Activity
A.4 Formulation of impact limit criteria
Definition of Scope and Framework
Description
Description
The criteria by which risks will be evaluated have to be decided and agreed. Deciding whether risk treatment is required, is usually based on operational, technical, financial, regulatory, legal, social, or environmental, criteria or combinations of them. The criteria should be in line with the scope and framework defined above. Furthermore they should be closely related to the organization's internal policies and procedures and support its goals and objectives.
Important criteria, to be considered, are impact criteria and the kinds of consequences that will be considered, criteria of likelihood, the rules that will determine whether the risk level is such that further treatment activities are required. It is very common, that criteria identified during these steps are further developed or even modified during later phases of the Risk Management process.

Organisation
Responsible
Risk Manager
Accountable
Senior Management
Consulted
Risk Owner
Domain Expert
Input/Output
Input data
D61 Asset classification
D60 Rules for impact acceptance
Output data
D63 Asset class. scheme
D62 Assessment activities criteria