Principle 1: Risk management should follow a structured approach.
The elements of a structured approach to risk management are Risk Evaluation, Risk Management Option Assessment, Implementation of Management Decision, and Monitoring and Review. In certain circumstances, not all of these elements will be included in risk management activities (e.g. standard setting by Codex, with implementation of control measures by national governments).
Principle 2: Protection of human health should be the primary consideration in risk management decisions.
Decisions on acceptable levels of risk should be determined primarily by human health considerations, and arbitrary or unjustified differences in the risk levels should be avoided. Consideration of other factors (e.g. economic costs, benefits, technical feasibility, and societal preferences) may be appropriate in some risk management contexts, particularly in the determination of measures to be taken. These considerations should not be arbitrary and should be made explicit.
Principle 3: Risk management decisions and practices should be transparent.
Risk management should include the identification and systematic documentation of all elements of the risk management process including decision-making, so that the rationale is transparent to all interested parties.
Principle 4: Determination of risk assessment policy should be included as a specific component of risk management.
Risk assessment policy sets the guidelines for value judgements and policy choices which may need to be applied at specific decision points in the risk assessment process, and preferably should be determined in advance of risk assessment, in collaboration with risk assessors.
Principle 5: Risk management should ensure the scientific integrity of the risk assessment process by maintaining the functional separation of risk management and risk assessment.
Functional separation of risk management and risk assessment serves to ensure the scientific integrity of the risk assessment process and reduce any conflict of interest between risk assessment and risk management. However, it is recognised that risk analysis is an iterative process, and interactions between risk managers and risk assessors are essential for practical application.
Principle 6: Risk management decisions should take into account the uncertainty in the output of the risk assessment.
The risk estimate should, wherever possible, include a numerical expression of uncertainty, and this must be conveyed to risk managers in a readily understandable form so that the full implications of the range of uncertainty can be included in decision-making. For example, if the risk estimate is highly uncertain the risk management decision might be more conservative.
Principle 7: Risk management should include clear, interactive communication with consumers and other interested parties in all aspects of the process.
On-going reciprocal communication among all interested parties is an integral part of the risk management process. Risk communication is more than the dissemination of information, and a major function is the process by which information and opinion essential to effective risk management is incorporated into the decision.
Principle 8: Risk management should be a continuing process that takes into account all newly generated data in the evaluation and review of risk management decisions.
Subsequent to the application of a risk management decision, periodic evaluation of the decision should be made to determine its effectiveness in meeting food safety objectives. Monitoring and other activities will likely be necessary to carry out the review effectively.