ISO/IEC 23894 Information technology Artificial intelligenc Guidance on risk management

ISO/IEC 23894 is a standard that provides guidance on risk management specifically for artificial intelligence (AI) in the field of information technology. Here’s a summary of its key aspects:

1. Scope: The standard aims to help organizations manage risks associated with AI technologies. This includes identifying potential risks, assessing their likelihood and impact, and implementing strategies to mitigate or manage these risks effectively.
2. Framework: It likely provides a structured framework for risk management in AI, which may include steps such as risk identification, risk assessment, risk treatment, and monitoring and review of risk controls.
3. Risk Factors: It may outline specific risk factors relevant to AI systems, such as data quality and bias, system reliability and robustness, security vulnerabilities, ethical considerations, and legal compliance.
4. Implementation Guidance: The standard probably offers practical guidance on implementing risk management practices tailored to AI applications. This could include recommendations for organizational policies, procedures, and roles/responsibilities related to AI risk management.
5. Compliance and Assurance: It might address requirements for compliance with regulatory standards and assurance mechanisms to demonstrate effective AI risk management to stakeholders.
6. Updates and Future Considerations: Given the rapid evolution of AI technologies, the standard may also provide guidance on adapting risk management practices to address new challenges and developments in the AI landscape.

To get detailed guidance, it’s best to refer directly to the ISO/IEC 23894 document itself, which will provide comprehensive information on implementing effective risk management strategies for AI technologies.

What is required ISO/IEC 23894 Information technology Artificial intelligenc Guidance on risk management

ISO/IEC 23894 is a standard that provides guidance specifically on risk management for artificial intelligence (AI) in the field of information technology. While the specific requirements can vary depending on the version and specific clauses of the standard (as standards are periodically updated), here are the typical components and requirements you might find in ISO/IEC 23894:

1. Scope and Application: The standard will define its scope, specifying that it applies to organizations involved in the development, deployment, or management of AI technologies.
2. Terms and Definitions: It will provide clear definitions of key terms related to AI risk management to ensure common understanding across stakeholders.
3. Risk Management Framework: ISO/IEC 23894 will outline a structured framework for managing risks associated with AI systems. This framework typically includes:

• Context Establishment: Understanding the organizational context and objectives relevant to AI risk management.
• Risk Assessment: Systematic identification of potential risks associated with AI technologies, including data quality issues, biases, security vulnerabilities, ethical implications, and compliance requirements.
• Risk Analysis: Evaluating the likelihood and impact of identified risks.
• Risk Treatment: Developing and implementing strategies to address or mitigate identified risks, which may include risk avoidance, risk reduction, risk sharing, or risk acceptance.
• Monitoring and Review: Establishing processes to monitor the effectiveness of risk treatments and reviewing risk management practices regularly.

1. Implementation Guidance: Practical guidance on how to implement the risk management framework, which may include:

• Steps to integrate risk management into AI development and deployment processes.
• Roles and responsibilities of stakeholders involved in AI risk management.
• Documentation requirements to ensure transparency and accountability.

1. Compliance and Assurance: Guidance on ensuring compliance with relevant legal, regulatory, and ethical standards related to AI technologies. This may include requirements for data protection, fairness, transparency, accountability, and human oversight in AI systems.
2. Continuous Improvement: Recommendations for continuous improvement of AI risk management practices to address emerging risks and technological advancements.
3. References: Typically includes references to other relevant standards, guidelines, and best practices related to AI and risk management.

To obtain the specific requirements and detailed guidance, you would need access to the full text of ISO/IEC 23894, which can be obtained through purchasing the standard from ISO or accessing it through a library or subscription service that provides access to ISO standards.

Who is required SO/IEC 23894 Information technology Artificial intelligenc Guidance on risk management

ISO/IEC 23894, titled “Information technology – Artificial intelligence – Guidance on risk management,” is primarily intended for organizations involved in the development, deployment, or management of artificial intelligence (AI) technologies. The standard is designed to provide guidance on how these organizations can effectively manage the risks associated with AI systems throughout their lifecycle.

Here are the key stakeholders who are typically required or recommended to use ISO/IEC 23894:

1. Organizations Developing AI Technologies: Companies and research institutions that are involved in the design, development, and testing of AI systems are primary users of this standard. It helps them identify, assess, and manage risks associated with AI applications to ensure safety, reliability, and ethical use of AI technologies.
2. Organizations Deploying AI Solutions: Companies that deploy AI technologies in their operations or integrate AI systems into their products and services can benefit from ISO/IEC 23894 to understand and mitigate risks related to AI deployment. This includes sectors such as healthcare, finance, manufacturing, and more.
3. Regulatory Bodies and Standards Organizations: Regulatory bodies and standards organizations may reference ISO/IEC 23894 when developing regulations, guidelines, or frameworks related to AI risk management. It provides a recognized international standard for ensuring compliance with regulatory requirements concerning AI technologies.
4. Governments and Policy Makers: Government agencies and policy makers may use ISO/IEC 23894 to inform their policies and regulations concerning the responsible use of AI technologies. It helps them address potential risks associated with AI adoption and deployment at a national or regional level.
5. Consultants and Auditors: Professionals specializing in risk management, cybersecurity, ethics, and compliance may use ISO/IEC 23894 as a framework for advising organizations on AI risk management practices. They may also use it as a basis for conducting audits and assessments of AI systems.
6. Educational and Research Institutions: Universities, research centers, and educational institutions may use ISO/IEC 23894 as a reference for teaching and research purposes related to AI risk management. It provides a structured approach and best practices for studying and developing solutions to address risks in AI technologies.

