ISO 31000

ISO 31000 is a standard that deals with risk management. The standard is not a basis for ISO certification but instead establishes guidelines that describe how to deal with risks in an organization. The specific application of these guidelines can be adapted to each company in its specific environment. The standard provides a very general approach that is not industry or sector specific while being applicable to any type of risk. In addition, the standard can be used throughout the life of an organization and can be implemented at all levels of the organization as well as in the decision-making process. The standards goal is to assist organizations in dealing with risks an threats like damages to reputation and brand, cybercrime, political risks or terrorism and many more. ISO 31000 constits out of five components that need to be adjusted to the individual needs of any organization: Integration, Design, Implementation, Evaluation and Improvement. It is important to mention that risk assesment and management with ISO 31000 is a continous process and not a one time action. The first activity when managing risk according to ISO 31000 is to asses, analyse and evaluate potential risks, which is predominantly to be executed by the respecitve departments as they have the required expertise to assess specific situations and the risks attached to it. Once this is done, the second step is to plan how to treat the identified risks within the organization. This is done by elaborating ways to nullify or reduce risks with and coordinating actions and timelines with the respecitve responsible employees. Since this standard is a continous process, the last step is to monitor the implementation and reassesment of the situation. To guide these steps, ISO 31000 provides a number of tools and frameworks that organizations can use along these steps. ³

The ISO 31000 Standard defines Risk Management as a six step process. For more information on the phases, their descriptions and guides on how to execute each phase please refer to our Supply Chain Risk Managment Page. ³