ISO 31000:2009, 風險管理 - 原則與框架 (Risk management - Principles and framework)
ISO 31000:2009,《風險管理 - 原則與指導綱要》(Risk management - Principles and framework)
目錄 (Table of Contents)
前言 (Foreword)
簡介 (Introduction)
1. 範圍 (Scope)
2. 名詞與定義 (Terms and definitions)
3. 原則 (Principles)
4. 框架 (Framework)
4.1 概述 (General)
4.2 命令與承諾 (Mandate and commitment)
4.3 管理風險框架之設計 (Design of framework for managing risk)
4.3.1 瞭解組織及其内涵 (Understanding of the organization and its context)
4.3.2 建立風險管理政策 (Establishing risk management policy)
4.3.3 負責性 (Accountability)
4.3.4 整合至組織過程 (Integration into organizational processes)
4.3.5 資源 (Resources)
4.3.6 建立內部溝通與通報機制 (Establishing internal communication and reporting mechanisms)
4.3.7 建立外部溝通與通報機制 (Establishing external communication and reporting mechanisms)
4.4 實施風險管理(Implementing risk management)
4.4.1 實施管理風險框架 (Implementing the framework for managing risk)
4.4.2 實施風險管理過程 (Implementing the risk management process)
4.5 框架之監視與審查 (Monitoring and review of the framework)
4.6 框架之持續改進 (Continual improvement of the framework)
5. 過程(Process)
5.1 概述(General)
5.2 溝通與諮商 (Communication and consultation)
5.3 建立內涵 (Establishing the context)
5.3.1 概述 (General)
5.3.2 建立外部內涵 (Establishing the external context)
5.3.3 建立內部內涵 (Establishing the internal context)
5.3.4 建立風險管理過程內涵 (Establishing the context of the risk management process)
5.4 風險評鑑
5.4.1 概述 (General)
5.4.2 風險識別 (Risk identification)
5.4.3 風險分析 (Risk analysis)
5.4.4 風險評估 (Risk Evaluation)
5.5 風險處理
5.5.1 概述 (General)
5.5.2 風險處理選項之選擇 (Selection of risk treatment options)
5.5.3 準備與實施風險處理計畫 (Preparing and implementing risk treatment plans)
5.6 監視與審查 (Monitoring and review)
5.7 記錄風險管理過程 (Recording the risk management process)
附錄 A (參考) 強化後風險管理屬性 (Attributes of enhanced risk management)
參考資料 (Bibliography)