Overall, ISO/IEC 23894 serves as a valuable resource for a wide range of stakeholders involved in the AI ecosystem, facilitating the adoption of best practices and ensuring the responsible and ethical development and deployment of AI technologies.

when is required ISO/IEC 23894 Information technology Artificial intelligenc Guidance on risk management

ISO/IEC 23894, which provides guidance on risk management for artificial intelligence (AI) in information technology, is typically required or recommended in several scenarios:

1. Organizational Compliance: Organizations involved in the development, deployment, or management of AI technologies may choose to adopt ISO/IEC 23894 to comply with best practices and international standards for managing AI-related risks. This ensures that AI systems are developed and operated in a manner that minimizes potential harms and maximizes benefits.
2. Regulatory and Legal Compliance: Regulatory bodies and governmental agencies may reference ISO/IEC 23894 when developing regulations or guidelines related to AI technologies. Compliance with these standards can help organizations demonstrate that they have implemented appropriate risk management practices and ethical considerations in their AI solutions.
3. Industry Standards and Frameworks: Industry standards organizations or sector-specific bodies may adopt ISO/IEC 23894 as part of their frameworks for AI governance and risk management. This ensures consistency and interoperability across different sectors and encourages responsible AI development practices.
4. Contractual Requirements: Organizations may include compliance with ISO/IEC 23894 as a requirement in contracts with suppliers, partners, or service providers involved in AI-related activities. This helps establish a common baseline for risk management expectations and ensures alignment with industry standards.
5. Risk Assessment and Due Diligence: When conducting risk assessments or due diligence processes related to AI technologies, stakeholders may refer to ISO/IEC 23894 as a benchmark for evaluating the adequacy of risk management practices in place. This can be particularly relevant in contexts such as mergers and acquisitions, investments in AI startups, or partnerships involving AI technologies.
6. Professional Guidance and Best Practices: Professionals in fields such as cybersecurity, ethics, compliance, and AI governance may recommend or require the use of ISO/IEC 23894 as a best practice for organizations looking to enhance their AI risk management capabilities. This ensures that AI systems are developed and operated in accordance with ethical principles and legal requirements.

In summary, ISO/IEC 23894 is required or recommended in contexts where there is a need to manage risks associated with AI technologies effectively, ensure compliance with regulatory expectations, adhere to industry standards, and promote responsible AI development and deployment practices.

where is required ISO/IEC 23894 Information technology Artificial intelligenc Guidance on risk management

ISO/IEC 23894, which provides guidance on risk management for artificial intelligence (AI) in information technology, is not necessarily required in a specific geographic location but rather applicable globally. Organizations and entities worldwide can choose to adopt this standard to improve their AI risk management practices.

However, there are contexts where the adoption of ISO/IEC 23894 may be particularly beneficial or recommended:

1. International Organizations and Multinational Corporations: Large multinational corporations and international organizations often adopt international standards like ISO/IEC 23894 to ensure consistency and compliance across their global operations. This standard provides a framework that can be implemented uniformly across different countries and regions where they operate.
2. Regulatory Guidance: While ISO/IEC standards are voluntary, regulatory bodies in various countries may reference international standards like ISO/IEC 23894 when developing guidelines or regulations related to AI technologies. Compliance with such standards can demonstrate that organizations are following recognized best practices in AI risk management.
3. Industry Best Practices: Certain industries, such as finance, healthcare, automotive, and telecommunications, may have specific risks associated with AI technologies. Industry associations or sector-specific standards bodies may recommend ISO/IEC 23894 as part of their industry best practices to manage these risks effectively.
4. Emerging Technology Hubs: Locations that are emerging as centers for AI research, development, and deployment may see increased adoption of ISO/IEC 23894. This includes regions with strong technology sectors where companies and research institutions are at the forefront of AI innovation.
5. Global Supply Chains: Organizations involved in global supply chains may adopt ISO/IEC 23894 to establish consistent expectations and requirements for AI risk management among their suppliers, partners, and subcontractors worldwide.
6. Educational and Research Institutions: Universities, research centers, and educational institutions globally may use ISO/IEC 23894 as a reference for teaching and research purposes related to AI risk management. It helps prepare future professionals and researchers to address the challenges associated with AI technologies responsibly.

While the adoption of ISO/IEC 23894 is voluntary, its use can enhance organizational resilience, ethical AI development, and compliance with legal and regulatory requirements related to AI technologies on a global scale.

How is required ISO/IEC 23894 Information technology Artificial intelligenc Guidance on risk management

ISO/IEC 23894 provides guidance on risk management specifically tailored for artificial intelligence (AI) in the field of information technology. Here’s how this standard is typically applied and required:

