6.3 Scope, context and criteria

ISO 31000:2018 provides guidance for establishing the scope of a risk-management program, analysing the internal and external context in which an organization operates, and defining the criteria against which risk is evaluated. Section 6.3 outlines the steps to identify relevant objectives, stakeholders, and environmental factors, and to set consistent risk-assessment parameters that align with the organization's goals and regulatory requirements. This ensures that risk decisions are made within a clear, contextual framework.