Day 2 covers initiation of the risk management process, including defining scope, context, and criteria, and performing risk identification, analysis, and evaluation.
Day 2 focuses on the practical execution of the ISO 31000 risk management process. It moves from framework setup into active risk assessment activities.The day begins with defining scope, context, and criteria. These elements establish boundaries for assessment and ensure that risk evaluation is aligned with organizational objectives and tolerance.Risk identification follows, capturing events or conditions that could affect objectives. Participants then explore risk analysis, which examines the nature of risks, and risk evaluation, which compares results against criteria to determine priorities.These steps form the core of risk assessment and are essential for informed decision-making. Without clear scope or criteria, risk evaluation becomes inconsistent and difficult to justify.By the end of Day 2, participants understand how to apply a structured assessment approach that feeds directly into risk treatment and governance activities covered on Day 3.
Many risk programs struggle because scope and criteria are skipped. Spend time on these steps to avoid inconsistent assessments.Document assumptions early. They shape evaluation outcomes.
“Clear criteria make risk evaluation defensible.”
This training prepares professionals to lead risk management as a decision-making discipline, not a compliance exercise. Grounded in ISO 31000, the course focuses on how organizations actually identify uncertainty, evaluate trade-offs, and protect value in complex environments.
View courseThis training develops the practical capability to conduct information security risk assessments using the EBIOS Risk Manager method as required by ANSSI and aligned with ISO 27001. Participants work through a complete EBIOS RM study, from scoping to risk treatment, using realistic scenarios and s.
View courseThis training is designed for professionals who must structure, operate, and defend an information security risk management process aligned with ISO/IEC 27005:2022. Participants work through the full risk lifecycle, from context definition to treatment decisions and executive reporting.
View courseThe process includes setting scope, context, and criteria, then identifying risks, analyzing and evaluating them, and selecting treatments. It also includes recording, reporting, and ongoing monitoring and review with communication and consultation.
byMarc BOUVIER
Day 2 focuses on establishing the risk management framework and starting the risk management process. It covers the framework, scope, context and criteria, and risk identification.
byChristophe MAZZOLA
ISO 31000 does not certify organisations. It certifies professionals. PECB offers two certifications based on the ISO 31000 framework: the 3-day PECB Certified ISO 31000 Risk Manager for practitioners applying the standard, and the 4-day PECB Certified ISO 31000 Lead Risk Manager for those leading enterprise risk programmes. Both are recognised internationally and validate your ability to plan and improve a risk management process aligned with ISO 31000:2018.
ISO 31000 supports decision-making by providing a structured way to understand uncertainty, prioritize risks, and select treatment options based on defined criteria.
The course uses lectures with practical examples, interactive discussions, and exam-aligned quizzes, with limited participants to support engagement.
The ISO 31000 Risk Manager certification is a 3-day course for professionals who run the risk management process in their role. The Lead Risk Manager certification is a 4-day course for those who lead a risk management program, adding framework design and improvement, process planning, and governance integration. Choose Risk Manager to apply ISO 31000, and Lead Risk Manager to own and improve it.
Browse all FAQs →
Full knowledge base
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.