ISO/TS 31050:2023
(Main)Risk management — Guidelines for managing an emerging risk to enhance resilience
Risk management — Guidelines for managing an emerging risk to enhance resilience
This document gives guidance on managing emerging risks that an organization can face. This document complements ISO 31000. This document is applicable to any organization, at any stage and to any activity of the organization. Its application can be customized to suit different organizations or the context of different organizations.
Management du risque — Lignes directrices pour le management d’un risque émergent afin de renforcer la résilience
Le présent document donne des recommandations relatives au management des risques émergents auxquels un organisme peut être confronté. Le présent document complète l’ISO 31000. Le présent document est applicable à tout organisme, à tout stade et à toute activité de l’organisme. Son application peut être personnalisée afin de s’ajuster à différents organismes ou au contexte de différents organismes.
Obvladovanje tveganja - Smernice za vodenje nastajajočih tveganj za povečanje odpornosti
Ta dokument podaja smernice za vodenje nastajajočih tveganj, s katerimi se lahko sooča organizacija. Dokument dopolnjuje standard ISO 31000.
Dokument se lahko uporablja v vseh organizacijah, ne glede na življenjski ciklus, v katerem so, in za vse njihove dejavnosti. Njegova uporaba je prilagojena, da ustreza različnim organizacijam ali njihovim različnim kontekstom.
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
01-december-2023
Obvladovanje tveganja - Smernice za vodenje nastajajočih tveganj za povečanje
odpornosti
Risk management - Guidelines for managing emerging risk to enhance resilience
Management du risque — Lignes directrices relatives à la gestion des risques émergents
afin d'améliorer la résilience
Ta slovenski standard je istoveten z: ISO/TS 31050:2023
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
TECHNICAL ISO/TS
SPECIFICATION 31050
First edition
2023-10
Risk management — Guidelines for
managing an emerging risk to enhance
resilience
Management du risque — Lignes directrices relatives à la gestion des
risques émergents afin d'améliorer la résilience
Reference number
© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Emerging risks . 2
4.1 Nature of emerging risks . 2
4.2 Characterization of emerging risks . 3
4.2.1 General . 3
4.2.2 Knowledge aspects . 4
4.2.3 Measurement aspects . 5
4.2.4 Time dimension . 5
4.2.5 Volatility aspects . 6
4.3 Development of emerging risks . 6
4.4 Relationship between managing emerging risks and organizational resilience . 6
5 Principles . 7
5.1 General . 7
5.2 Integrated . 8
5.3 Structured and comprehensive . 8
5.4 Customized . 8
5.5 Inclusive . 8
5.6 Dynamic . 8
5.7 Best available information . 8
5.8 Human and cultural factors . 9
5.9 Continual improvement . 9
6 Process . . 9
6.1 Applying the ISO 31000 process to emerging risks . 9
6.2 Communication and consultation. 9
6.3 Scope, context and criteria . 10
6.3.1 Scope and context . 10
6.3.2 Criteria . 11
6.4 Risk assessment . 12
6.4.1 General .12
6.4.2 Identifying emerging risks .12
6.4.3 Analysing emerging risks . 13
6.4.4 Evaluating emerging risks . 14
6.5 Risk treatment .15
6.6 Monitoring and review .15
6.7 Recording and reporting . 16
7 Enhancing resilience by managing emerging risks.16
7.1 Capability development . 16
7.2 Emerging risks and resilience indicators . 18
8 Risk intelligence cycle and managing emerging risks .20
8.1 Overview . 20
8.2 Applying knowledge to decisions on emerging risks . 21
Annex A (informative) Examples of changes in context that can be sources of emerging
risks .22
Annex B (informative) Example of emerging risks description or recording template .23
Annex C (informative) Systemic risks .25
iii
Annex D (informative) Example factors that can influence managing emerging risks .26
Annex E (informative) Knowledge and risk intelligence cycle for managing emerging risks.28
Annex F (informative) Example of a completed resilience indicator template .32
Bibliography .34
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use
of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed
patent rights in respect thereof. As of the date of publication of this document, ISO had not received
notice of (a) patent(s) which may be required to implement this document. However, implementers are
cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all
such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 262, Risk management, in collaboration
with Technical Committee ISO/TC 292, Security and resilience.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
Emerging risks are characterized by their newness, insufficient data, and a lack of verifiable information
and knowledge needed for decision-making related to them. As these risks can develop with the
potential for large thr
...
