National foreword

This British Standard is the UK implementation of ISO 31073:2022.

The UK participation in its preparation was entrusted to Technical Committee RM/1, Risk management.

A list of organizations represented on this committee can be obtained on request to its committee manager.

Contractual and legal considerations

This publication has been prepared in good faith, however no representation, warranty, assurance or undertaking (express or implied) is or will be made, and no responsibility or liability is or will be accepted by BSI in relation to the adequacy, accuracy, completeness or reasonableness of this publication. All and any such responsibility and liability is expressly disclaimed to the full extent permitted by the law.

This publication is provided as is, and is to be used at the recipient’s own risk.

The recipient is advised to consider seeking professional guidance with respect to its use of this publication.

This publication is not intended to constitute a contract. Users are responsible for its correct application.

Compliance with a British Standard cannot confer immunity from legal obligations.

This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 March 2022.

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 262, Risk management.

Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.

Introduction

This document provides basic vocabulary to develop common understanding on risk management concepts and terms among organizations and functions, and across different applications and types.

In the context of risk management terminology applicable to risks faced by organizations, it is intended that preference be given to the definitions provided in this document.

Risk management is application specific. In some circumstances, it can therefore be necessary to supplement the vocabulary in this document. Where terms related to the management of risk are used in a standard, it is imperative that their intended meanings within the context of the standard are not misinterpreted, misrepresented or misused. The terminology in this document may need to be replaced by disciplinary-specific terminology where appropriate.

In addition to managing threats to the achievement of their objectives, organizations are increasingly applying risk management processes and developing an integrated approach to risk management in order to improve the management of potential opportunities. The terms and definitions in this document are, therefore, broader in concept and application than those contained in other documents. Since organizations increasingly adopt a broader approach to the management of risk, this document addresses all applications and sectors.

This vocabulary document represents the current focus of ISO/TC 262 on the management of risks faced by organizations.

This document encourages a mutual and consistent understanding of, and a coherent approach to, the description of activities related to the management of risk, and the use of a uniform risk management terminology in processes and frameworks dealing with the management of the risks faced by organizations.

This document is intended to be used by:

those engaged in managing risks;
those who are involved in activities of the ISO and IEC;
developers of national or sector-specific standards, guides, procedures and codes of practice related to the management of risk.

For principles and guidelines on risk management, see ISO 31000:2018.

1 Scope

This document defines generic terms related to the management of risks faced by organizations.

2 Normative references

3 Terms and definitions

3.1 Terms related to risk

3.2 Terms related to risk management

3.3 Terms related to the risk management process

Bibliography

BS ISO 31073:2022

Risk management. Vocabulary

Current

Published:

31 Mar 2022