bullet green arrow 25 6.1 specifies that the organization shall plan actions to address risks

bullet green arrow 25There is no requirement for formal methods for risk management or a documented risk management process.

bullet green arrow 25Organizations can decide whether or not to develop a more extensive risk management methodology than is required by this International Standard, e.g. through the application of other guidance or standards.