ISO---风险管理--(翻译稿)-中文版

国际标准 ISO14971(第二版 )2007-03-01医疗器械风险管理对医疗器械的应用Medical devices –Application of risk management to medical devices前言引言1.范围2.术语和定义3. 风险管理的通用要求3.1 风险管理过程3.2 管理职责3.3 人员资格3.4 风险管理计划3.5 风险管理文档4. 风险分析4.1 风险分析过程4.2 医疗器械的预期用途和与器械安全有关的特征的判定4.3 危害的判定4.4 估计每种危害状况的风险5.风险评价6. 风险控制6.1 降低风险6.2 风险控制方案分析6.3 风险控制措施的实施6.4 剩余风险的评价6.5 风险/受益分析6.6 风险控制措施引起的风险6.7 风险控制的完整性7. 全部剩余风险的可接受性的评价8. 风险管理报告9. 生产和生产后信息附录A (提示性附录)要求的原理附录B (提示性附录)医疗器械风险管理过程总览附录C (提示性附录)用于判定医疗器械可能影响安全性的特征的问题附录D (提示性附录)用于医疗器械的风险概念附录E (提示性附录)危害,事件或危害状况的预见后果举例附录F (提示性附录)风险管理计划附录G (提示性附录)风险管理技术资料附录H (提示性附录)体外诊断医疗器械的风险管理指南附录J (提示性附录)安全性资料和剩余风险资料参考文献ISO(国际标准化组织)是由各国标准化团体(ISO成员团体)组成的世界性的联合会。

制定国际标准的工作通常由ISO的技术委员会完成,各成员团体若对某技术委员会已确立的标准项目感兴趣, 均有权参加该委员会的工作.与ISO保持联系的各国际组织(官方的或非官方的)也可参加有关工作。

在电工技术标准化方面,ISO与国际电工委员会(IEC)保持密切合作关系。

国际标准是根据ISO/IEC指令第2部分中所颁布的规则起草的。

技术委员会的主要任务是起草国际标准。

Written By: 作者Reviewed By:审核REV. ECN History ECN历史记录Date 日期APPROVALS批准PRODUCTS: 产品：Table of Contents目录TABLE-E.1 – ENERGY HAZARDS表格E-1兼容危害性 (7)ELECTROMAGNETIC ENERGY电磁兼容性 (7)RADIATION ENERGY辐射电磁波 (7)MECHANICAL ENERGY机械兼容性 (8)TABLE-E.1 – BIOLOGICAL AND CHEMICAL HAZARDS表格E-1生化危害性 (9)BIOLOGICAL 生物学制品 (9)CHEMICAL 化学制品 (10)BIOCOMPATABILITY (10)TABLE-E.1 – OPERATIONAL HAZARDS表格E-1操作危害性 (11)FUNCTION功能 (11)USE ERROR使用误差 (12)TABLE-E.1 – INFOMATION HAZARDS表格E-1 (12)LABELING标号 (12)OPERATATING INSTRUCTIONS操作使用说明 (13)WARNINGS警告 (14)TABLE-E.2 – INITIATING EVENTS AND CIRCUMSTANCES表格E-2 启动结果与环境 (15)INCOMPLETE REQUIREMENTS:不完全 (15)MANUFACTURING PROCESSES生产程序 (16)TRANSPORT AND STORAGE运输和储存 (16)ENVIROMANTAL FACTORS环境因素 (17)CLEANING, DISENFECTING, AND STERIALIZATION (18)DISPOSAL AND SCRAPPING处理和报废 (19)FORMULATION简要表述 (19)HUMAN FACTORS 人为因素 (20)FAILURE MODES 故障模式 (23)Conclusion:结论 (24)To be completed per instructions SOP-XX-XXRisk Management, current revision, in conjunction with standard ISO 14971 and MDD 93/42/EEC对于完成的标准操作程序中的风险管理和近期修正中的每项说明都应与标准的ISO 14971 以及MDD 93/42/EEC保持一致Note: ALL Boxes in matrix must have an entry whether applicable or not.注：所有’□’的方框, 必须要做登记适用与否(Use N/A for boxes which are not applicable, The ACTION TAKEN Box must be filled out for an explanation “Why it is not Applicable”)（使用N/A来判定方框哪个是不适用的。