1. Organizational Adoption: Organizations involved in the development, deployment, or management of AI technologies may choose to adopt ISO/IEC 23894 to enhance their AI risk management practices. This includes integrating the standard’s guidance into their policies, procedures, and processes related to AI development and deployment.
2. Compliance and Certification: While ISO/IEC standards are voluntary, organizations may choose to comply with ISO/IEC 23894 as part of their commitment to international best practices and standards. Compliance with this standard can demonstrate to stakeholders, including customers, regulators, and investors, that the organization is committed to managing AI-related risks effectively and ethically.
3. Regulatory and Legal Considerations: Regulatory bodies or governmental agencies in some jurisdictions may reference ISO/IEC 23894 when developing regulations or guidelines related to AI technologies. In such cases, compliance with the standard could become a de facto requirement for organizations operating in those regions to ensure adherence to regulatory expectations.
4. Industry Best Practices: ISO/IEC 23894 is often seen as a benchmark for industry best practices in AI risk management. Industry associations or sector-specific standards bodies may recommend or require the adoption of this standard to promote consistent and effective risk management across the sector.
5. Contractual Requirements: Organizations may include compliance with ISO/IEC 23894 as a contractual requirement in agreements with suppliers, partners, or service providers involved in AI-related activities. This helps ensure that all parties in the supply chain adhere to recognized standards for managing AI risks.
6. Educational and Professional Development: Professionals in fields such as cybersecurity, ethics, compliance, and AI governance may be encouraged or required to familiarize themselves with ISO/IEC 23894 as part of their professional development. This ensures they have the knowledge and skills necessary to advise organizations on AI risk management practices.

In summary, while ISO/IEC 23894 itself is not legally binding, its adoption and implementation can be driven by organizational, regulatory, industry, contractual, and professional considerations. It provides a structured framework and best practices for managing risks associated with AI technologies, thereby promoting responsible and ethical use of AI on a global scale.

Case study on ISO/IEC 23894 Information technology Artificial intelligenc Guidance on risk management

A case study illustrating the application of ISO/IEC 23894, which provides guidance on risk management for artificial intelligence (AI) in information technology, could focus on a hypothetical scenario in a healthcare setting. Here’s an example:

Case Study: AI Risk Management in Healthcare

Background:
A leading healthcare provider, HealthTech Inc., is developing an AI-powered diagnostic tool to assist radiologists in identifying early signs of cancer in medical imaging scans. The tool aims to improve diagnostic accuracy and efficiency, ultimately enhancing patient outcomes. However, the organization faces significant challenges in ensuring the safety, reliability, and ethical use of AI in medical diagnostics.

Application of ISO/IEC 23894:

1. Risk Identification:
HealthTech Inc. conducts a comprehensive risk assessment as per the guidelines outlined in ISO/IEC 23894. They identify various potential risks associated with their AI diagnostic tool, including:

• Data Quality: Ensuring the accuracy and completeness of training data to avoid biased or incorrect diagnostic outcomes.
• System Reliability: Addressing issues related to AI system failures or errors that could lead to incorrect diagnoses.
• Privacy and Security: Protecting patient data and ensuring compliance with healthcare data protection regulations (e.g., HIPAA in the United States).
• Ethical Considerations: Addressing concerns about the ethical implications of using AI in medical decision-making, such as transparency in AI decision-making processes and ensuring human oversight.

2. Risk Assessment and Analysis:
Using ISO/IEC 23894’s risk management framework, HealthTech Inc. assesses the likelihood and potential impact of identified risks. They prioritize risks based on their severity and the likelihood of occurrence. For instance, they determine that the risk of data bias in the AI training data poses a high impact on patient safety and requires immediate mitigation measures.

3. Risk Treatment:
HealthTech Inc. develops risk treatment strategies based on the risk assessment findings:

• Data Quality Assurance: Implementing rigorous data validation and cleaning processes to minimize bias in the training data.
• System Testing and Validation: Conducting extensive testing and validation of the AI diagnostic tool to ensure its reliability and accuracy.
• Privacy and Security Measures: Enhancing cybersecurity measures to protect patient data and ensuring compliance with regulatory requirements.
• Ethical Guidelines: Establishing protocols for transparent AI decision-making and providing clear explanations of AI-generated diagnoses to patients and healthcare providers.

4. Monitoring and Review:
HealthTech Inc. establishes mechanisms to monitor the effectiveness of their risk management strategies over time. They conduct regular reviews and audits of their AI diagnostic tool to ensure ongoing compliance with ISO/IEC 23894 and regulatory standards. Continuous monitoring helps identify emerging risks and implement timely adjustments to their risk management practices.

Outcome:
By following ISO/IEC 23894’s guidance on risk management for AI, HealthTech Inc. successfully develops and deploys an AI-powered diagnostic tool that meets high standards of safety, reliability, and ethical use. The tool enhances diagnostic accuracy, improves patient care outcomes, and gains trust from healthcare professionals and patients alike.

Conclusion:
This case study demonstrates how ISO/IEC 23894 can be applied effectively in a healthcare setting to manage risks associated with AI technologies. By adopting a structured risk management approach, organizations like HealthTech Inc. can navigate complex challenges inherent in AI development and deployment, ultimately contributing to the responsible advancement of AI in healthcare.

This hypothetical case study provides a practical example of how ISO/IEC 23894 can be implemented in a specific industry context, illustrating its benefits in ensuring the ethical and effective use of AI technologies.

White paper on ISO/IEC 23894 Information technology Artificial intelligenc Guidance on risk management

White Paper: ISO/IEC 23894 – Guidance on Risk Management for Artificial Intelligence

Introduction

Artificial Intelligence (AI) technologies hold immense potential to transform industries and improve human experiences across various domains. However, the rapid evolution and deployment of AI also bring significant challenges and risks. Managing these risks effectively is crucial to ensure AI systems are safe, reliable, and ethically sound. ISO/IEC 23894 provides comprehensive guidance on risk management specific to AI in information technology, offering organizations a structured framework to address these challenges.

