| 26. RMS
02. ISO 31000 Standard | |
|---|
| ISO 31000 Risk Management Standard (RMS): | | 1. Compliance with ISO 31000 Risk Management Standard is used by the Risk Manager using this Risk Management Service. | | 2. Risk Management management objectives include:- | | (1) To avoid the risk by deciding not to continue with the activity that gives rise to the risk. | | (2) To accept or increasing a known risk to pursue a greater business opportunity. | | (3) To remove the source of the risk. | | (3) To reduce the possibility of the risk having negative consequences. | | (3) To change the consequences of the risk. | | (3) To share the risk with other parties such as risk financing and marginal costing. | | (3) To retain the risk based on an informed decision. | | 3. ISO 31000 is applicable to all industry sectors as a generalised way to document and manage risks by all stakholders. |
| 2. Glossary of Terms: | | RM means Risk Manager as the person responsible. | | RMS means Risk Management Standard as ISO 31000 and associated family of standards. | | Risk is a concept that can have positive as well as negative consequences. Insurance is a kind of risk management. |
| Risk Management Service - Chapters: | | 1. Introduction to identify the nature roles of the parties involved. | | 2. Executive Summary as a summary of the key provisions deployed. | | 3. Glossary of the terms used to manage the BCMS. | | 4. Context of the Organisation to identify the parties and responsibilities. | | 5. Leadership as how qualified experts working with external auditors build and maintain compliance. | | 6. Planning to identify what can go wrong at the infrastructure and personal level. | | 7. Support to ensure that lines of communication are adequate when faced with physical disasters. | | 8. Operation to ensure that bespoke application services do not stop and cannot be stopped. | | 9. Performance Evaluation to audit with the help of the best industry experts in the world to identify areas for improvement. | | 10. Improvement to relentlessly and continually improve Risk Management. |
| 2. Plan Do Check Act (PDCA): | | 1. Plan is covered by Context of the Organisation (4), Leadership (5), Scope of the RMS, Internal and External Issues, Needs and Expectations of Interested Parties to establish objectives and processes needed to deliver results in accordance with the Risk Management policy. | | 2. Do is covered by Support (7) and Operation (8) as the implementation of the processes as planned. | | 3. Check is covered by Performance Evaluation (9) to monitor and measure processes against the Risk Management policy, including its commitments, objective and operating criteria, and report the results. | | 4. Act is covered by Improvement (10) to take actions to continually improve. |
| 3. Risk Management Policy: | | 1. The business is the provision of bespoke application services with continual improvements to companies in all parts of the world. The application Service Provider (ASP) is a supply chain of independent companies working in partnership who may act like and can be treated as a single company, however no one company could expect to recruit and retain the large spectrum of qualified skills and experienced knowledge that is needed to provide the bespoke application services to many companies in many countries. The business is an internet-based service to any kind of computing device without the provision of any hardware or software. Risk Management factors apply to the multitude of data centers that provide the service and to the people who manage the service. | | 2. The Risk Management Policy is to provide bespoke application services that do not stop and cannot be stopped. The primary Risk Management principle is the use of a large number of replicated data centers where each data center houses a large number of redundant servers. In the event of a server failure, business continutes to be provided by other servers. In the event of a data center failure, business continutes to be provided by other data centers. |
| 4. Risk Management Audit: | | 1. The quality audit to ISO 31000 standard shall only be conducted on chapters 4 to 10 of the RMS. Chapters 1 to 3 are not audited and do not need to comply with any standard. |
| Document Control: | | 1. Document Title: ISO 31000 Risk Management Standard. | | 2. Reference: 162301. | | 3. Keywords: RMS, Risk, Design. | | 4. Description: Risk management is a fundamental part of every project. | | 5. Issued: 7 Nov 2016. | | 6. Edition: 1.0. |
|
|