ISO/IEC 31010

From Wikipedia, the free encyclopedia
Jump to: navigation, search

ISO/IEC 31010 is a standard concerning risk management codified by The International Organization for Standardization and The International Electrotechnical Commission (IEC). The full name of the standard is ISO.IEC 31010:2009 – Risk management – Risk assessment techniques.

Risk assessment steps[edit]

  • identifying the risk and the reason for its occurrence
  • identifying the consequences if the risk occurs
  • identifying the probability of the risk occurring once more
  • identifying factors that reduce the consequences or probability of the risk


The ISO 31010 standard supports the ISO 31000 standard. It supplies information as to the selection and application of risk assessment techniques.

Risk assessment and the risk management process[edit]

Risk assessment is part of the core elements of risk management defined in ISO 31000, which are:

  • communication and consultation
  • establishing the context
  • risk assessment (risk identification, risk analysis, risk evaluation)
  • risk treatment
  • monitoring and review

„Risk assessment is the overall process of risk identification, risk analysis and risk evaluation” (ISO 31010)

Risk can be assessed at any level of the company’s operations or goals.