Key Elements of ISO/IEC 23894

1. Scope and Purpose

• ISO/IEC 23894 defines the scope of risk management for AI technologies, encompassing the entire lifecycle from development to deployment and operation.
• It aims to assist organizations in identifying, assessing, and mitigating risks associated with AI, considering factors such as data quality, system reliability, security vulnerabilities, ethical considerations, and compliance with legal requirements.

1. Risk Management Framework

• The standard provides a systematic approach to risk management, including:
  • Context Establishment: Understanding organizational objectives and the AI environment.
  • Risk Identification: Identifying potential risks specific to AI technologies.
  • Risk Assessment: Evaluating the likelihood and impact of identified risks.
  • Risk Treatment: Developing strategies to mitigate or manage risks effectively.
  • Monitoring and Review: Establishing processes to monitor the effectiveness of risk controls and adapting strategies as necessary.

1. Implementation Guidance

• Practical guidance on integrating risk management practices into AI development and deployment processes.
• Recommendations for organizational policies, procedures, roles, and responsibilities related to AI risk management.
• Best practices for ensuring transparency, accountability, and ethical considerations in AI systems.

1. Compliance and Assurance

• Guidelines for ensuring compliance with relevant legal, regulatory, and ethical standards applicable to AI technologies.
• Mechanisms for demonstrating effective AI risk management to stakeholders, including regulators, customers, and the public.

Case Study: Implementing ISO/IEC 23894 in Healthcare AI

• Scenario: A healthcare provider develops an AI-powered diagnostic tool to assist in medical imaging analysis.
• Challenges: Addressing data quality issues, ensuring system reliability, protecting patient privacy, and managing ethical implications.
• Implementation: Following ISO/IEC 23894’s framework for risk management, the organization conducts thorough risk assessments, implements data validation processes, enhances cybersecurity measures, and establishes protocols for transparent AI decision-making.
• Outcome: Successfully deploys a reliable and ethically sound AI diagnostic tool, improving diagnostic accuracy and patient care outcomes while maintaining compliance with regulatory standards.

Conclusion

ISO/IEC 23894 serves as a critical resource for organizations navigating the complexities of AI risk management. By adopting its principles and guidelines, organizations can enhance the safety, reliability, and ethical use of AI technologies. This white paper highlights the importance of proactive risk management in maximizing the benefits of AI while minimizing potential harms, ultimately fostering trust and confidence in AI systems across industries.

References

• International Organization for Standardization (ISO)
• International Electrotechnical Commission (IEC)
• Industry-specific guidelines and best practices in AI and risk management

industrial application of ISO/IEC 23894 Information technology Artificial intelligenc Guidance on risk management

The industrial application of ISO/IEC 23894, which provides guidance on risk management for artificial intelligence (AI) in information technology, can vary widely across different sectors. Here are several industrial applications where organizations can leverage ISO/IEC 23894 to manage AI-related risks effectively:

1. Healthcare Industry

Application: Developing AI-driven diagnostic tools, personalized medicine applications, and clinical decision support systems.

Challenges Addressed: Ensuring the accuracy and reliability of AI diagnoses, protecting patient data privacy, and complying with healthcare regulations (e.g., HIPAA in the United States).

Implementation: Healthcare organizations can use ISO/IEC 23894 to conduct rigorous risk assessments, validate AI algorithms against clinical data, and establish protocols for transparent AI decision-making in medical settings.

2. Finance and Banking

Application: Implementing AI in fraud detection, credit scoring, algorithmic trading, and customer service applications.

Challenges Addressed: Managing financial risks associated with AI decisions, ensuring compliance with regulatory requirements (e.g., GDPR, Basel III), and protecting sensitive financial data.

Implementation: Financial institutions can adopt ISO/IEC 23894 to assess risks related to AI-driven algorithms, enhance model validation processes, and establish controls for data security and customer confidentiality.

3. Automotive and Manufacturing

Application: Integrating AI in autonomous vehicles, predictive maintenance systems, quality control, and supply chain optimization.

Challenges Addressed: Addressing safety concerns in AI-driven systems, ensuring reliability in real-time operations, and maintaining product quality standards.

Implementation: Automotive and manufacturing sectors can utilize ISO/IEC 23894 to evaluate safety-critical risks associated with AI technologies, implement testing and validation protocols, and establish contingency plans for system failures.

4. Retail and Customer Service

Application: Deploying AI in personalized marketing, chatbots, recommendation systems, and supply chain management.

Challenges Addressed: Addressing consumer privacy concerns, mitigating biases in AI algorithms, and ensuring compliance with data protection regulations (e.g., CCPA).

Implementation: Retailers can leverage ISO/IEC 23894 to assess risks related to consumer data handling, implement ethical guidelines for AI deployment, and monitor AI systems’ performance and customer interactions.

5. Telecommunications

Application: Using AI for network optimization, predictive maintenance of infrastructure, customer support automation, and cybersecurity.

Challenges Addressed: Securing telecommunications networks against cyber threats, ensuring the reliability of AI-driven network operations, and safeguarding customer data.

Implementation: Telecommunications companies can apply ISO/IEC 23894 to assess risks in AI-enabled network management, implement robust cybersecurity measures, and enhance incident response capabilities.

6. Energy and Utilities

Application: Integrating AI in smart grid management, predictive maintenance of infrastructure, energy efficiency optimization, and asset management.

Challenges Addressed: Ensuring grid reliability and stability with AI automation, protecting critical infrastructure against cyber threats, and complying with energy regulatory standards.

Implementation: Energy and utility providers can use ISO/IEC 23894 to identify risks associated with AI deployment in energy systems, implement resilience strategies for grid operations, and enhance cybersecurity measures to protect against potential threats.