1.Purpose1.1.This procedure has been developed by MAS Solutions to define the controls necessary to analyzeand evaluate potentially undesirable situations and to estimate the risk of their occurrence. Thisprocedure also identifies techniques and tools used by MAS for risk identification, assessment,and mitigation.2.Scope2.1.Risk management activities defined by this procedure may be applied at any level of theorganization, based on the situation and risk under consideration.2.2.The requirements of this procedure shall be applied as necessary to achieve desirable outcomes.Application of this procedure shall be at the direction of MAS’ manag 3.Terms and Definitions?Residual Risk: Risks remaining after protective measures have been taken.?Risk: Combination of the probability of occurrence of a negative outcome and the severityof that outcome.?Risk Analysis: Systematic use of available information to identify potentially undesirablesituations and to estimate the risk.?Risk Assessment: Overall process comprising a risk analysis and risk evaluation.?Risk Control: Process through which decisions are reached and protective measures areimplemented for reducing risks to, or maintaining risk within, specified levels.?Risk Evaluation: Judgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context.?Risk Management: Systematic application of management policies, procedures andpractices to the tasks of analyzing, evaluating and controlling risk.?Safety: Freedom from unacceptable risk.?Severity: Measure of the possible consequences of a potentially undesirable situation.4.Risk Management Process4.1.MAS has established and maintains a process for identifying potentially undesirable situationsassociated with the provision of services, estimating and evaluating the associated risks,controlling these risks and monitoring the effectiveness of the control. This risk managementprocess includes the following elements:?Risk Analysis?Risk Evaluation?Risk Control?Post- process Information5.Risk Analysis Process5.1.Risk Analysis shall be performed using a risk management plan that has been approved by theManagement Representative or responsible manager. This plan shall include the system used for qualitative or quantitative categorization of probability estimates and determining their severitylevel (see example, Appendix A).5.2.MAS shall use all available information and data to estimate the risk(s) for each potentiallyundesirable situation. MAS shall record this estimation of the risk as part of the risk assessmentfile.6.Risk Evaluation and Control6.1.MAS shall use the criteria defined in the risk management plan to estimate the significance ofeach identified potentially undesirable situation (see example, Appendix A).6.2.MAS shall identify risk control measures that are appropriate for reducing identified risks to anacceptable level. MAS shall then implement the risk control measure(s) selected, and shall verify the effectiveness of any measures taken.7.Residual Risk Evaluation7.1.MAS shall use the criteria defined in the risk management plan to evaluate any residual risk thatremains after application of risk control measure(s). MAS shall apply further risk controlmeasures if the residual risk does not meet the criteria.7.2.MAS shall document all relevant information necessary to explain the residual risk(s) if theresidual risk is judged acceptable.8.Opportunities8.1.The methods specified above may also be used for determining opportunities related to this BMSand its processes. Where such opportunities are identified, they should be noted as such as part of the final risk assessment report, and action taken as appropriate.。

特别提醒：本稿件任何引用仅供学习、参考、交流用！所有内容请以官方最终出版物为准！任何对本稿件的转载或应用，造成的所有后果由使用者自负！本稿件所有翻译内容均基于个人理解，不代表任何机构和其他个人意见，请慎重参考！ISO13485:2015中文翻译稿前言国际标准化组织(ISO)是由各国标准化团体(ISO成员团体)组成的世界性的联合会。

制定国际标准的工作通常由ISO的技术委员会完成。

各成员团体若对某技术委员会确定的项目感兴趣，均有权参加该委员会的工作。

与ISO保持联系的各国际组织(官方的或非官方的)也可参加有关工作。

ISO与国际电工委员会(IEC)在电工技术标准化方面保持密切合作的关系。

在ISO/IEC导则第1部分中规定了用于制定本文件的程序及对其采取进一步的维护。

特别需要注意的是，不同类型的ISO文件所需的批准准则是不同的。

本文件按照ISO/IEC指令第2部分的编辑规则起草。

(见/directives)。

需要注意是，本文件中的一些要素可能涉及到专利权的内容。

ISO不应负责识别任何及所有这些专利权问题。

在本文件的制定过程中，任何已识别的专利细节将会列入引言和（或）ISO已接收专利声明清单中。

(见/patents)。

本文件中所使用的任何商标名是为方便使用者而给予的信息，不构成背书。

与合格评定相关的ISO特定术语和表达的含义解释，以及在贸易技术壁垒(TBT)方面ISO遵从世界贸易组织（WTO）规则的信息，请见以下网址:/iso/foreword.html。

