| 1. Risk Management or RM is the ongoing process of assessing the risk to mission/business as part of a risk-based approach used to determine adequate security for a system by analyzing the threats and vulnerabilities and selecting appropriate, cost-effective controls to achieve and maintain an acceptable level or risk.
(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.51
3. Coordinated activities to direct and control an organization with regard to risk.
Notes (1) : Risk management generally includes risk assessment, risk treatment, risk acceptance and risk communication.
(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.38
(Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management)
5. The culture, processes and structures that are put in place to effectively manage potential opportunities and adverse effects. As it is not possible or desirable to eliminate all risk, the objective is to implement cost effective processes that reduce risks to an acceptable level, reject unacceptable risks and treat risk by financial interventions i.e. transfer other risks through insurance or other means, or by organisational intervention i.e. BCM.
(Source: Business Continuity Institute - BCI)
6. The culture,processes and structures that are directed towards realising potential opportunities while managing adverse effects.
(Source: HB 221:2004 Business Continuity Management)
7. The culture,processes and structures that are directed towards the effective management of potential opportunities and adverse effects.
(Source: Australia. A Practitioner's Guide to Business Continuity Management HB292 - 2006 )
8. The identification,selection and adoption of countermeasures justified by the identified risks to assets in terms of their potential impact upon services if failure occurs,and the reduction of those risks to an acceptable level.