What is ISO 31000?
ISO 31000 may not be well known but its philosophy can be seen across all the popular management system standards that are aligned to ISO’s Annex SL format, such as ISO 27001, ISO 22301 and future versions of ISO 9001 and ISO 14001.
Being the international standard for Risk Management, we have long been passionate about the principles of ISO 31000 and the benefits that come with implementing it as part of another standard, or as a means of organisational risk governance.
Key Themes of Risk Management
Risk Management Principles
The standard starts with 11 Principles:
- Risk Management Creates and Protects
- Risk Management is an integral part of all organisational processes
- Risk Management is part of decision making
- Risk Management explicitly addresses uncertainty
- Risk Management is systematic, structured and timely
- Risk Management is based on the best available information
- Risk Management is tailored
- Risk Management takes human and cultural factors into account
- Risk Management is transparent and inclusive
- Risk Management is dynamic, iterative and responsive to change
- Risk Management facilitates continual improvement of the organisation
Risk Management Framework
A “Mandate and Commitment” is required by management before creating the risk management framework, then as is becoming common in management system standards, a detailed understanding of the organisation and it’s context is undertaken.
This helps to define the processes required, communication routes and reporting lines.
Risk Management Process
The risk management process focuses on the recognisable Identification, Analysis, Evaluation and Treatment of risk – which fits well with risk based standards such as ISO 27001 for Information Security.
The goal is to achieve continual improvement of the system by monitoring and reviewing activity.
ISO 31000 Advantages
- Identify & Control Risks.
- 11 Risk Principles.
- Provides Framework.
- Considers Context.
- Requires Management Mandate and Accountability.
- Continual Improvement.
- Integrate with other Annex SL based ISO standards.
ISO 31000 Consultants – How we can help.
Assent Risk Management has been helping companies manage risk since it began and our leadership team have years of academic study and work experience on the subject.
Combined with our pragmatic approach to ISO standards, we can work with you to design and operate a Risk Management System that will meet your governance needs.