As part of Assent’s mission to champion the consultancy industry, Jess from Assent Risk Management has been interviewing experts from all sectors of the consulting profession. In this interview, Jess talks with Bex Deadman, a travel and travel risk expert, on managing travel risks with standards, in particular ISO 31030 Travel Risk Management. In this discussion, we take a closer look at ISO 31030, including who it is for, the benefits of ISO 31030, what is meant by a ‘guidance standard’ and how organisations can start using the standard.
Overview of ISO 31030
The standard itself is a guidance standard, which means it’s not a certifiable standard, but we can get into that and a bit more in a second. It’s part of the Risk Management guidance standard family, so that’s the ISO 31000 group. Which in their own right, are a little bit different to your normal standards because they’re very much around you making the decisions based on what best practice looks like around the subject. Because it’s recognised now after ISO 27001 [managing information security risks], these things are quite complex and as long as you’re taking ownership of something, that’s the important piece. So it fits within those standards. It’s aimed at any organisation. So it’s not aimed at just a massive company with hundreds and hundreds of employees. It’s aimed at any company or organisation that allows their staff to travel or to move, and that can be internationally or domestically as part of their job. And it’s designed to work as well for a large company, as a small company, because you just take the bits that you need and that’s the idea around it. It literally is for everyone, it’s very flexible and you can manipulate it to work for yourselves.
It’s aimed at any organisation. So it’s not aimed at just a massive company with hundreds and hundreds of employees. It’s aimed at any company or organisation that allows their staff to travel or to move.
Want more information about
Who is ISO 31030 for?
So as far as the sort of roles, I guess, within an organisation, travel is one of these really weird things that it doesn’t really sort of sit comfortably anywhere. And that’s because actually, it kind of overlaps with a lot of different departments. But what you normally find is that it sits either at a contract level with procurement and that’s really for the suppliers that you’re using to support your travel programme, or it sits in finance, sort of price to control. And that certainly was true going into the Pandemic, the sort of pre-2020 – 2019 time people were travelling so much, it simply just was a cost of control for many, many companies. And this idea of duty of care and looking after people was sort of a box to tick, as opposed to something really important that actually you should be building your travel programmes around. So that’s really what this standard is sort of designed to do. And it’s the first iteration and there will be many to come in the future, I’m sure. But what it does is it puts a line in the sand for a travel manager, for a procurement manager, for anyone who is currently looking after travel, to just sort of understand it’s a wide area and to think about it from different perspectives.
The idea of duty of care and looking after people was sort of a box to tick, as opposed to something really important that actually you should be building your travel programmes around.
It’s very much based on a governance style standard, which is where risk comes from, because it isn’t just down to one person within the company. So it’s a stakeholder standard and it’s about trying to involve other people within your organisation who will have a say in this. So thinking about people from Data, thinking about people from HR, thinking about people from Risk, if you have that within the business, and then also talking to the bookers and travellers themselves. So what this standard does, it allows you to move a travel programme from being, like I said, cost to control, to being something that you really understand as a business, and you put your arms around and look after primarily your people, your assets and your reputation.
What are the Benefits of ISO 31030 and why is it needed?
I didn’t think I’d love a standard much as I love this standard, but the thing is, I’ve been working in travel all of my life and in every job I’ve had, this thing has always come up, this thing of ‘what happens if something goes wrong’? What is in place? And there’s just so much of a grey area that when it does happen, and unfortunately, we live in a world where things are going to happen and it could be minor. It doesn’t have to be a massive global event. It could be minor on the scale of it is only affecting one person. But that one person could be affected deeply by whatever experience they’ve had. We’ve never really had anyone take responsibility for this piece within the travel industry or within the kind of corporate side of it. For those people that are travelling, they probably thought that by using an agent of some kind, they’re sort of pushing their responsibilities around. But actually, over the years, what that has meant is that companies have sort of lost control of their programmes and they’re not really sure in some cases why they’re travelling at all or for what purpose.
And what Covid has done has really sort of changed that for us. So it [ISO 31030] couldn’t really have come at a better time, because what it’s doing is giving companies a framework to have a look at and say, actually, we’ve got all of this in place, we’re doing all right, but we haven’t really thought about this bit, or we haven’t thought about this bit. For me, I call it, like an umbrella standard, which sounds a bit strange, but over the last five years we’ve had some really big topics to tackle within companies. Be that sort of diversity and inclusion, be that traveller well-being and just general well being, be that mental health and all of these things we’re doing things about. But when it comes to sort of how we then handle that stuff operationally, there’s nothing really in place to help you. And this standard is a way of pulling all of that stuff together, because it is important when your specific employee is travelling, you understand as much of them about them as possible. You can look after them. And we’ve really got to change the rhetoric around this from actually, we just care about how much money you spend to actually, we really care about you and we want to be sure that this trip absolutely needs to happen because we want to make sure we’re hitting our ESG goals. We want to make sure that we’re not putting you in a situation you shouldn’t be in. And if we decide that it should [go ahead], then we want to make sure that we’re wrapping everything around you to make sure that you’re fine. So gone are the days that we just jump on a plane and don’t think about it anymore. That world has changed. We have to think about it now for a variety of reasons. And this standard, for me, just pulls it all together.
