Risk Context

This chapter illustrates the ISO 31000 risk management process. The establish-the-context activity frames an organization's objectives and scope along with the internal and external parameters and criteria to be used by risk management activities. ISO 31000 defines internal context as "internal environment in which the organization seeks to achieve its objectives". The chapter maps the internal context examples from ISO 31000 to the applicable cloud service quality risk vector. It illustrates the risk vectors often in the cloud service customer (CSC) internal context. The Risk IT framework usefully factors an organization's risk culture along three dimensions: behavior toward taking risks, behavior toward negative outcomes, and behavior toward policy compliance. CSCs typically interact with the following external parties: cloud service users, network transport service providers, service integrators, one or more cloud service provider organizations, and application software suppliers. The Network Functions Virtualization Quality Accountability Framework describes the roles and responsibilities of each of these parties.