ISO/IEC 31010 is a standard concerning risk management codified by The International Organization for Standardization and The International Electrotechnical Commission (IEC). The full name of the standard is ISO.IEC 31010:2019 – Risk management – Risk assessment techniques.
Risk assessment steps
- identifying the risk and the reason for its occurrence
- identifying the consequences if the risk occurs
- identifying the probability of the risk occurring once more
- identifying factors that reduce the consequences or probability of the risk
Scope
The ISO 31010 standard supports the ISO 31000 standard. It supplies information as to the selection and application of risk assessment techniques.
Risk assessment and the risk management process
Risk assessment is part of the core elements of risk management defined in ISO 31000, which are:
- communication and consultation
- establishing the context
- risk assessment (risk identification, risk analysis, risk evaluation)
- risk treatment
- monitoring and review
„Risk assessment is the overall process of risk identification, risk analysis and risk evaluation” (ISO 31010)
Risk can be assessed at any level of the company’s operations or goals.
Risk assessment techniques
There are 31 risk assessment techniques listed on Annex B of ISO/IEC 31010.
- Brainstorming
- Structured or semi-structured interviews
- Delphi method
- Checklist
- Preliminary hazard analysis (PHA)
- Hazard and operability study (HAZOP)
- Hazard analysis and critical control points (HACCP)
- Toxicity assessment
- Structured What If Technique (SWIFT)
- Scenario analysis
- Business impact analysis
- Root cause analysis
- Failure mode and effects analysis (FMEA)
- Fault tree analysis
- Event tree analysis
- Cause and consequence analysis
- Cause-and-effect analysis
- Layer protection analysis (LOPA)
- Decision tree
- Human reliability analysis (HRA)
- Bow tie analysis
- Reliability centered maintenance
- Sneak circuit analysis
- Markov analysis
- Monte Carlo simulation
- Bayesian statistics and Bayes nets
- FN curve
- Risk index
- Risk Matrix
- Cost/benefit analysis
- Multi-criteria decision analysis (MCDA)
