Risk Assessment Process

This chapter applies ISO 31000 risk management processes to user service quality of cloud-based applications. It organizes as follows: purpose and context of risk assessment process, risk identification, risk analysis, risk evaluation, and risk treatment. The primary output of a cloud user service quality risk assessment is a risk assessment table, which enables cloud service customer (CSC) leaders to decide which risk treatment options to pursue. The goal of the risk identification activity is to capture a complete set of the user service quality risks for the target service. The output of this activity is a partially completed risk assessment table for the target service. Risk analysis is about developing an understanding of the risk. It provides an input to risk assessment and to decisions about whether risks need to be treated and about the most appropriate treatment strategies and methods. The risk assessment artifact is the primary input to the risk treatment activity.