Expert Advice Community

Guest

Vocalbulary

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Vocalbulary

"We have 2 terms for: ENGLISH: Risk evaluation, assesment risk (there is not glossary)
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

Guest
Guest post Jan 12, 2016
ESPAÑOL: evaluación de riesgos
What is the difference?
but we have another terms for : ENGLISH accountability, responsible
ESPAÑOL : responsabilidad
What is the difference? Please, can you help me explain how this use it?"

 

Answer:

I refer here to the ISO definitions (we gathered all risk related definitions from 31000, 27000 and old 27005 in the 2WD 27005).

1a risk evaluation
"process of comparing the results of risk analysis (3.10) with risk criteria (3.13) to determine whether the risk and/or its magnitude is acceptable or tolerable"
NOTE to entry 3.14 Risk evaluation assists in the decision about risk treatment.
[ISO Guide 73:2009, definition 3.7.1] »
1b risk assessment
"overall process of risk identification (3.15), risk analysis (3.10) and risk evaluation (3.14)"
[ISO Guide 73:2009, definition 3.4.1]
So, risk assessment is a ‘meta-process’ and risk evaluation is an activity/process part of risk assessment.
2. The term ‘Accountability’ isn’t much liked and we find it scarcely in the WG1 documents. It has a much wider meaning than ‘Responsibility’.
Responsibility is a generic term associated with a role, like telling which objectives should be reached. Accountability has a ‘financial and legal’ aspect; if the objectives are not met, the ‘responsible person’ my be asked to pay in money or with a legal suite.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016