There are several factors that make the establishment of risk criteria a daunting task that few want to undertake. Nonetheless, for large global corporations, it is likely that one or more facilities have to meet governmental requirements. For US facilities, there is an incentive to having risk criteria in that it allows greater flexibility in complying with the updated API Recommended Practice 752 on siting of occupied permanent buildings. Having corporate risk criteria is imperative to ensure that facilities and operations that are not in regulated jurisdictions have a consistent framework to make risk-related decisions. Risk criteria range from the use of the traditional risk matrix (consequence vs. likelihood) to the more quantitative risk criteria that include geographic risk (individual risk) and/or societal risk criteria. This article discusses the steps necessary to help companies develop robust defendable risk criteria that facilitate decision making. Potential pitfalls are also presented and discussed including: (a) the potential to develop criteria that are unachievable or too lax, (b) developing criteria that are inconsistent with other established programs in the company, and (c) reconciling the needs between unit level criteria and business or group level criteria. Typical risk-tolerance criteria, and examples of issues and pitfalls that are commonly faced by companies developing such criteria, are also presented. (c) 2012 American Institute of Chemical Engineers Process Saf Prog, 2012