The statement is true. According to ISO 31000:2018, one of the core principles of effective risk management is that it must be "customized." This is synonymous with being "tailored." The risk management framework and its processes should be adapted and proportionate to the organization's specific external and internal context, including its objectives, culture, and complexity. A generic, one-size-fits-all approach is explicitly discouraged by the standard, as it would fail to address the unique risks and opportunities an organization faces.

B. False: This is incorrect. The ISO 31000:2018 standard explicitly lists "Customized" as a key principle, meaning a non-tailored or generic approach contradicts the standard's guidance for effective risk management.

1. International Organization for Standardization (ISO). (2018). ISO 31000:2018 Risk management — Guidelines. Section 4, "Principles." The standard lists "Customized" as a principle, stating: "The risk management framework and process are customized and proportionate to the organization’s external and internal context related to its objectives."

2. Purdy, G. (2010). ISO 31000:2009—Setting a New Standard for Risk Management. Risk Analysis: An International Journal, 30(6), 881-886. In the discussion of the principles (which were carried over to the 2018 version), the article emphasizes that risk management must be tailored to the specific needs and context of the organization. (DOI: https://doi.org/10.1111/j.1539-6924.2010.01442.x, Page 883).

3. University of Queensland. (n.d.). Enterprise Risk Management Framework. This document, based on ISO 31000, outlines the university's risk management principles, including: "Tailored – our risk management framework and processes are customised and proportionate to the University’s internal and external context." (Section 3.1, "Principles").