ISO Compatibility

Risk Register supports several ISO standards.

ISO 31000

The objective of ISO 31000 is to provide guidelines on managing the risk faced by organizations. The standard can be customized to any organization and is not specific to any industry or sector.

Section 5.4.4 of the standard states that it is necessary to "ensure allocation of appropriate resources for risk management", including "tools to be used for managing risk." Risk Register by ProjectBalm is fully compatible with ISO 31000, and can be used to help ensure compliance with this standard.

ISO 31000 defines the Principles, Framework, and Process for managing risk. The Risk Register application supports the risk management Process, which is defined in section 6. The following specific steps are supported by the application:

Section 6.4.2 Risk identification is enabled by the creation of a risk within the application.
Section 6.4.3 Risk analysis is enabled by the definition of risk probability and impact for a risk within the application.
Section 6.4.4 Risk evaluation is enabled by the definition of a risk model in the application and the automatic calculation of the level of risk.

Documentation for these three activities can be found here - Server and Cloud.

Section 6.5 Risk treatment is enabled by the risk treatment fields in the application, including the ability to record mitigating actions.

Documentation for this activity can be found here - Server and Cloud.

Section 6.6 Monitoring and review is enabled by the risk register and risk matrix views

Documentation for this activity can be found here - Server and Cloud.

ISO 27001

The objective of ISO 27001 is to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The standard can be customized to any organization and is not specific to any industry or sector.

Risk Register by ProjectBalm is fully compatible with ISO 27001, and can be used to help ensure compliance with this standard. The following specific steps are supported by the application:

Section 4.2.1.d Identify the Risks is enabled by the creation of a risk within the application.
Section 4.2.1.e Analyse and evaluate the risks is enabled by the definition of risk probability and impact for a risk, the definition of a risk model in the application, and the automatic calculation of the level of risk.

Documentation for these activities can be found here - Server and Cloud.

Section 4.2.1.f Identity and evaluate options for the treatment of risks is enabled by the risk treatment fields in the application, including the ability to record mitigating actions.

Documentation for this activity can be found here - Server and Cloud.

Section 4.2.3 Monitor and and review the ISMS is supported by the risk register and risk matrix views

Documentation for this activity can be found here - Server and Cloud.

ISO 14971

The objective of ISO 14971 is to provide a process for a manufacturer to identify the hazards associated with medical devices, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.

Risk Register by ProjectBalm is fully compatible with ISO 14971, and can be used to help ensure compliance with this standard. The following specific steps are supported by the application:

Section 4.3 Identification of hazards is enabled by the creation of a risk within the application.
Section 4.4 Estimation of the risk is enabled by the definition of risk probability and impact for a risk within the application.
Section 5 Risk evaluation is enabled by the definition of a risk model in the application and the automatic calculation of the level of risk.

Documentation for these three activities can be found here - Server and Cloud.

Section 6 Risk control are enabled by the risk treatment fields in the application, including the ability to record mitigating actions and residual risk.

Documentation for this activity can be found here - Server and Cloud.

ISO 62304

The objective of ISO 62304 is to provide a framework of life cycle processes with activities and tasks necessary for the safe design and maintenance of medical device software. This includes appropriate risk management.

Risk Register by ProjectBalm is fully compatible with ISO 62304, and can be used to help ensure compliance with this standard.Section 4.2 of the standard states that "The Manufacturer shall apply a risk management process complying with ISO 14971." Use of Risk Register by ProjectBalm with ISO 14971 is explained above. In addition, the following specific sections in ISO 62304 are supported by the application:

Section 7.1 Analysis of software contributing to hazardous situations is enabled by the creation of a risk within the application.
Section 4.3 Software safety classification is enabled by the definition of risk probability and impact for a risk within the application.
Section 6.4.4 Risk evaluation is enabled by the definition of a risk model in the application and the automatic calculation of the level of risk.

Documentation for these three activities can be found here - Server and Cloud.

Section 7 Risk control measures is enabled by the risk treatment fields in the application, including the ability to record mitigating actions and residual risk.

Documentation for this activity can be found here - Server and Cloud