風險管理相關標準文件
本帖最後由 hlperng 於 2021-4-8 18:33 編輯風險管理 (Risk Management) 相關標準文件依發行時間後先次序:
[*]ISO 24971:2013 (ed1.0), Medical devices - Guidance on the application of ISO 14971
[*]CNS 27005:2013, 資訊技術 - 安全技術 - 資訊安全風險管理 (Information technology - Security techniques - Informatin security risk management) (等同 ISO 27005:2011)
[*]IEC 62198:2013 (ed2.0), Managing risk in project - Application guide
[*]ISO 31004:2013 (ed1.0), Risk management - Guidance for the implementation of ISO 31000
[*]CNS 31010:2012, 風險管理 - 風險評鑑技術 (Risk management - Risk assessment techniques) (等同 ISO 31010:2009).
[*]CNS 31000:2012, 風險管理 - 原則與指導綱要 (Risk management - Principles and guidelines) (等同 ISO 31000:2009).
[*]CNS 14889:2012, 風險管理 - 詞彙 (等同 ISO/IEC Guide 73:2009)
[*]CNS 15508-1:2011, 機械安全 - 風險評鑑 - 第一部:原則 (Safety of machinery - Risk assessment - Part 1: Principles)(等同 ISO 14121-1:2007 revised by ISO 12100:2010)
[*]GB/T 27921:2011, Risk Management - Risk assessment techniques (ISO 31010:2009 IDT)
[*]NASA-SP-2011-3422 (2011), NASA Risk Management Handbook
[*]ANSI/ASSE/ISO Guide 73:2011, American National Standard - Vocabulary for Risk Management (ISO Guide 73:2009 IDT)
[*]ANSI/ASSE/ISO 31000:2011, American National Standards for Risk Management Principles and Guidelines (ISO 31000:2009 IDT)
[*]ANSI/ASSE/ISO 31010:2011, American National Standard for Risk Assessment Techniques (ISO 31010:2009 IDT)
[*]ISO/IEC 27005:2011 (ed2.0), Information Technology - Security Techniques - Information Security Risk Management
[*]JIS Q 31010:2010, Risk Management - Risk assessment techniques (ISO 31010:2009 IDT)
[*]JIS Q 31000:2010, Risk Management - Principles and guidelines (ISO 31000:2009 IDT)
[*]CSA/ISO 31000:2010, Risk Management - Principles and Guidelines
[*]ONR 49000:2010, Risk Management for Organizations and Systems - Terms and Principles - Implementation of ISO 31000.
[*]NIST SP-800-37:2010, Guide for Applying the Risk Management Framework to Federal Information Systems - A Security Life Cycle Approach.
[*]IEC 80001-1:2010 (ed1.0), Application of Risk Management for IT-Networks Incorporating Medical Devices - Part 1: Roles, Responsibilities and Activities.
[*]ISO 12100:2010 (ed1.0), Safety of Machinery - General Principles for Design - Risk Assessment and Risk Reduction.
[*]GB/T 24353:2009, Risk Management - Principles and guidelines (ISO 31000:2009 IDT)
[*]GB/T 23694:2009, 風險管理 - 術語(等同ISO/IEC Guide 73:2002).
[*]-, 風險管理及危機處理作業手冊,行政院研考會,2009。
[*]FAA-H-8083-2:2009, Risk Management Handbook, US DOT.
[*]AS/NZS ISO 31000:2009, Risk management - Principles and guidelines
[*]ISO/IEC 31010:2009 (ed1.0), Risk Management - Risk Assessment Techniques
[*]ISO/IEC 31000:2009 (ed1.0), Risk Management - Principles and Guidelines
[*]ISO Guide 73:2009 (ed1.0), Risk Management - Vocabulary
[*]ONR 49000:2008, Risk Management for Organizations and Systems - Terms and Principles - Pratical use of ISO/DIS 31000
[*]BS-31100:2008, Code of Practice for Risk Management
[*]ISO/IEC 27005:2008 (ed1.0), Information technology - Security techniques - Information security risk management (revised by ISO/IEC 27005:2011 ed2.0).