本文件由医疗器械质量管理和通用要求技术委员会ISO/TC210负责。

第3版标准经技术性修改,取消并替代第2版(ISO13485:2003)和ISO/TR 14969:2004。

本标准已将ISO13485:2003/Cor.1:2009勘误内容整合进来.附表A中概述了第3版标准与第2版之间的变化。

引言0.1总则本标准规定了质量管理体系要求，这些要求能够被参与到医疗器械生命周期的一个或多个阶段的组织所采用，包括医疗器械设计和开发、生产、贮存和销售、安装、服务、最终停用和处置，以及相关活动（如技术支持）的设计开发或提供。

国际标准 ISO14971(第二版 )2007-03-01医疗器械风险管理对医疗器械的应用Medical devices –Application of risk management to medical devices前言引言1.范围2.术语和定义3. 风险管理的通用要求3.1 风险管理过程3.2 管理职责3.3 人员资格3.4 风险管理计划3.5 风险管理文档4. 风险分析4.1 风险分析过程4.2 医疗器械的预期用途和与器械安全有关的特征的判定4.3 危害的判定4.4 估计每种危害状况的风险5.风险评价6. 风险控制6.1 降低风险6.2 风险控制方案分析6.3 风险控制措施的实施6.4 剩余风险的评价6.5 风险/受益分析6.6 风险控制措施引起的风险6.7 风险控制的完整性7. 全部剩余风险的可接受性的评价8. 风险管理报告9. 生产和生产后信息附录A (提示性附录)要求的原理附录B (提示性附录)医疗器械风险管理过程总览附录C (提示性附录)用于判定医疗器械可能影响安全性的特征的问题附录D (提示性附录)用于医疗器械的风险概念附录E (提示性附录)危害,事件或危害状况的预见后果举例附录F (提示性附录)风险管理计划附录G (提示性附录)风险管理技术资料附录H (提示性附录)体外诊断医疗器械的风险管理指南附录J (提示性附录)安全性资料和剩余风险资料参考文献ISO(国际标准化组织)是由各国标准化团体(ISO成员团体)组成的世界性的联合会。

制定国际标准的工作通常由ISO的技术委员会完成,各成员团体若对某技术委员会已确立的标准项目感兴趣, 均有权参加该委员会的工作.与ISO保持联系的各国际组织(官方的或非官方的)也可参加有关工作。

