ISO 31000:2018 — Risk management — Guidelines
ISO 31000:2018 — Risk management — Guidelines
ISO 31000:2018 — Risk management — Guidelines — 35% covered.
5 requirements · 0 enforced · 2 designed · 3 advisory · 0 deferred.
Source: ISO 31000:2018 (Risk management — Guidelines): the principles (Clause 4), framework (Clause 5), and process (Clause 6). KYE Protocol governs the AUTHORITY, EVIDENCE and FINALITY of AI-agent actions as a risk-treatment and risk-recording control inside an organisation's ISO 31000 risk-management process — KYE does not run the enterprise risk-management system itself. Starter requirement set; deepen by graft through the §70 rail. · License: ISO — standard text is copyrighted; KYE registry paraphrases each clause's intent and cites the official clause identifier for mapping purposes only.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Clause 5 — Framework | 1 | 0 | 1 | 0 | 0 | 50% |
| Clause 6 — Process | 4 | 0 | 1 | 3 | 0 | 31% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
iso-31000.5.4.2 |
Leadership and commitment — accountability and authority for risk | designed | constitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/36-GOVERNEDUI.md |
iso-31000.6.4.2 |
Risk identification — surfacing AI-authority risk | advisory | constitution_refs: constitution/13-RESILIENCE-LOOP.mdaudit_events: kye.evidence.decision_map.v1 |
iso-31000.6.5.2 |
Risk treatment — admissibility decision at the moment of action | advisory | constitution_refs: constitution/12-PURPOSE-PERMISSION.mdaudit_events: kye.evidence.decision_map.v1 |
iso-31000.6.6 |
Monitoring and review — contestable outcomes | designed | constitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
iso-31000.6.7 |
Recording and reporting — replay-derivable evidence | advisory | constitution_refs: constitution/13-RESILIENCE-LOOP.mdaudit_events: kye.evidence.pack.v1, kye.replay.proof.v1 |