Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

ISO 31000:2018 Risk Management System, Framework and Implementation

Sanjay Gore, Principal Consultant, Alvin Integrated Service [AIS]

  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

ISO 31000:2018 Risk Management System, Framework and Implementation

  1. 1. Contact us: info@alvinintegrated.com | +91 8802 505619, +91 8287509289 | www.alvinintegrated.com Platinum Sponsor OUR SPONSORS & PARTNERS Event Partner www.alvinintegrated.com Knowledge Partners 27th FEB 2021 (SATURDAY) 09:00 AM - 17:30 PM IST
  2. 2. ISO 31000:2018 Risk Management System, Framework and Implementation 27th February 2021 (Saturday) Time: 09:05 am - 09:30 am IST ISO 31000:2018 By Sanjay Gore, Principal Consultant, Alvin Integrated Service [AIS]
  3. 3. Speaker Introduction: Mr. Sanjay Gore hails from Pune, Maharashtra, India, is a Senior Consultant and Speaker on Information Security, Risk Management and Privacy. He has rich experience of 20 years in working with customers in India, Middle East at top management level, business owners and technical team members for securing and deploying information security and risk management and privacy solutions. He holds professional designations such as: ISO-27001-LA, ISO 27005- RM, CDPSE CPISI, CRMA, CISA, and CRISC. He is certified Trainer in 27001 and 27005. Connect at LinkedIn: Sanjay Gore – LinkedinProfile Subscribe at YouTube: Sanjay Gore – youtubechannel Mr Sanjay Gore ISO-27001-LA, ISO 27005- RM, CDPSE CPISI, CRMA, CISA, and CRISC | Certified Trainer in 27001 and 27005 | Pune, Maharashtra – India
  4. 4. Risk Opportunity or Threat?? 4 Threat 1. Find a way to avoid the risk 2. Find a way to transfer to another party ( Insurance, Contract conditions) 3. Find a way to mitigate the risk reducing probability or severeness Opportunity 1. Exploit the opportunity 2. Share with another party 3. Enhance by increasing the effect or the probability Accept Do nothing Risk
  5. 5. Edifice of ISO 31000:2018 ISO 31000:2018 The principles provide the foundation and describe the qualities of effective risk management in an organization Principles ISO 31000:2018 Framework The framework manages the overall process and its full integration into the organization ISO 31000:2018 Process The process focuses on individual or groups of risks, their identification, analysis, evaluation and treatment 5
  6. 6. ISO 31000:2018 Scope of Document 6 1. Managing risk faced by organizations. 2. The application of these guidelines can be customized on any organization and its context. 3. This document provides a common approach to managing any type of risk and is not industry or sector specific 4. This document can be used throughout the life of the organization and can be applied to any activity, including decision making
  7. 7. ISO 31000 Concepts, Terms and Definitions- 7 1. Risk is an effect of uncertainty on objectives 2. An effect is a deviation from the expected. 3. It can be positive, negative or both, and can address, create or result in opportunities and threats. 4. Objectives can have different aspects and categories, and can be applied at different levels. 5. Risk is usually expressed in terms of • Risk Sources • Potential Events • Their Consequences • Their Likelihood Risk
  8. 8. ISO 31000 Concepts, Terms and Definitions- 8 • Event occurrence or change of a particular set of circumstances • An event can have one or more occurrences, and can have several causes and several consequences • An event can also be something that is expected which does not happen, or something that is not expected which does happen. • An event can be a risk source. Event
  9. 9. ISO 31000 Concepts, Terms Definitions- 9 • Consequence is an outcome of an event affecting objectives • A consequence can be certain or uncertain and can have positive or negative direct or indirect effects on objectives. • Consequences can be expressed qualitatively or quantitatively. • Any consequence can escalate through cascading and cumulative effects. Consequence
  10. 10. ISO 31000 Concepts, Terms and Definitions- 10 • Likelihood is chance of something happening • In risk management terminology, the word “likelihood” is used to refer to the chance of something happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively, and described using general terms or mathematically (such as a probability or a frequency over a given time period). The English term “likelihood” does not have a direct equivalent in some languages; instead, the equivalent of the term “probability” is often used. However, in English, “probability” is often narrowly interpreted as a mathematical term. Therefore, in risk management terminology, “likelihood” is used with the intent that it should have the same broad interpretation as the term “probability” has in many languages other than English. Likelihood
  11. 11. ISO 31000 Concepts, Terms and Definitions- 11 Control measure that maintains and/or modifies risk • Controls include, but are not limited to, any process, policy, device, practice, or other conditions and/or actions which maintain and/or modify risk. • Controls may not always exert the intended or assumed modifying effect. Control
  12. 12. ISO 31000:2018 Risk Management Principles 12 1. Integrated 2. Structured and comprehensive 3. Customized 4. Inclusive 5. Dynamic 6. Best available information 7. Human and cultural factors 8. Continual improvement Value Creation and Protection
  13. 13. Continuous improvement Continuous improvement means that organizations are in a constant state of driving process improvements. This involves a focus on linear and incremental improvement within existing processes. Continual improvement A continual improvement mean that organizations go through process improvements in stages. Even and these stages are separate by a period of time. This period of time might be necessary to understand if the improvements did actually help the bottom line! In some cases, the results might take a while to come to fruition. Principles - Continual improvement 13
  14. 14. Risk Management Framework 1. Integration 2. Design 3. Implementation 4. Evaluation 5. Improvement 14 1 2 3 4 5 Leadership and Commitment
  15. 15. Risk Management Process 15 Scope Context Criteria Risk Treatment Recording and Reporting Communication and Consultation Monitoring and Review Risk Assessment Risk Identification Risk Analysis Risk Evaluation
  16. 16. Process Defining Scope When planning the approach, considerations include 1. Objectives and decisions that need to be made 2. Outcomes expected from the steps to be taken in the process 3. Time, location, specific inclusions and exclusions 4. Appropriate risk assessment tools and techniques 5. Resources required, responsibilities and records to be kept 6. Relationships with other projects, processes and activities. 16
  17. 17. Process Defining Risk Criteria To set risk criteria, the following should be considered 1. The nature and type of uncertainties that can affect outcomes and objectives (both tangible and intangible) 2. How consequences (both positive and negative) and likelihood will be defined and measured 3. Time-related factors 4. Consistency in the use of measurements 5. How the level of risk is to be determined 6. How combinations and sequences of multiple risks will be taken into account 7. The organization’s capacity 17
  18. 18. Process Selection of Risk Treatment Options Depending on the type of risk and its significance to the business, management and the board may 1. Avoid- e.g., where feasible, choose not to implement certain activities or processes that would incur risk (i.e., eliminate the risk by eliminating the cause) 2. Mitigate lessen the probability or impact of the risk by defining, implementing, and monitoring appropriate controls. 3. Transfer (deflect, or allocate}-e.g.; share risk with partners or transfer via insurance coverage, contractual agreement, or other means. 4. Accept- formally acknowledge the existence of the risk and monitor it 18
  19. 19. A few Risk Assessment Tools/ Techniques • Brainstorming • Delphi Technique • Checklists • Root Cause Analysis • Failure Mode Effect Analysis (FMEA ) And FMECA • Fault Tree Analysis (FTA) • Hazard Analysis (PHA) • Scenario analysis • Layers of protection analysis (LOPA) • Decision Tree Analysis • Monte Carlo simulation 19
  20. 20. Questions are Welcome!
  21. 21. Please give your feedbacks in the chat box about the webinar.