6.4 Risk assessment

ISO 31000:2018 clause 6.4 outlines the risk-assessment step of the risk-management process, describing how organizations systematically identify hazards, analyze their likelihood and consequences, and evaluate risk levels against criteria to prioritise treatment. It emphasizes the use of appropriate methods and data, stakeholder input, and documentation to ensure consistent, transparent assessment across the enterprise.