Risk criteria are defined by ISO as ‘terms of reference against which the significance of a risk is evaluated’. A common approach is to divide the risk spectrum into three broad regions, where the highest risk is termed as unacceptable; lowest as acceptable and the middle region is known as ALARP (as low as reasonably practicable). The specific types of risk criteria include risk matrix, societal, individual, cost-benefit and qualitative risk criteria. The organisations set their risk criteria at different levels by either choosing the criteria that has already been used by others or developing them from their fundamental principles.
Source: DNV GL