Conclusion

In each of these industrial applications, ISO/IEC 23894 provides a structured approach to identifying, assessing, and managing risks specific to AI technologies. By adopting this standard, organizations can enhance the safety, reliability, and ethical use of AI systems, thereby maximizing the benefits of AI while mitigating potential harms and ensuring compliance with regulatory requirements.

1.  “Certification”. International Organization for Standardization. Archived from the original on Feb 27, 2024.
2. ^ “Glossary of Important Assessment and Measurement Terms”. NCME. Archived from the original on 2017-07-22. Retrieved 8 March 2017.
3. ^ “Certification Bodies: what is it ?”. www.theinformationstandard.org. Retrieved 2025-02-17.
4. ^ “What Is a Certificate Authority? Certification Authorities Explained”. sectigostore.com. Retrieved 2025-02-17.
5. ^ “How Important Are Professional Certifications?”. www.columbiasouthern.edu. Retrieved 2025-02-17.
6. ^ “Sustainability Certifications: Easy Guide for Consumers & Sellers”. climatesort.com. Retrieved 2025-02-17.
7. ^ “Cybersecurity And Cloud Tech Certifications Pay The Best Salaries In 2020”. www.forbes.com. Retrieved 2025-02-17.
8. ^ “The ROI of Certifications”. certifiedperformance.org. Retrieved 2025-02-17.
9. ^ “Why get a Project Management Professional (PMP®) certification?”. leanmanufacturing.online. Retrieved 2025-02-17.
10. ^ Cem Kaner (Mar 26, 2014). “Why propose an advanced certification in software testing?”. Retrieved November 4, 2014.
11. ^ “Academic Degrees Abbreviations”. Abbreviations.com. Archived from the original on Feb 15, 2014. Retrieved January 30, 2014.
12. ^ “Motion Picture Association of America”. mpaa.org. Archived from the original on Dec 30, 2011.
13. ^ International standards and private standards. International Organization for Standardization. 2010. ISBN 978-92-67-10518-5. Archived from the original on May 21, 2023 – via DocPlayer.
14. ^ “Attestations of conformity”. CASCO. International Organization for Standardization. Archived from the original on Nov 30, 2023.
15. ^ “U.S. Conformity Assessment System: 3rd Party Conformity Assessment”. ANSI Standards Portal. Retrieved November 4, 2014.
16. ^ Jump up to:^a b “Certifying Software Testers Worldwide – ISTQB® International Software Testing Qualifications Board”. Retrieved November 4, 2014.
17. ^ “International Institute for Software Testing (IIST) CSTP & CTM Informational Home Page”. Testinginstitute.com. Retrieved January 30, 2014.
18. ^ “Participatory Guarantee Systems” (PGS) are participatory certification systems which aim to guarantee buyers or users that sustainable production practices have been respected, as recognised by a quality mark or label”. certification-participative.org. Retrieved 2025-02-17.
19.  Rausand M (2013). “Chapter 1: Introduction”. Risk Assessment: Theory, Methods, and Applications. John Wiley & Sons. pp. 1–28. ISBN 9780470637647.
20. ^ Neil Hodge (2021). “How to Address Low-Probability, High-Impact Risks”, Risk Management
21. ^ Jump up to:^a b c Manuele FA (2016). “Chapter 1: Risk Assessments: Their Significance and the Role of the Safety Professional”. In Popov G, Lyon BK, Hollcraft B (eds.). Risk Assessment: A Practical Guide to Assessing Operational Risks. John Wiley & Sons. pp. 1–22. ISBN 9781118911044.
22. ^ Jump up to:^{a b c d e f g} Levi R (1 June 2018). “Getting Real About Both Benefits and Risks”. Science & Practice, English Special 2018. Swedish Agency of Health Technology Assessment and Assessment of Social Services. ISSN 1104-1250. Retrieved 2018-06-14.
23. ^ Jump up to:^a b c Varshavsky JR, Rayasam SD, Sass JB, Axelrad DA, Cranor CF, Hattis D, et al. (January 2023). “Current practice and recommendations for advancing how human variability and susceptibility are considered in chemical risk assessment”. Environmental Health. 21 (Suppl 1): 133. Bibcode:2023EnvHe..21S.133V. doi:10.1186/s12940-022-00940-1. PMC 9835253. PMID 36635753.
24. ^ Hoffmann TC, Del Mar C (February 2015). “Patients’ expectations of the benefits and harms of treatments, screening, and tests: a systematic review” (PDF). JAMA Internal Medicine. 175 (2): 274–86. doi:10.1001/jamainternmed.2014.6016. PMID 25531451.
25. ^ Jump up to:^a b c d Stacey D, Lewis KB, Smith M, Carley M, Volk R, Douglas EE, et al. (January 2024). “Decision aids for people facing health treatment or screening decisions”. The Cochrane Database of Systematic Reviews. 1 (1): CD001431. doi:10.1002/14651858.CD001431.pub6. PMC 10823577. PMID 38284415.