在电工技术标准化方面,ISO与国际电工委员会(IEC)保持密切合作关系。

国际标准是根据ISO/IEC指令第2部分中所颁布的规则起草的。

技术委员会的主要任务是起草国际标准。

Risk Management Plan (Example)This template presents a format for the Risk Management Plan (RMP) developed during the risk development phase. This generic Risk Management Plan (RMP) can be used as a template for the production of a project-specific RMP that can be used for almost any large-scale development project.Follow these guidelines in tailoring this document to your organizations needs:1. Discard this cover page2. Remove all bordered text guidelines.3. Replace [organization] with your organization name.RISK MANAGEMENT PLANFor The(Name of project)PROJECTTABLE OF CONTENTS1. INTRODUCTION (1)1.1 Scope (1)1.2 Purpose (1)1.3 Summary (1)2. RISK MANAGEMENT ORGANIZATION (3)2.1 General (3)2.2 Roles and Responsibilities (3)2.3 Relationships and Interfaces (6)3. RISK MANAGEMENT PROCESS (7)3.1 General (7)3.2 Risk Identification (8)3.3 Risk Assessment (9)3.4 Risk Containment (11)3.5 Risk Control (12)3.6 Closing Risks (12)3.7 Security of Risk Information (13)Appendix 1: RISK CONTROL AND RISK ACTION FORMS (14)Risk Control Form (14)Risk Action Form (15)Appendix 2: RISK GRID (16)LIST OF FIGURESFigure 1 - Risk Management Organization (3)Figure 2 - Risk Management Process (7)1. INTRODUCTION1.1 Scope1.1.1 This Plan describes the Risk Management Organization and Process that will be used during the (Name of project) Program.1.2 Purpose1.2.1 The purpose of the Risk Management Process is to identify and analyze the effects of uncertainties on the (Name of project) Program, in order that action can be taken to minimize the consequences of any undesired event that may jeopardize the success of the Program. The purpose of this plan is to establish a framework of working practices, which will enable all risks associated with the (Name of project) Program to be identified, monitored and controlled during the life of the Program.1.3 Summary1.3.1 Risk Management Organization.1.3.1.1 The main elements of the Risk Management Organization described in this plan are:• The Program Director• The Risk Manager• The Risk Management Committee• The Risk Owners.1.3.1.2Risk Organization Summary. The Risk Manager reports to the Assurance Manager who in turn reports directly to the Program Director, who has the overall responsibility for Risk Management on the (Name of project) Program. The Risk Manager is responsible for the effective management of the Risk Management Process as described in this plan. The Risk Management Committee is selected from the top levels of the (Name of project) Project Organization, including all those managers that report directly to the Program Manager. The function of the Risk Management Committee is to provide overall guidance on the risk management activities and regularly review the risks that could potentially have the most significant impact on the (Name of project) Program. The Risk Committee also sanctions the appointment of Risk Owners and the opening and closing of risks on the Risk Register. The Risk Owners are responsible for formulating and implementing the risk containment strategies.1.3.2 Risk Management Process.1.3.2.1 This plan describes the Risk Management process by splitting it into the four phases of Identification, Assessment, Containment and Control1.3.2.1 Risk Management Process Summary. Risks are actively exposedthrough the Risk Identification Workshops, etc. and recorded on theRisk Register. A Risk Owner is then appointed and in conjunction withthe Risk Manager, the Risk is qualitatively assessed and acontainment strategy is agreed. The actions needed to implement thisstrategy are then allocated to Action Managers by the Risk Owner,who then monitors progress. The risks, which are likely to have themost significant impact on the (Name of project) Program (Program-Level Risks), are selected from the Risk Register for quantitativeanalysis. This further analysis is used to model the overall effect thatthe Program-Level risks will have on the (Name of project) Program. AProgram Level Risk must be owned by a Risk Committee member,however, the remaining risks (Activity Level Risks) can be handled bysomeone from the appropriate Risk Committee member's team. Thetop 20 risks are selected from the Program Level Risk Set andprioritized for regular review at the Risk Management Committeemeeting. The Risk manager reviews all open risks monthly with theRisk Owners until they are closed.2. RISK