Defining the Criteria
In case there is any confusion between selecting the actual criteria for use within the assessment, and describing which criteria has been applied within the Scope, Context and Criteria stage, this article applies to the latter.
AS ISO 31000:2018 Risk management – Guidelines suggest that assessors should (as far as is possible) ensure that criteria applied to assessments is consistent/aligns with any existing risk frameworks. When conducting a risk assessment within SECTARA, it is recommended that assessors consider describing:
- Where criteria for the assessment was derived from.
- The rationale for applying this criteria (if not sourced internally).
- Unique aspects of the assessment criteria that deviate from any norms, and the purpose and impact of using it.
- Other relevant aspects of the criteria selected for the assessment.