26. ^ Rausand M (2013). “Chapter 6: Accident Models”. Risk Assessment: Theory, Methods, and Applications. John Wiley & Sons. pp. 137–76. ISBN 9780470637647.
27. ^ Jump up to:^a b Vamanu BI, Gheorghe AV, Kaina PF (2016). Critical Infrastructures: Risk and Vulnerability Assessment in Transportation of Dangerous Goods: Transportation by Road and Rail. Springer. p. 11. ISBN 9783319309316.
28. ^ Lacey P (2011). “An Application of Fault Tree Analysis to the Identification and Management of Risks in Government Funded Human Service Delivery”. Proceedings of the 2nd International Conference on Public Policy and Social Sciences. SSRN 2171117.
29. ^ Shirey R (August 2007). “Internet Security Glossary, Version 2”. Network Working Group. The IETF Trust: 9. Retrieved 19 July 2018.
30. ^ Mandelbrot B, Hudson RL (2008). The (mis)Behaviour of Markets: A Fractal View of Risk, Ruin and Reward. London: Profile Books. ISBN 9781846682629.
31. ^ Kasperson RE, Renn O, Slovic P, Brown HS, Emel J, Goble R, et al. (1988). “The social amplification of risk: A conceptual framework” (PDF). Risk Analysis. 8 (2): 177–187. Bibcode:1988RiskA…8..177K. doi:10.1111/j.1539-6924.1988.tb01168.x.
32. ^ Commoner B. “Comparing apples to oranges: Risk of cost/benefit analysis”. In Iannone AP (ed.). Contemporary moral controversies in technology. pp. 64–65.
33. ^ O’Brien M (2002). Making better environmental decisions: an alternative to risk assessment. Cambridge, Massachusetts: MIT Press. ISBN 0-262-65053-3. Retrieved 27 September 2010.
34. ^ Shrader-Frechette K, Westra L (October 1997). Technology and Values. Lanham, Md.: Rowman & Littlefield Publishers. ISBN 978-1-4616-4399-9.
35. ^ Taleb NN (September 2008). The fourth quadrant: a map of the limits of statistics (PDF). An Edge original essay (Report).
36. ^ Holzmann R, Jørgensen S (2001). “Social Risk Management: A New Conceptual Framework for Social Protection, and Beyond”. International Tax and Public Finance. 8 (4): 529–56. doi:10.1023/A:1011247814590. S2CID 14180040.
37. ^ Nakaš N (21 November 2017). “Three Lessons About Risk Management from Everyday Life”. Knowledge Hub. Center of Excellence in Finance. Retrieved 19 July 2018.
38. ^ Jump up to:^a b c d Lock G (June 2017). Phillips M (ed.). “Public Safety Diving-Dynamic Risk Assessment” (PDF). PS Diver Magazine (116): 9. Retrieved 20 June 2017.
39. ^ “Risk Assessment and Regulation Information from the NLM”. National Library of Medicine. Retrieved 9 June 2013.
40. ^ “Databases on toxicology, hazardous chemicals, environmental health, and toxic releases”. TOXNET. NLM. May 2012. Retrieved 9 June 2013.
41. ^ “Household Products Database”. U.S. Dept. of Health & Human Services. January 2013. Retrieved 9 June 2013.
42. ^ “Risk Assessment Portal”. EPA. 13 May 2013. Retrieved 9 June 2013.
43. ^ EPA Alumni Association: Senior EPA officials discuss early implementation of the Safe Drinking Water Act of 1974, Video, Transcript (see pages 11,14).
44. ^ “Risk Assessment”. www.epa.gov. US Environmental Protection Agency. 2013-09-26. Retrieved 2016-04-07.
45. ^ Szabo DT, Loccisano AE (March 30, 2012). “POPs and Human Health Risk Assessment”. Dioxins and Persistent Organic Pollutants (3rd ed.). pp. 579–618. doi:10.1002/9781118184141.ch19. ISBN 9781118184141.
46. ^ Nielsen GH, Heiger-Bernays WJ, Levy JI, White RF, Axelrad DA, Lam J, et al. (January 2023). “Application of probabilistic methods to address variability and uncertainty in estimating risks for non-cancer health effects”. Environmental Health. 21 (Suppl 1): 129. Bibcode:2023EnvHe..21S.129N. doi:10.1186/s12940-022-00918-z. PMC 9835218. PMID 36635712.
47. ^ R. Shirey (August 2007). Internet Security Glossary, Version 2. Network Working Group. doi:10.17487/RFC4949. RFC 4949. Informational.
48. ^ Hunter PR, Fewtrell L (2001). “Acceptable Risk” (PDF). World Health Organization.
49. ^ Merrill RA (1997). “Food safety regulation: reforming the Delaney Clause”. Annual Review of Public Health. 18: 313–40. doi:10.1146/annurev.publhealth.18.1.313. PMID 9143722. This source includes a useful historical survey of prior food safety regulation.
50. ^ Current intelligence bulletin 69: NIOSH practices in occupational risk assessment (Report). 2020-02-01. doi:10.26616/nioshpub2020106.
51. ^ “OSHA’s 5 Workplace Hazards”. Grainger Industrial Supply.
52. ^ Waters M, McKernan L, Maier A, Jayjock M, Schaeffer V, Brosseau L (2015-11-25). “Exposure Estimation and Interpretation of Occupational Risk: Enhanced Information for the Occupational Risk Manager”. Journal of Occupational and Environmental Hygiene. 12 (Suppl 1): S99-111. Bibcode:2015JOEH…12S..99W. doi:10.1080/15459624.2015.1084421. PMC 4685553. PMID 26302336.