TECHNICAL ISO/TS
SPECIFICATION 31050
First edition
2023-10
Risk management — Guidelines for
managing an emerging risk to enhance
resilience
Management du risque — Lignes directrices relatives à la gestion des
risques émergents afin d'améliorer la résilience
Reference number
© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Emerging risks . 2
4.1 Nature of emerging risks . 2
4.2 Characterization of emerging risks . 3
4.2.1 General . 3
4.2.2 Knowledge aspects . 4
4.2.3 Measurement aspects . 5
4.2.4 Time dimension . 5
4.2.5 Volatility aspects . 6
4.3 Development of emerging risks . 6
4.4 Relationship between managing emerging risks and organizational resilience . 6
5 Principles . 7
5.1 General . 7
5.2 Integrated . 8
5.3 Structured and comprehensive . 8
5.4 Customized . 8
5.5 Inclusive . 8
5.6 Dynamic . 8
5.7 Best available information . 8
5.8 Human and cultural factors . 9
5.9 Continual improvement . 9
6 Process . . 9
6.1 Applying the ISO 31000 process to emerging risks . 9
6.2 Communication and consultation. 9
6.3 Scope, context and criteria . 10
6.3.1 Scope and context . 10
6.3.2 Criteria . 11
6.4 Risk assessment . 12
6.4.1 General .12
6.4.2 Identifying emerging risks .12
6.4.3 Analysing emerging risks . 13
6.4.4 Evaluating emerging risks . 14
6.5 Risk treatment .15
6.6 Monitoring and review .15
6.7 Recording and reporting . 16
7 Enhancing resilience by managing emerging risks.16
7.1 Capability development . 16
7.2 Emerging risks and resilience indicators . 18
8 Risk intelligence cycle and managing emerging risks .20
8.1 Overview . 20
8.2 Applying knowledge to decisions on emerging risks . 21
Annex A (informative) Examples of changes in context that can be sources of emerging
risks .22
Annex B (informative) Example of emerging risks description or recording template .23
Annex C (informative) Systemic risks .25
iii
Annex D (informative) Example factors that can influence managing emerging risks .26
Annex E (informative) Knowledge and risk intelligence cycle for managing emerging risks.28
Annex F (informative) Example of a completed resilience indicator template .32
Bibliography .34
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use
of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed
patent rights in respect thereof. As of the date of publication of this document, ISO had not received
notice of (a) patent(s) which may be required to implement this document. However, implementers are
cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all
such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 262, Risk management, in collaboration
with Technical Committee ISO/TC 292, Security and resilience.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
Emerging risks are characterized by their newness, insufficient data, and a lack of verifiable information
and knowledge needed for decision-making related to them. As these risks can develop with the
potential for large threats and opportunities, appropriate management of emerging risks should be
established as a part of an organization’s risk management. It should include changes in circumstances
or conditions related to multiple aspects of the organization’s external context and the implications for
its internal context.
Emerging risks can include, for example:
— risks arising from unrecognized changes in organizational contexts;
— risks created by innovation or social and technological development;
— risks related to new sources or previously unrecognized sources of risk;
— risks from new or modified processes, products or services.
Consequences of emerging risks can include, for example:
— exposure to unforeseen hazards and threats with uncertain outcomes;
— increased exposure to hazards and threats from known risk sources;
— lost or gained opportunities.
Managing the emerging risk should be knowledge-focused and dependent on the need to accumula
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.