ISO 31000 provides guidance on how an organization can take a systematic approach to achieve control of risks that the organization considers to be risk-bearing based on the best available information. Actual and potential positive and negative risks are identified, analyzed, evaluated and managed with the aim of controlling or being prepared for the risks the organization prioritizes in a risk management plan. While managing risks, the organization can change the probability of occurrence, reduce consequence by compartmentalizing risks, or eliminate sources of risk by removing risk factors or reducing their presence. Risk management is an ongoing process with routines for continuous monitoring of identified and emerging risks.
Risk management is an integral part of the new ISO 9001:2015, ISO 14001:2015, ISO 45001 (OHSAS 18001) and is used in connection with the new Personal Data Regulation.
