Management of Risk

From The Secure Arc Wiki

Jump to: navigation, search

M_o_R (Management of Risk) is a framework for managing risk across an organisation. It was published in 2002, by the Office of Government Commerce, UK. This Standard builds on the OGC Guidelines for Managing Risk. Topics covered include business continuity management, security, programme/project risk management and operational service management.

Benefits of implementing this standard include having a better security governance framework, improved decision making on risks, and clear ownership and accountability of risk.

The following information gives a brief account of the M_o_R standard. Each requirement of the standards are broken down further into more specific sub-requirements that can be mapped back to both the Security Principles that drive them and the Design Patterns that satisfy them.

Standards Outline

The standard is based on four core concepts;

  • M_o_R Principles. These are essential for the development of good risk management practice. They are all derived from corporate governance principles in the recognition that risk management is a subset of an organisation's internal controls
  • M_o_R Approach. The principles need to be adapted and adopted to suit each individual organisation. Accordingly, an organisation's approach to the principles needs to be agreed and defined within a Risk Management Policy, Process Guide and Strategies, and supported by the use of Risk Registers and Issue Logs
  • M_o_R Processes. There are four main process steps, which describe the inputs, outputs and activities involved in ensuring that risks are identified, assessed and controlled
  • Embedding and Reviewing M_o_R. Having put in place the principles, approach and processes, an organisation needs to ensure that they are consistently applied across the organisation and that their application undergoes continual improvement in order for them to be effective.

Licensing and Documentation

The license associated with the M_o_R standard does not permit public distribution or reproduction, however they can be downloaded for personal or business use at a cost, directly from the Best Management Practice website.


Personal tools