It goes against the grain a little bit. And I stand here as a travel industry professional who ultimately wants people to travel because otherwise, our businesses wouldn’t exist. But I think we have to make a stand and realise that actually, we were just doing it too much. And there is an idea of what purposeful travel is and should be and that’s something we’re beginning to define now. So that’s what this standard really helps to do.
There is an idea of what purposeful travel is and should be and that’s something we’re beginning to define now.
It’s a “guidance standard”, will there be any certificate scheme?
This is so interesting. So all over the internet, you’re going to see stuff, things popping up and people talking about the fact that they can certify against the standard. I’ve been speaking to a lot of travel companies recently because I’m working with a client and all sorts of different stories [are] coming out about how they’re doing it. And ultimately, currently, it’s a guidance standard. Most standards start life in that format. It’s very normal because you have to kind of get people to be interested in them and want to actually sort of take them further.
What’s particularly interesting about this standard is, because it’s in the risk groups, they don’t really bend well to certification, because the whole point is you make up your own rules and you then have to stick to those rules and you have to prove that you’re sticking to those rules. So you put everything in place, you decide what your risks are, you decide how you’re going to mitigate against them and then you make sure you do it because that’s the point. If you ever end up in court, that’s what they’re going to want to see, that you’ve actually done what you’ve said you’re going to do.
So from that perspective, it does lead itself to an audit of some description and there’s already some companies who are operating a sort of audit against the gap analysis for the standard, which is great, but as for the actual piece itself, becoming a full certification, that’s still up for debate and it’s a long way off if that was to come. So the standard itself won’t be rewritten probably for another three to four years. It will stay within its format and we need people to start using it, start working with it, start asking questions about it, and that’s how it will evolve.
You put everything in place, you decide what your risks are, you decide how you’re going to mitigate against them and then you make sure you do it because that’s the point.
But there is another side to it, and I always see this as sort of two different kinds of areas within travel. So you’ve got the corporates and the users and the owners of the programmes, and then you’ve got the suppliers that actually service them, whether that be hotels or airlines or rail companies, whether that be the travel management companies, the online booking tools that we use. It’s massive. It’s so much bigger than you can possibly even imagine. And actually, this side of the industry also is learning. We don’t really understand fully what travel risk management is or what duty of care is, and actually we need to up our game as an industry. And there is a certification standard being written now. I’m part of the group that are leading that and that’s a British standard which will complement the ISO standard, which will become a certification standard. At least that’s the plan. We’re putting it all forward now to hope that this is the case. So it’s not a done deal but there are lots of industry experts coming together to sort of say, okay, well if I was a travel manager and I wanted to align against [ISO] 31030 and I want to choose a travel management company to work with, what do I absolutely need to know? What absolutely is essential that comes from this perspective when I’m thinking about travel risk and then we’re building this certification, that travel management company or that hotel or that airline can then get to say yes, I’ve got this, which means I aligned to [ISO] 31030. So it’s part of a kind of ten year roadmap as to where this is going to end up. And this is the first piece because you can’t fully align to [ISO] 31030 if you don’t understand your vendor management programme and that’s the bit we’re trying to tackle at the moment and that will allow it to flow.
So for now, no, and it’s not likely to be for the future but we can never say never with these things. They grow legs and really the users will demand where this standard ends up. So it’s more about getting more and more people using it, getting more people understanding it. It’s a really accessible standard. I don’t know if you’ve had a chance to read, [but], it’s really easy to read and understand, it’s not jargony, it makes sense, it’s kind of logical. That’s the sort of best thing that you can do to sort of prepare for it, rather be scared of it right now.
Talk to a consultant about how ISO 31030 can benefit your business.
How can people start using ISO 31030?
