The correct answer is B . There is no single standard risk matrix prescribed by the ISO 55000 series for all organizations. ISO 55002 guidance indicates that when addressing risk in asset management, the organization should determine its risk assessment criteria and decision-making criteria in light of stakeholder input, policy, and the organization’s own risk attitude. That means the matrix, scales, and thresholds are organization-specific, not universal.

This is fully consistent with IAM/GFMAM practice, because asset management decisions are made within the organization’s own context, objectives, risk tolerability, asset portfolio, and stakeholder requirements. A generic matrix found online may be useful as an example, but it is not an ISO 55000 standard matrix. Neither ISO 55002 nor the GFMAM Landscape provides a single mandatory matrix for all asset-management systems.