MANAGEMENT ORGANIZATION2.1 General2.1.1 The Risk Management Organization has been structured so that Risk Management is an integral part of the overall Management Organization. The Program Director has overall responsibility for Risk Management on the (Name of project) Program. The Risk Manager reports to the Assurance Manager who in turn reports directly to the Program Director. This reporting chain is shown in Figure 1 below:Program DirectorAssuranceManagerRiskManagerFigure 1 - Risk Management OrganizationThe other main elements in the Risk Management Organization are the Risk Management Committee and the Risk Owners.2.2 Roles and Responsibilities2.2.1 The Program Director. The Program Director has overall responsibility for Risk Management on (Name of project).2.2.2The Assurance Manager. The Assurance Manager coordinates all the Assurance functions on the (Name of project) Program, which includes the Risk Management Process.2.2.3 The Risk Manager. The Risk Manager is responsible to the Assurance Manager and Program Director for the effective management of the Risk Management Process, which includes the following:• Facilitate the identification of all risks that may impact the success of the (Name of project) Program. This includes using checklists, analyzing theWork Breakdown Structure, conducting Structured Interviews and holding Risk Identification Workshops.• Ensure that all risks identified are logged into the (Name of project) Risk Register.• Ensure that a Risk Owner is allocated to each risk.• Ensure that every risk identified is qualitatively analyzed for its probability of occurrence and potential impact on the Program.• Ensure that there is a containment strategy for each risk, which is being properly implemented with clearly identified actions.• From the risks identified recommend to the Risk Management Committee those risks that should be part of the Program-Level Risk Set (theselection of risks which could have potentially the most significant impacton the (Name of project) Program).• With the Risk Owner, conduct a quantitative analysis (3 point estimates) for each risk in the Program-Level Risk Set.• From the Program-Level Risk Set and the Project Plan, produce and maintain a Risk Network (as described in para 3.3.6).• Using the quantitative analysis and the Risk Network, model the effect that risks in the Program-Level Risk Set may have on the timing of theProgram milestones and the costs of achieving them.• From the Program-Level Risk Set select and prioritize the top 20 risks.• Regularly review both Activity Level Risks and Program-Level Risks with their Owners.• Maintain the Risk Register and ensure that it is accurate and up to date.• Convene and chair regular meetings of the Risk Management Committee.• Report risks and their status to the Customer, as required.• Reassess risk in proposed or unavoidable changes to the Program.2.2.4 The Risk Management Committee. The Risk Management Committee is responsible for the overall guidance of risk management activities. Membership of this committee is selected from the top levels of the (Name of project) Program organization, including all those managers that report directly to the Program Manager. This encourages a commitment to risk management at the highest levels on the program and ensures that the Committee is able to take a broad and authoritative view when reviewing risks and exploring avenues to contain them. The Risk Management Committee meets every month to oversee the managing of risks and their containment strategies. At these meetings the Committee will:• Review every risk in the Prioritized Risk List.• For any new risk tabled by the Risk Manager, either sanction the opening of this risk in the Risk Register, or reject it.• Confirm the selection of the Risk Owner.• Agree the containment strategies for the Prioritized risks.• Sanction the closure of risks on the Risk Register.2.2.5 Risk Management Committee Membership. The current membership of the Risk Management Committee is:• Program Director• Risk Manager• Program Manager• Operations Manager• Business Design Manager• Technical Platform Manager• Applications Development Manager• User Support Manager• Test & Integration Manager• Implementation Manager• Facilities Management Manager• FM Operations & Support Manager• Financial Controller• Systems Engineering Manager• Chief Systems Architect• Chief Business Engineer• Security Design Authority• Release 1 Manager。

