« Yahoo!BB事件の控訴審判決 | Main | 経済産業省 パブコメ 情報セキュリティガバナンス施策ツール改訂案 »

2007.06.26

英国規格 パブコメ リスクマネジメントのための実践規範 (BS 31100, Code of practice for risk management)

 こんにちは、丸山満彦です。英国でリスクマネジメントのための実践規範の規格(BS 31100, Code of practice for risk management)のドラフトがパブリックコメントに付されています。とある人に教えていただきました。ありがとうございます。。。

 
BS 31100, Code of practice for risk management

=====
Introduction

1 Scope

2 Risk management principles
 2.1 General
 2.2 Systematic and structured risk management
 2.3 Evidence-based risk management
 2.4 Addressing uncertainty and its causes
 2.5 Risk management as part of decision-making
 2.6 Human factors and behaviour
 2.7 Adding benefit and value
 2.8 Tailoring risk management
 2.9 Transparency and inclusion of stakeholders
 2.10 Responding to change
 2.11 Enterprise-wide risk management
 
3 Risk management model
 3.1 General
  a) Strategic
  b) Project and programme
  c) Operations
 3.2 Environment and organization
  3.2.1 General
  3.2.2 Environment
  3.2.3 Organization

4 Risk management framework
 4.1 General
 4.2 Risk management culture
 4.3 Risk governance
 4.4 Risk management strategy
 4.5 Risk appetite
 4.6 Risk management policy
  4.6.1 General
 4.6.2 Content of the risk management policy
 4.7 Risk and impact categorization and measurement
  4.7.1 General
  4.7.2 Risk categories
  4.7.3 Impact categories
  4.7.4 Risk measurement criteria
 4.8 Roles and responsibilities
  4.8.1 Identification
  4.8.2 Senior management responsibilities
  4.8.3 The risk management oversight body (or equivalent)
  4.8.4 The risk management function and the risk manager
  4.8.5 The role of the organization units
  4.8.6 The role of individuals
  4.8.7 The role of the risk owner
  4.8.8 The role of internal and external audit
 4.9 Risk management tools
  4.9.1 General
 4.10 Training
 4.11 Reporting
  4.11.1 General
  4.11.2 Internal reporting
   4.11.2.1 Internal reporting structure and process
   4.11.2.2 Internal reporting outcomes
   4.11.3 External reporting
 4.12 Review

5 Risk management process
 5.1 General
 5.2 Risk identification
  5.2.1 General
  5.2.2 Methods for identifying risks
  5.2.3 Describing risks identified
 5.3 Risk assessment
  5.3.1 General
  5.3.2 Risk analysis
  5.3.3 Risk evaluation
 5.4 Responding to risks
  5.4.1 General
  5.4.2 Avoid
  5.4.3 Modify
  5.4.4 Transfer
  5.4.5 Accept
  5.4.6 Design and effectiveness of controls
 5.5 Risk reporting and review
  5.5.1 General
  5.5.2 Risk reporting
  5.5.3 Risk review

6 Implementing risk management
 6.1 The challenges
 6.2 Building capability
 6.3 The way forward
  6.3.1 Measuring maturity
  6.3.2 Scenario planning and stress testing
  6.3.3 Learning from losses and near misses
=====

 さすが英国です。COSO-ERMはでてきませんが、Combined Codeは出てきます。。。

Risk対応の部分に重点が置かれているようにみえますね。。。


【過去の今日】
・2006.06.26 トーマツ (Deloitte) 金融機関、ライフサイエンス、技術・メディア・通信分野の情報セキュリティグローバル調査
・2005.06.26 被害者匿名の発表増加
・        ネット犯罪悪用の恐れ 内閣官房情報セキュリティセンター 全省庁に委託業者の一斉点検を指示

|

« Yahoo!BB事件の控訴審判決 | Main | 経済産業省 パブコメ 情報セキュリティガバナンス施策ツール改訂案 »

Comments

Post a comment



(Not displayed with comment.)




TrackBack


Listed below are links to weblogs that reference 英国規格 パブコメ リスクマネジメントのための実践規範 (BS 31100, Code of practice for risk management):

« Yahoo!BB事件の控訴審判決 | Main | 経済産業省 パブコメ 情報セキュリティガバナンス施策ツール改訂案 »