風險管理相關標準文件

hlperng

風險管理 (Risk Management) 相關標準文件依發行時間後先次序：

• ISO 24971:2013 (ed1.0), Medical devices - Guidance on the application of ISO 14971
• CNS 27005:2013, 資訊技術 - 安全技術 - 資訊安全風險管理 (Information technology - Security techniques - Informatin security risk management) （等同 ISO 27005:2011）
• IEC 62198:2013 (ed2.0), Managing risk in project - Application guide
• ISO 31004:2013 (ed1.0), Risk management - Guidance for the implementation of ISO 31000
• CNS 31010:2012, 風險管理 - 風險評鑑技術 (Risk management - Risk assessment techniques) （等同 ISO 31010:2009）.
• CNS 31000:2012, 風險管理 - 原則與指導綱要 (Risk management - Principles and guidelines) （等同 ISO 31000:2009）.
• CNS 14889:2012, 風險管理 - 詞彙 （等同 ISO/IEC Guide 73:2009）
• CNS 15508-1:2011, 機械安全 - 風險評鑑 - 第一部：原則 (Safety of machinery - Risk assessment - Part 1: Principles)（等同 ISO 14121-1:2007 revised by ISO 12100:2010）
• GB/T 27921:2011, Risk Management - Risk assessment techniques (ISO 31010:2009 IDT)
• NASA-SP-2011-3422 (2011), NASA Risk Management Handbook
• ANSI/ASSE/ISO Guide 73:2011, American National Standard - Vocabulary for Risk Management (ISO Guide 73:2009 IDT)
• ANSI/ASSE/ISO 31000:2011, American National Standards for Risk Management Principles and Guidelines (ISO 31000:2009 IDT)
• ANSI/ASSE/ISO 31010:2011, American National Standard for Risk Assessment Techniques (ISO 31010:2009 IDT)
• ISO/IEC 27005:2011 (ed2.0), Information Technology - Security Techniques - Information Security Risk Management
• JIS Q 31010:2010, Risk Management - Risk assessment techniques (ISO 31010:2009 IDT)
• JIS Q 31000:2010, Risk Management - Principles and guidelines (ISO 31000:2009 IDT)
• CSA/ISO 31000:2010, Risk Management - Principles and Guidelines
• ONR 49000:2010, Risk Management for Organizations and Systems - Terms and Principles - Implementation of ISO 31000.
• NIST SP-800-37:2010, Guide for Applying the Risk Management Framework to Federal Information Systems - A Security Life Cycle Approach.
• IEC 80001-1:2010 (ed1.0), Application of Risk Management for IT-Networks Incorporating Medical Devices - Part 1: Roles, Responsibilities and Activities.
• ISO 12100:2010 (ed1.0), Safety of Machinery - General Principles for Design - Risk Assessment and Risk Reduction.
• GB/T 24353:2009, Risk Management - Principles and guidelines (ISO 31000:2009 IDT)
• GB/T 23694:2009, 風險管理 - 術語（等同ISO/IEC Guide 73:2002).
• -, 風險管理及危機處理作業手冊，行政院研考會，2009。
• FAA-H-8083-2:2009, Risk Management Handbook, US DOT.
• AS/NZS ISO 31000:2009, Risk management - Principles and guidelines
• ISO/IEC 31010:2009 (ed1.0), Risk Management - Risk Assessment Techniques
• ISO/IEC 31000:2009 (ed1.0), Risk Management - Principles and Guidelines
• ISO Guide 73:2009 (ed1.0), Risk Management - Vocabulary
• ONR 49000:2008, Risk Management for Organizations and Systems - Terms and Principles - Pratical use of ISO/DIS 31000
• BS-31100:2008, Code of Practice for Risk Management
• ISO/IEC 27005:2008 (ed1.0), Information technology - Security techniques - Information security risk management (revised by ISO/IEC 27005:2011 ed2.0).
• ISO 14971:2007 (ed2.0), Medical Devices - Application of Risk Management to Medical Devices
• ISO 14121-1:2007 (ed1.0), Safety of Machinery - Risk Assessment - Part 1: Principles (withdrawn and replaced by ISO 12100:2010).
• ISO 14121-2:2007 (ed1.0), Safety of Machinery - Risk Assessment - Part 2: Practical Guidance and Examples of Methods (Technical Report) (revised by ISO 14121-2:2012 ed2.0)
• CNS 14989:2006, 醫療器材風險管理（等同ISO 14971:2000 ed1.0）.
• ISO 16085:2006 (ed2.0), Systems and Software Engineering - Life Cycle Processes - Risk Management
• -, Risk Management Guide for DoD Acquisition, 6th ed., US DoD, 2006.
• GB/T 20032:2005, 項目(專案)風險管理 - 應用指南（等同IEC 62198:2001）.
• -, 風險管理作業手冊，行政院研考會，2005。
• AS/NZS HB-436:2004, Risk management guidelines - Companion to AS/NZS 4360:2004.
• AS HB 205:2004, OHS Risk management handbook.
• CMU/SEI-2004-TN-002:2004, A Roadmap of Risk Diagnostic Methods: Developing and Integrated View of Risk Identification and Analysis Techniques.
• AS/NZS 4360:2004, Risk Management (replaced by AS/NZS ISO 31000:2009).
• ISO 16085:2004 (ed1.0), Systems and Software Engineering - Life Cycle Processes - Risk Management.
• NIST-SP-800-30:2002, Risk Management Guide for Information Technology Systems.
• ISO/IEC Guide 73:2002 (ed1.0), Risk management - Vocabulary - Guidelines for use in standards (withdrawn)
• -, Risk Management Guide for DoD Acquisition, 4th ed., US DoD, 2001.
• JIS-Q-2001:2001, Guidelines for Development and Implementation of Risk Management System.
• IEEE-STD-1540:2001, IEEE Standard for Software Life Cycle Processes - Risk Management. (superseded by ISO/IEC 16085:2004)
• IEC 62198:2001 (ed1.0), Project risk management - Application guidelines (revised by IEC 62198:2013 ed. 2.0)
• -, Risk Management Guide for DoD Acquisition, 3rd ed., US DoD, 2000.
• ISO 14971:2000 (ed1.0), Medical Devices - Application of Risk Management to Medical Devices (revised by ISO 14971:2007 ed2.0)
• -, Risk Management Guide for DoD Acqusition, 2nd ed., US DoD, 1999.
• AS/NZS 4360:1999, Risk management.
• NAVSO-P-3686, Top Eleven Ways to Manage Technical Risk, US NAVY, 1998.
• -, Risk Management Guide for DoD Acquisition, 1998.
• CSA-Q-850:1997 (ed1.0), Risk Management - Guidelines for Decision-Makers.
• IEC 60300-3-9:1995 (ed1.0), Dependability Management - Part 3: Application Guide - Section 9: Risk Analysis of Technological Systems. (withdrawn and replaced by IEC/ISO 31010:2009, ed1.0)
  

風險定義的發展脈絡：
1967     1995        2001           2002           2009
MIL  ⇒   IEC   ⇒    IEC   ⇒   ISO/IEC     ⇒  ISO   →  不確定性
                                                         ⇒  IEC   →   危害、安全性
詳見：http://redi.org.tw/forum.php?mod ... ge=1&extra=#pid1526


參考資料：

• ASSE Tech Brief (2012), ANSI/ASSE/ISO Risk Management & Risk Assessment Standards