INTERNATIONAL STANDARDISO/FDIS31000Risk management —Principles and guidelinesForeword前言国际标准化组织（ISO）是各国标准化团体（ISO成员团体）组成的世界性的联合。

制定国际标准工作通常由ISO的技术委员会完成。

个成员团体若对某技术委员会确定的项目感兴趣，均由权参加该委员会的工作。

与ISO保持联系的各国际组织（官方的或非官方的）也可参加有关工作。

ISO与国际电工委员会（IEC）在电工技术标准化方面保持密切合作的关系。

国际标准是根据ISO/IEC导则第2部分的规则起草的。

由技术委员会通过的国际标准草案提交各成员团体投票表决，需取得了至少3/4参加表决的成员团体的同意，国际标准草案才能作为国际标准证实发布。

本标准中的某些内容有可能涉及一些专利权问题，这一点应引起注意，ISO不负责识别任何这样的专利权问题。

ISO 31000由ISO技术管理委员会风险管理工作组编写。

所有类型和规模的组织都面临内部和外部因素的影响，使得它不能确定是否及何时实现其目标。

这种对一个组织的目标影响的不确定性既是“风险”。

一个组织的所有活动都涉及风险。

组织通过识别、分析、评价风险以及处理风险，以满足他们的风险标准。

在这个过程中，他们与利益相关者沟通协商，监测和审查风险控制，并不断的修正风险，以确保风险处理不再是必需的。

本标准详细描述了这一系统的和符合逻辑的过程。

尽管所有的组织在某种程度上都在管理风险，本标准规定了一些原则，以使风险管理变得有效。

本标准建议，组织制定，实施和不断完善的框架，其目的是将风险管理纳入到组织的治理，战略和规划，管理，报告程序，政策，价值观和文化等综合管理的整个过程。

风险管理可以应用到整个组织，它的许多领域和层次，在任何时间，以及具体职能，项目和活动。

尽管在过去这段时间内的许多部门，以满足不同的需要的风险管理的做法是成熟的，但是通过采用一致性流程的综合框架有助于确保风险管理的有效性，并且有效和连贯整个组织。

国际标准 ISO14971(第二版 )2007-03-01医疗器械风险管理对医疗器械的应用Medical devices –Application of risk management to medical devices前言引言1.范围2.术语和定义3. 风险管理的通用要求3.1 风险管理过程3.2 管理职责3.3 人员资格3.4 风险管理计划3.5 风险管理文档4. 风险分析4.1 风险分析过程4.2 医疗器械的预期用途和与器械安全有关的特征的判定4.3 危害的判定4.4 估计每种危害状况的风险5.风险评价6. 风险控制6.1 降低风险6.2 风险控制方案分析6.3 风险控制措施的实施6.4 剩余风险的评价6.5 风险/受益分析6.6 风险控制措施引起的风险6.7 风险控制的完整性7. 全部剩余风险的可接受性的评价8. 风险管理报告9. 生产和生产后信息附录 A (提示性附录)要求的原理附录 B (提示性附录)医疗器械风险管理过程总览附录 C (提示性附录)用于判定医疗器械可能影响安全性的特征的问题附录 D (提示性附录)用于医疗器械的风险概念附录 E (提示性附录)危害,事件或危害状况的预见后果举例附录 F (提示性附录)风险管理计划附录G (提示性附录)风险管理技术资料附录H (提示性附录)体外诊断医疗器械的风险管理指南附录J (提示性附录)安全性资料和剩余风险资料参考文献ISO(国际标准化组织)是由各国标准化团体(ISO成员团体)组成的世界性的联合会。

制定国际标准的工作通常由ISO的技术委员会完成,各成员团体若对某技术委员会已确立的标准项目感兴趣, 均有权参加该委员会的工作.与ISO保持联系的各国际组织(官方的或非官方的)也可参加有关工作。

在电工技术标准化方面,ISO与国际电工委员会(IEC)保持密切合作关系。

国际标准是根据ISO/IEC指令第2部分中所颁布的规则起草的。

技术委员会的主要任务是起草国际标准。

ISOFDIS31000风险管理最终发布版中文翻译稿ISO/FDIS31000Risk management — Principles and guidelinesForeword前言ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies(ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and not-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.ISO（国际标准化组织）是一个各国标准化机构（ISO成员机构）组成的世界性联合会。

制定国际标准的工作通常由ISO的技术委员会完成。

各成员机构若对某技术委员会确定的项目感爱好，有权派代表参加该委员会。

iso31000-2018 风险管理标准中文版概述ISO31000-2018风险管理标准是一套全面、系统的风险管理原则和指导原则，旨在帮助组织有效识别、评估、管理和减轻风险，确保组织在安全、可靠的环境中持续、稳定地发展。

本标准适用于各种类型和规模的组织，包括企业、政府机构、非营利组织等。

主要内容1.风险管理原则ISO31000-2018风险管理标准提出了七项风险管理原则，包括：*全面风险管理：组织应全面识别、评估和管理各种类型和来源的风险。

*风险平衡：组织应综合考虑风险控制和业务机会，确保在风险和机遇之间达成平衡。

*风险可接受标准：组织应根据自身风险承受能力和业务目标，设定可接受的风险水平。

*风险管理过程：组织应建立和完善风险管理过程，包括风险识别、评估、控制、监控等环节。

*风险管理文化：组织应培养员工的风险意识，提高员工的风险管理水平。

*风险管理与其他管理过程的整合：组织应将风险管理融入日常管理过程，与其他管理过程相互支持、协调一致。

2.风险识别风险识别是风险管理过程中的重要环节，组织应通过各种途径和方法，识别各种类型和来源的风险。

风险识别应考虑组织内部和外部因素，包括但不限于：*组织内部因素：包括人员、流程、技术、管理等方面的风险。

*组织外部因素：包括市场、法律、环境、社会等方面的风险。

3.风险评估风险评估是确定风险大小和严重程度的过程，包括定性评估和定量评估。

定性评估通常采用风险概率和影响程度分析方法，定量评估则采用统计方法和模型进行计算和分析。

评估结果可用于制定风险管理策略和措施。

4.风险管理策略和措施根据风险评估结果，组织应制定相应的风险管理策略和措施，包括：*风险控制：采用各种控制措施，降低风险发生的概率或减轻其影响。

*风险转移：通过购买保险、合同等方式，将部分或全部风险责任转移给其他方。

*风险规避：改变业务活动或管理流程，以规避某些特定风险。

*风险接受：在符合法律法规和业务目标的前提下，接受一定水平的风险。