Honestly, if I go back to who this standard is for and obviously we talked about the fact that you’ve kind of got this split, you’ve got the kind of users, the end users for the standards and the corporations and the organisations and then you’ve also got the travel side of it and they’re asking questions now about what they need to do. So my advice is, and I promise I’m not on some sort of commission from my side as far as this is concerned, my advice is buy it, it’s not that expensive I think it’s under €200. And if you compare that to your travel programme, whatever you’re spending, it’s nothing in comparison. So have a look and just read through it and start thinking about where you’re at as far as this is concerned. You don’t have to bring in a professional to do that, you can, but actually what you’ll probably find is that most organisations are somewhere, they’ve got something in place, but it’s about scratching under the surface a little bit more and finding out kind of really what that stuff you’ve got in place means and how it’s being used. But the first thing to do is to purchase it and actually think about within your organisation, who are the stakeholders as far as this is concerned? So we talked about that a little bit earlier, the different departments, the different areas, and if you use the idea of my people, my assets and my reputation, you build all of those stakeholders around that and all of those people will have an involvement in this. That’s the first thing to do.
Don’t just think because you outsource that you know where you are, because that’s something that’s really kind of coming a little bit unstuck with at the moment.
From there, you’ll get an idea of where you are, what you need to do, and it may be that you need to bring a consultant in, I hope so. It may be that you can just talk to your travel management company providers and have conversations around them, but the key is just have a look and decide where you are. Don’t just think because you outsource that you know where you are, because that’s something that’s really kind of coming a little bit unstuck with at the moment. They have to kind of bring this programme back and they need to own it.
Is ISO 31030 recognised in the industry?
It’s getting there, it just won an award, which is excellent, so that was an industry based award. PWC have done an audit against the standard I was talking about earlier with a company called GSA and they won the People’s Award for the best Duty of Care risk Management sort of piece or the most innovative. I think that’s really important. So it’s been talked about now. It came out in 21, it was talked about before it came out and obviously it came at a point where people weren’t really travelling, so it was sort of there rumbling underneath, but it is really beginning to get legs now. So I’ve seen it in tenders, I’ve seen job applications talking about a different type of job. So rather than a travel manager, maybe a travel risk manager, and they have to have some sort of understanding about the standard. So it’s coming and I think it’s going to get to the point where when it starts being used regularly in legal or court situations, where now exists in that situation, the law has the right to push back and say, did you not put any of this stuff in place? So even though it is just a framework, and even though you don’t have to this standard, it’s a moral compass.
There’s something different about this standard. It’s not just about money, it is really about looking after your people and doing everything you can to protect them, because that’s what you’ll need to be shown that you’re doing in your vendor. Something untoward was to happen and I think let’s just go back to the fact that it’s not just big stuff, it’s not just about managing risk. Lots of companies manage risk very well from a high risk perspective, from a high risk situation, or being in high risk destinations because they’re used to having to travel. This is about that, but this is also about the everyday. It’s about knowing that you’ve got something in place that when you send a traveller abroad and they actually have a real problem at that point and they’re really low as far as their mental health is concerned and something happens that triggers them, you’ve got something in place that will help that person in that individual need. It’s about somebody feeling that if they don’t want to travel, they can actually say that they can have that conversation with the business before they travel. It’s about talking to your travellers when they come back from travelling, to understand, to keep moving forward and to understand that each trip is worthwhile and it’s worth it.
It’s not just about money, it is really about looking after your people and doing everything you can to protect them, because that’s what you’ll need to be shown that you’re doing in your vendor.
It’s a lot more than just people may kind of think that it is, but it sits really nicely with those companies that are really trying to evolve a risk management practice. It sits really nicely with business continuity, it sits really nicely with [ISO] 27001, it fits really nicely with [ISO] 9001. And of course, we talked recently, it sits really nicely with [ISO] 45001 from Occupational Health side, because these are your people now, your people are on the move. And if I can give you kind of one strap line that I’ve started using when I talk about this to corporate is I just simply say anything that can happen to a human being can happen when they’re travelling. The problem is, it’s probably going to be worse because they don’t have a support network of any kind around them, especially if they’re travelling on their own. So that’s what we’re mitigating here for, which is endless. But it’s not that difficult to do once you’ve got a framework and you start thinking about it in this way. It is definitely being recognised within the industry, I took a slight curve then, but that’s just to show that it’s happening. And it’s not a case of burying your head in the sand, it’s a case of when are you going to start working?
Anything that can happen to a human being can happen when they’re travelling.
I think it’s essential for those coming into the workforce, and I think these generations that are coming in underneath me, for sure, who are going to drive this, because it’s their expectation, we just went, ‘oh, that’s just work, is it?’ That’s just how things are done. These generations coming up underneathare not doing that. They’re actually saying, ‘you know what? No. Not sure I want to work with a company that doesn’t think about this stuff’. And this is what this standard helps to push forward. So I’m really proud to be part of it. It’s really exciting.
Thank you Bex for taking the time to take part in this interview. If you would like more information about ISO 31030 and managing travel risks, please contact us today to talk to an expert consultant.