The evaluation of risks on the basis of the probability of their occurrence and the extent of any resulting damage together with the subsequent derivation of suitable measures forms the starting point for operative risk and opportunity management. Examples can be found in risk management standards such as ONR 49000 and ISO 31000.
The company management should not simply take over the legal and official requirements on a 1:1 basis, but also implement them with respect to the risks revealed by the quality and management information system.
With effect from 2008, Switzerland (as well as other countries) has made the provision of ICS documentation for all social systems mandatory. Its presence must be confirmed by an external auditor.