One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1495739 |
| Date de publication | 2019-12-11 08:00:00 (vue: 2020-01-03 15:00:04) |
| Titre | NBlog Dec 11 - risk treatments |
| Texte |  Yesterday I wrote about what the White Island eruption teaches us about risk management, in particular the way we decide how to deal with or "treat" identified risks. ISO/IEC 27005 describes 4 risk treatment options:Avoid the risk by deliberately not getting ourselves into risky situations - not getting too close to a known active volcano for example;Modify the risk: typically we mitigate (reduce) the risk through the use of controls intended to reduce the threats or vulnerabilities and hence the probability, or to reduce the impacts;Retain the risk: this is the default - more on this below;Share the risk: previously known as "risk transfer", this involves getting the assistance of third parties to deal with our risks, through insurance for instance, or liability clauses in contracts, or consultants' advice.Risk management standards and advisories usually state or imply that these 'options' are exclusive, in other words alternatives from which we should choose just one treatment per risk. ISO/IEC 27005 says "Controls to reduce, retain, avoid, or share the risks should be selected". In fact, they are nonexclusive options since they all involve an element of risk retention. The sentence should perhaps read "Controls to reduce, retain, avoid, and share the risks should be selected".*Risk retention is inevitable because of the very nature of risk. We can never be totally certain of risk, up to the point that the probability reaches 1 when an incident occurs (which, arguably, means it is no longer a risk but a certainty!). We might have misunderstood it, or made mistakes in our analysis. Our risk treatments might not work out as expected, perhaps even failing spectacularly when we least expect it, or conversely working so well that the risk never eventuates. Our insurers and partners might reneg |
| Envoyé | Oui |
| Condensat | iso/iec *risk 27005 about acceptance accountability achieves acknowledgement active adventure advice advisories affect ahead all also alternatives analysis and share any are areas arguably assistance avoid avoidance bad bear because below;share but calculate can certain certainty choose clarify clauses close complex confirm considered consultants context contracts control controls conversely deal dec decide decision decisions default deliberately describes documented done dynamic effect element eruption especially even events eventuates example;modify the except exclusive expect expected fact failing forms from generally geologists getting give gone has have hazards hence how identified impacts impacts;retain implications imply incident incidents including inevitable information instance insurance insurers intended involve involves island iso/iec itself just knowingly known least level liability like longer made make management mean means merely might mind misleading mistakes misunderstood mitigate more nature nblog need never nonexclusive normally not nothing: now occur occurring occurs one options options:avoid the other ought ourselves out partially particular parties partners per perhaps personal planning point precision predict predicted preferred previously probability problems proceed reaches read reduce renege residual retain retained retention right risk risk: risks risky says security seismic selected selecting sentence share short should significant signing since situations size some speak specifically: spectacularly standards state subsequently subtly implies sufficient teaches term these things third those threats through too totally tourist transfer treat treatment treatments trips truly typically uncertain understood unknown: upshot use used usually various varying very volcanic volcano vulnerabilities way well what when whereas whether which white words work working would wrote yesterday |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.