ABSTRACT
Today, quality management, along with project management and some regulations, requires a risk management component to address issues when something goes wrong. Risk management can have several steps and there are a variety of ways to define these steps. For example, the document titled NIST Special Publication 800–39 Managing Information Security Risk states that risk management has four components. These are frame risk, assess risk, respond to risk once determined, and monitor risk on an ongoing basis using effective organizational communications and a feedback loop for continuous improvement in the risk-related activities of organizations. Quality risk management activities are usually, but not always, undertaken by interdisciplinary teams. Risk control includes decision-making to reduce and/or accept risks. The purpose of risk control is to reduce the risk to an acceptable level. Risk communication is the sharing of information about risk and risk management between the decision makers and others.
