Featured Video
This Week in Quality Digest Live
Risk Management Features
Andreas Engelhardt
ISO 45001 marks a significant step in the overall effort to improve OH&S standards worldwide
Anthony Chirico
Procedure doesn’t allow nonconforming units in the sample, has superior detection capabilities
Anthony Chirico
In the politically correct world of PPM defective, MIL-STD-105 is a misunderstood and misapplied specification
Dan Jacob
It’s a once-in-a-career opportunity to lead quality and safety transformation
Anthony Chirico
We keep trying to find the needle in a haystack

More Features

Risk Management News
Transforming a dysfunctional industry
An invite from Alcon Laboratories
Why not be the one with your head lights on while others are driving in the dark?
The FDA wants medical device manufactures to succeed, new technologies in supply chain managment
The audit solution provides 360-degree, real-time visibility into nonconformance status and completion
Preparing your organization for the new innovative culture
Standard recognizes that everyone is critical to a successful quality management process.
Pharma quality teams will have performance-oriented objectives as well as regulatory compliance goals

More News


Risk Management

New ISO/IEC Standard on Risk Assessment

New publication complements risk management toolbox.

Published: Thursday, January 28, 2010 - 12:28

(ISO: Geneva) -- Two recently published ISO standards on risk management have just been joined by a third on risk assessment techniques. Together, they provide organizations of all types with a well-stocked toolbox for tackling situations that could affect the achievement of their objectives.

ISO/IEC 31010:2009—“Risk management—Risk assessment techniques,” has been developed jointly by ISO and its partner, the International Electrotechnical Commission (IEC).

Risks affecting organizations may have consequences in terms of environmental, technological, safety, and security outcomes, as well as social, cultural, and political influence.

When risks occur, organizations always have to ask the question, “Is the level of risk tolerable or acceptable; and does it require further treatment?"

Risk assessment is an integral part of risk management, which provides a structured process for organizations to identify how objectives may be affected. It is used to analyze the risk in terms of consequences and their probabilities, before the organization decides whether further treatment is required.

Risk assessment provides decision makers and responsible parties with an improved understanding of risks that could affect achievement of objectives, as well as of the adequacy and effectiveness of controls already in place. The standard provides a basis for decision about the most appropriate approach to be used to treat particular risks and to select between options.

ISO/IEC 31010:2009 will assist organizations in implementing the risk management principles and guidelines provided by the recently published ISO 31000:2009—“Risk management—Principles and guidelines,” itself complemented by ISO Guide 73:2009—“Risk management—Vocabulary.” The latest standard deals with:

  • Risk assessment concepts
  • Risk assessment process
  • Selection of risk assessment techniques


The standard reflects current good practice and answers the following questions:

  • What can happen and why?
  • What are the consequences?
  • What is the probability of their future occurrence?
  • Are there any factors that mitigate the consequences of the risk or that reduce the probability of the risk?


The application of a range of techniques is introduced, with specific references to other international standards where the concept and application of techniques are described in greater detail. Risk assessment is not a stand-alone activity and should be fully integrated into the other components in the risk management process.

“ISO/IEC 31010 has been developed for application by both the risk management novice and the seasoned risk professional. It forms part of an integrated risk management structure of standards, developed with a view to providing a ‘best practice’ approach,” comments Eric Mahy, project leader of the standard.

ISO/IEC 31010:2009 has been prepared by IEC technical committee 56, “Dependability” together with the ISO technical management board’s risk management working group.

For more information, visit www.iso.org.


About The Author

ISO’s picture


The International Organization for Standardization (ISO) is the world’s largest developer and publisher of international standards. ISO is a network of the national standards institutes of 162 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system. ISO is a nongovernmental organization that forms a bridge between the public and private sectors. ISO enables a consensus to be reached on solutions that meet both the requirements of business and the broader needs of society. View the ISO Standards list.