53. ^ UNDRR (2019). Global Assessment Report on Disaster Risk Reduction. Geneva: UNDRR. p. 472. ISBN 978-92-1-004180-5. Retrieved 22 June 2020.
54. ^ Tiepolo M (2019). “Flood Assessment for Risk-Informed Planning along the Sirba River, Niger”. Sustainability. 11 (4003). doi:10.3390/w11051018.
55. ^ Massazza G (2019). “Flood Hazard Scenarios of the Sirba River (Niger): Evaluation of the Hazard Thresholds and Flooding Areas”. Water. 11 (5): 1018. Bibcode:2019Water..11.1018M. doi:10.3390/w11051018.
56. ^ Tiepolo M (2018). “Multihazard Risk Assessment for Planning with Climate in the Dosso Region, Niger”. Climate. 6 (67): 67. Bibcode:2018Clim….6…67T. doi:10.3390/cli6030067.
57. ^ International Organization for Standardization (8 November 2017). “ISO Guide 73: 2009. Risk management – Vocabulary”. ISO. Retrieved 22 June 2020.
58. ^ Jump up to:^a b Tarchiani V (2020). “Community and Impact Based Early Warning System for Flood Risk Preparedness: The Experience of the Sirba River in Niger”. Sustainability. 12 (2196). doi:10.3390/su12062196.
59. ^ Managing Project Risks – Retrieved May 20th, 2010
60. ^ Spring J, Kern S, Summers A (2015-05-01). “Global adversarial capability modeling”. 2015 APWG Symposium on Electronic Crime Research (eCrime). pp. 1–21. doi:10.1109/ECRIME.2015.7120797. ISBN 978-1-4799-8909-6. S2CID 24580989.
61. ^ “Risk assessment”. NIST Computer Security Resource Center Glossary. National Institute of Standards and Technology (NIST).
62. ^ “NIST”. NIST. 30 November 2016.
63. ^ “ISACA COBIT”. ISACA.
64. ^ “FAIR”. FAIR.
65. ^ “Carnegie Mellon University”. Software Engineering Institute, Carnegie Mellon University. 31 August 1999.
66. ^ “Center for Internet Security”. Center for Internet Security (CIS).
67. ^ “DoCRA”. Duty of Care Risk Analysis (DoCRA).
68. ^ Canadian Centre for Cyber Security (2018-08-15). “Canadian Centre for Cyber Security”. Canadian Centre for Cyber Security. Retrieved 2021-08-09.
69. ^ Baingo D (2021). “Threat Risk Assessment (TRA) for Physical Security”. In Masys AJ (ed.). Sensemaking for Security. Advanced Sciences and Technologies for Security Applications. Cham: Springer International Publishing. pp. 243–270. doi:10.1007/978-3-030-71998-2_14. ISBN 978-3-030-71998-2. S2CID 236706551.
70. ^ “An Overview of Threat and Risk Assessment | SANS Institute”. www.sans.org. Retrieved 2021-08-09.
71. ^ Treasury Board of Canada Secretariat (2006-03-06). “Rescinded [2019-06-28] – Security Organization and Administration Standard”. www.tbs-sct.gc.ca. Retrieved 2021-08-09.
72. ^ “ISM CODE – Amendments from 1st July 2010 Risk Assessment”. Archived from the original on 27 April 2014.
73. ^ “Diving Regulations 2009”. Occupational Health and Safety Act 85 of 1993 – Regulations and Notices – Government Notice R41. Pretoria: Government Printer. Archived from the original on 4 November 2016. Retrieved 3 November 2016 – via Southern African Legal Information Institute.
74. ^ Staff (August 2016). “15 – General safety requirements”. Guidance for diving supervisors IMCA D 022 (Revision 1 ed.). London, UK: International Marine Contractors Association. pp. 15–5.
75. ^ Staff (1977). “The Diving at Work Regulations 1997”. Statutory Instruments 1997 No. 2776 Health and Safety. Kew, Richmond, Surrey: Her Majesty’s Stationery Office (HMSO). Retrieved 6 November 2016.
76. ^ Gurr K (August 2008). “13: Operational Safety”. In Mount T, Dituri J (eds.). Exploration and Mixed Gas Diving Encyclopedia (1st ed.). Miami Shores, Florida: International Association of Nitrox Divers. pp. 165–180. ISBN 978-0-915539-10-9.
77. ^ “2018 Accreditation Rubric” (PDF). Seattle, Washington: Northwest Association of Independent Schools.
78. ^ “Adventure Activities Regulations”. supportadventure.co.nz.
79. ^ “Health and Safety at Work (Adventure Activities) Regulations 2016 (LI 2016/19)”. New Zealand Legislation.
80. ^ “Adventure Activities Licensing”. The Health and Safety Executive (HSE). gov.uk.
81. ^ “Adventure activities”. Work Safe. New Zealand.
82. ^ Dallat C, Salmon PM, Goode N (2015). “All about the Teacher, the Rain and the Backpack: The Lack of a Systems Approach to Risk Assessment in School Outdoor Education Programs”. Procedia Manufacturing. 3: 1157–1164. doi:10.1016/j.promfg.2015.07.193.
83. ^ Baierlein J (2019). Risk Management for Outdoor Programs: a Guide to Safety in Outdoor Education, Recreation and Adventure. Seattle, WA: Viristar LLC.
84. ^ Jump up to:^a b Goussen B, Price OR, Rendal C, Ashauer R (October 2016). “Integrated presentation of ecological risk from multiple stressors”. Scientific Reports. 6: 36004. Bibcode:2016NatSR…636004G. doi:10.1038/srep36004. PMC 5080554. PMID 27782171.
