Aller au contenu principal

ISO 31000

These steps are also closely aligned with the four phases of the ISO 31000 ISMS Plan, Do, Check, Act process, reinforcing a comprehensive and integrated approach to risk management:

Plan

Establish the context for risk management, including the organisational objectives and environment.
Conduct a thorough risk assessment, encompassing risk identification, analysis, and evaluation.
Develop a risk treatment plan and establish clear criteria for risk acceptance.

Do

Implement the risk treatment plan by applying the selected controls and mitigation measures.

Check

Continuously monitor and review risks, the effectiveness of implemented treatments, and the broader risk management process.
Evaluate outcomes against the organisation’s risk criteria and objectives.

Act

Maintain and improve the Information Security Risk Management Process by incorporating lessons learned, addressing gaps, and adapting to changes in the risk landscape or organisational needs.

(Source: ISO 31000)

Plan
Do
Check
Act