[*]ISO 14971:2007 (ed2.0), Medical Devices - Application of Risk Management to Medical Devices
[*]ISO 14121-1:2007 (ed1.0), Safety of Machinery - Risk Assessment - Part 1: Principles (withdrawn and replaced by ISO 12100:2010).
[*]ISO 14121-2:2007 (ed1.0), Safety of Machinery - Risk Assessment - Part 2: Practical Guidance and Examples of Methods (Technical Report) (revised by ISO 14121-2:2012 ed2.0)
[*]CNS 14989:2006, 醫療器材風險管理(等同ISO 14971:2000 ed1.0).
[*]ISO 16085:2006 (ed2.0), Systems and Software Engineering - Life Cycle Processes - Risk Management
[*]-, Risk Management Guide for DoD Acquisition, 6th ed., US DoD, 2006.
[*]GB/T 20032:2005, 項目(專案)風險管理 - 應用指南(等同IEC 62198:2001).
[*]-, 風險管理作業手冊,行政院研考會,2005。
[*]AS/NZS HB-436:2004, Risk management guidelines - Companion to AS/NZS 4360:2004.
[*]AS HB 205:2004, OHS Risk management handbook.
[*]CMU/SEI-2004-TN-002:2004, A Roadmap of Risk Diagnostic Methods: Developing and Integrated View of Risk Identification and Analysis Techniques.
[*]AS/NZS 4360:2004, Risk Management (replaced by AS/NZS ISO 31000:2009).
[*]ISO 16085:2004 (ed1.0), Systems and Software Engineering - Life Cycle Processes - Risk Management.
[*]NIST-SP-800-30:2002, Risk Management Guide for Information Technology Systems.
[*]ISO/IEC Guide 73:2002 (ed1.0), Risk management - Vocabulary - Guidelines for use in standards (withdrawn)
[*]-, Risk Management Guide for DoD Acquisition, 4th ed., US DoD, 2001.
[*]JIS-Q-2001:2001, Guidelines for Development and Implementation of Risk Management System.
[*]IEEE-STD-1540:2001, IEEE Standard for Software Life Cycle Processes - Risk Management. (superseded by ISO/IEC 16085:2004)
[*]IEC 62198:2001 (ed1.0), Project risk management - Application guidelines (revised by IEC 62198:2013 ed. 2.0)
[*]-, Risk Management Guide for DoD Acquisition, 3rd ed., US DoD, 2000.
[*]ISO 14971:2000 (ed1.0), Medical Devices - Application of Risk Management to Medical Devices (revised by ISO 14971:2007 ed2.0)
[*]-, Risk Management Guide for DoD Acqusition, 2nd ed., US DoD, 1999.
[*]AS/NZS 4360:1999, Risk management.
[*]NAVSO-P-3686, Top Eleven Ways to Manage Technical Risk, US NAVY, 1998.
[*]-, Risk Management Guide for DoD Acquisition, 1998.
[*]CSA-Q-850:1997 (ed1.0), Risk Management - Guidelines for Decision-Makers.
[*]IEC 60300-3-9:1995 (ed1.0), Dependability Management - Part 3: Application Guide - Section 9: Risk Analysis of Technological Systems. (withdrawn and replaced by IEC/ISO 31010:2009, ed1.0)
風險定義的發展脈絡:
1967 1995 2001 2002 2009
MIL ⇒ IEC ⇒ IEC ⇒ ISO/IEC ⇒ ISO → 不確定性
⇒ IEC → 危害、安全性
詳見:http://redi.org.tw/forum.php?mod ... ge=1&extra=#pid1526
參考資料:
[*]ASSE Tech Brief (2012), ANSI/ASSE/ISO Risk Management & Risk Assessment Standards
頁:
[1]