85. ^ Jager T, Heugens EH, Kooijman SA (April 2006). “Making sense of ecotoxicological test results: towards application of process-based models”. Ecotoxicology. 15 (3): 305–14. Bibcode:2006Ecotx..15..305J. CiteSeerX 10.1.1.453.1811. doi:10.1007/s10646-006-0060-x. PMID 16739032. S2CID 18825042.
86. ^ Goussen B, Rendal C, Sheffield D, Butler E, Price OR, Ashauer R (December 2020). “Bioenergetics modelling to analyse and predict the joint effects of multiple stressors: Meta-analysis and model corroboration”. The Science of the Total Environment. 749: 141509. arXiv:2102.13107. Bibcode:2020ScTEn.74941509G. doi:10.1016/j.scitotenv.2020.141509. PMID 32827825.
87. ^ Landis WG (2005). Regional scale ecological risk assessment : using the relative risk model. Boca Raton, FL: CRC Press. ISBN 1-56670-655-6. OCLC 74274833.
88. ^ Lackey R (1997). “If ecological risk assessment is the answer, what is the question”. Human and Ecological Risk Assessment. 3 (6): 921–928. Bibcode:1997HERA….3..921L. doi:10.1080/10807039709383735.
89. ^ Nicholson E, Regan TJ, Auld TD, Burns EL, Chisholm LA, English V, et al. (2015). “Towards consistency, rigour and compatibility of risk assessments for ecosystems and ecological communities”. Austral Ecology. 40 (4): 347–363. Bibcode:2015AusEc..40..347N. doi:10.1111/aec.12148. hdl:1885/66771. ISSN 1442-9985. S2CID 82412136.
90. ^ Keith DA, Rodríguez JP, Brooks TM, Burgman MA, Barrow EG, Bland L, et al. (2015). “The IUCN Red List of Ecosystems: Motivations, Challenges, and Applications”. Conservation Letters. 8 (3): 214–226. Bibcode:2015ConL….8..214K. doi:10.1111/conl.12167. hdl:10536/DRO/DU:30073631. ISSN 1755-263X.
91. ^ Brooks TM, Butchart SH, Cox NA, Heath M, Hilton-Taylor C, Hoffmann M, et al. (2015). “Harnessing biodiversity and conservation knowledge products to track the Aichi Targets and Sustainable Development Goals”. Biodiversity. 16 (2–3): 157–174. Bibcode:2015Biodi..16..157B. doi:10.1080/14888386.2015.1075903. ISSN 1488-8386.
92. ^ Jump up to:^a b c d “What is Risk Assessment”. Bureau of Justice Assistance. U.S. Department of Justice.
93. ^ Jump up to:^a b Monahan J, Skeem JL (2016). “Risk Assessment in Criminal Sentencing”. Annual Review of Clinical Psychology. 12: 489–513. doi:10.1146/annurev-clinpsy-021815-092945. PMID 26666966.
94. ^ Heilbrun K (2009). “Risk Assessment in Evidence-Based Sentencing: Context and Promising Sues”. Chapman Journal of Criminal Justice. 1: 127–142.
95. ^ “Advancing Pretrial Policy & Research: What is the PSA?”. Advancing Pretrial Policy and Research (APPR).
96. ^ “How the PSA Works”. Advancing Pretrial Policy and Research (APPR).
97.  Beaney, Michael (Summer 2012). “Analysis”. The Stanford Encyclopedia of Philosophy. Metaphysics Research Lab, Stanford University. Retrieved 23 May 2012.
98. ^ Douglas Harper (2001–2012). “analysis (n.)”. Online Etymology Dictionary. Douglas Harper. Retrieved 23 May 2012.
99. ^ “Qualitative Analysis” (PDF). Archived (PDF) from the original on 9 October 2022.
100. ^ “Quantitative Chemical Analysis”. Stoichiometry of Chemical Reactions. OpenStaxCollege. October 2014.
101. ^ “CHEMICAL AND BIOMOLECULAR ENGINEERING” (PDF). Spring 2018. Archived (PDF) from the original on 9 October 2022.
102. ^ Hargaden, Helena; Sills, Charlotte (23 April 2014). Transactional Analysis. doi:10.4324/9781315820279. ISBN 9781315820279.
103. ^ “Dye, Dr Christopher”, Who’s Who, Oxford University Press, 1 December 2012, doi:10.1093/ww/9780199540884.013.256626
104. ^ Jump up to:^a b Warfield, Scott (November 2014). “Lady in the Dark: Biography of a Musical. By bruce d. mcclung. Oxford: Oxford University Press, 2007. – Oklahoma!: The Making of an American Musical. By Tim Carter. New Haven, CT: Yale University Press, 2007. – South Pacific: Paradise Rewritten. By Jim Lovensheimer. Oxford: Oxford University Press, 2010. – Wicked: A Musical Biography. By Paul R. Laird. Lanham, MD: Scarecrow Press, 2011”. Journal of the Society for American Music. 8 (4): 587–596. doi:10.1017/s1752196314000443. ISSN 1752-1963. S2CID 232401945.
105. ^ Neumeyer, David (November 2018). Guide to Schenkerian Analysis. The University of Texas at Austin; University of Texas Libraries. doi:10.15781/T2D21S443. hdl:2152/70263.
106. ^ Jump up to:^a b Hospers, John (15 April 2013). An Introduction to Philosophical Analysis. doi:10.4324/9780203714454. ISBN 9780203714454.
107. ^ McCall, Grant (March 2012). “In Memory of George H. Odell”. Lithic Technology. 37 (1): 3–4. doi:10.1179/lit.2012.37.1.3. ISSN 0197-7261. S2CID 108647958.