This International Standard provides principles and generic guidelines on implementation of risk management.This International Standard can be applied to any public, private or community enterprise, association, group or individual. Therefore, this International Standard is generic and not specific to any industry or sector. NOTE – For convenience, all the different addressees of this International Standard are referred to by the general term “organization”. This International Standard can be applied throughout the life of an organization, and to a wide range of activities, processes, functions, projects, products, services, assets, operations and decisions. Although this International Standard provides generic guidelines, it is not intended to impose uniformity of risk management across organizations. The design and implementation of risk management will depend on the varying needs of a specific organization, its particular objectives, context, structure, products, services, projects, the operational processes and specific practices employed. This International Standard intends to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards. This International Standard is not intended to be used for the purpose of certification.