BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2B: Intermediate (BC)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2C: Intermediate (CM)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2D: Intermediate (DR)



Courses

(Source: Business Continuity Management Institute - BCM Institute)

Guidance Notes and Templates


2. Overall process of risk identification, risk analysis and risk evaluation.

Template:Source: ISO Guide 73

(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.50

3. Overall process of risk identification, analysis and evaluation.

(Source: AE/HSC/NCEMA 7000:2012)

4. Overall process of risk identification, analysis and evaluation.

Notes (1) : Risk assessment involves the process of identifying internal and external threats and vulnerabilities, identifying the likelihood of an event arising from such threats or vulnerabilities, defining critical functions necessary to continue the organization's operations, defining the controls in place necessary to reduce exposure, and evaluating the cost of such controls.

(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.35

5. Overall process of risk identification (2.15), risk analysis (2.21) and risk evaluation (2.24)

[ISO Guide 73:2009, definition 3.4.1]

(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.14

6. Process of identifying internal and external threats and vulnerabilities, identifying the likelihood of an event arising from such threats or vulnerabilities, defining the critical functions necessary to continue an organization’s operations, defining the controls in place or necessary to reduce exposure, and evaluating the cost for such controls.

(Source: ASIS International - ASIS International)


7. An overall process of risk identification, analysis and evaluation.

(Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management)

Quantitative Assessment

8. A form of assessment that analyzes the actual numbers and values involved. This type of methodology typically applies mathematical and statistical techniques and modeling.

(Source: Business Continuity Institute - BCI)

9. A form of assessment that analyzes the general structures and systems currently in place. A descriptive methodology, which typically involves risk mapping and risk matrices. These assessments do not involve detailed measurements.

(Source: Business Continuity Institute - BCI)