Business Continuity planning BCM and risk management and ISO31000.

Business Continuity planning BCM and risk management and ISO31000.

Business Continuity planning BCM and risk management and ISO31000.
 Business Continuity planning BCM and risk management and ISO31000. 

Business Continuity planning BCM & risk management    
1.Secure executive sponsorship for BCM   
2.Conduct a comprehensive assessment of your business resilience posture   
3. Elevate the BCM discussion to the enterprise risk management level As for risk management
Identify, record and monitor risks, hazards and non-conformances. Configure workflows for intra-organisation variance in risk, hazard and non-conformance  management. Configure risk assessment templates for immediate global distribution and use by specific or all operational sites. Seamless corrective and preventative action management allows you to allocate mitigating  actions to reduce probability or impact of risks, hazards and non-conformances.  Reporting &  Advanced Analytics allow powerful risk analysis and trending across locations or regions.    
Download Also:
Optional Anonymous Whistleblowing integration allows risk, hazard and non-conformance  reporting to improve reporting of risk where backlash may be a factor in the withholding of  proactive risk reporting across the organisation.   In the same context : Risk management is the identification, assessment, and prioritization of risks (defined in ISO  31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of  unfortunate events or to maximize the realization of opportunities.  
Risks can come from uncertainty in financial markets, threats from project failures (at any  phase in design, development, production, or sustainment life-cycles), legal liabilities, credit  risk, accidents, natural causes and disasters as well as deliberate attack from an adversary, or  events of uncertain or unpredictable root-cause.   Several risk management standards have been developed including the Project Management  Institute, the National Institute of Standards and   Technology, actuarial societies, and ISO standards.
Methods, definitions and goals vary widely according to whether the risk management  method is in the context of project management, security, engineering, industrial processes,  financial portfolios, actuarial assessments, or public health and safety.  Finally helping in achieving the ISO 31000  Using ISO 31000 can help organizations increase the likelihood of achieving objectives,  improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.  However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programmes. 
Organizations using it can compare their risk management practices with an internationally recognized benchmark.   providing sound principles for effective management and corporate governance.  Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs  of a specific organization, its particular objectives, context, structure, operations,  processes, functions, projects, products, services, or assets and specific practices  employed.  
It is intended that ISO 31000:2009 be utilized to harmonize risk management processing  existing and future standards.   It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.  The revision of ISO 31000 on risk management has started  ISO GUIDE 73 was prepared by the ISO Technical Management Board Working Group on risk management. This first edition of  ISO GUIDE 73 cancels and replaces ISO/IEC Guide 73:2002 which has been technically revised.  
This Guide provides basic vocabulary to develop common understanding on risk management concepts and terms among organizations and functions, and across different applications and types  This Guide is generic and is compiled to encompass the general field of risk management. 

The terms are arranged in the following order:
  • terms relating to risk;  
  • terms relating to risk management
  • terms relating to the risk management process
  • terms relating to communication and consultation 
  • terms relating to the context
  • term relating to risk assessment
  • terms relating to risk identification
  • terms relating to risk analysis
  • terms relating to risk evaluation
  • terms relating to risk treatment
  • terms relating to monitoring and measurement.


This Guide provides the definitions of generic terms related to risk management. It aims to encourage a mutual and consistent understanding of, and a coherent approach to, the description of activities relating to the management of risk, and the use of uniform risk management terminology in processes and frameworks dealing with the  management of risk.
This Guide is intended to be used by:   
  • those engaged in managing risks, 
  • those who are involved in activities of ISO and IEC, and   
  • developers of national or sector-specific standards, guides, procedures and codes of practice relating to the management of risk
Related Topics:
The Author: Ala'a Elbeheri
                                          Ala'a Elbeheri
A versatile and highly accomplished senior certified IT risk management Advisor and Senior IT Lead Auditor with over 20 years of progressive experience in all domains of ICT.  
• Program and portfolio management, complex project management, and service delivery, and client    relationship management.      
• Capable of providing invaluable information while making key strategic decisions and spearheading customer-centric projects in IT/ICT in diverse sectors.    
• Displays strong business and commercial acumen and delivers cost-effective solutions contributing to financial and operational business growth in international working environments.      
• Fluent in oral and written English, German, and Arabic with an Professional knowledge of French.  
• Energetic and dynamic relishes challenges and demonstrates in-depth analytical and strategic ability to facilitate operational and procedural planning.  
• Fully conversant with industry standards, with a consistent track record in delivering cost-effective strategic solutions.    
• Strong people skills, with proven ability to build successful, cohesive teams and interact well with individuals across all levels of the business. Committed to promoting the ongoing development of IT skills  throughout an organization

Post a Comment

Previous Post Next Post