ISO 31000:2018 – Risk Management – Guidelines has been released. This document revises and supersedes the 2009 edition of the same international standard.
Who Needs the Risk Management Standard?
As much as we’d like to not be troubled by risk, virtually all organizations face some level of the persistent force. The key is managing the risk that surrounds you. However, this brings up numerous questions. For example, what defines reliable risk management? Which factors should be considered?
This uncertainty—surrounding both the possibility that internal and external influences could hinder an organization from achieving its objectives and the effectiveness of risk management goals—can be minimized through the aid of ISO 31000:2018. This is because the nonprescriptive document outlines the general framework of risk management. It also aids organizations in identifying their context, implementing the risk management system, involving top management, and allowing for continual improvement.
What is ISO 31000?
ISO 31000:2018 is incredibly accessible, in that it is for use by any organization, regardless of sector or size, at any point throughout the life of the organization, and applicable to any activity. The new revision, keeping in line with this range of applicability, was developed with one clear goal in mind: to make the document simpler and easier for the user. This major change impacts every section of the standard.
Using basic language to express the fundamentals of risk management, ISO 31000:2018 is remarkably concise in expressing the benefits and values of effective risk management. Furthermore, the terminology in the document is only relevant to core concepts. Most terminology related to risk management now appears in ISO Guide 73 – Risk management – Vocabulary, such as the definitions for risk tolerance and risk acceptance.
Risk management system background information, principles, framework, and process, from design to risk treatment and review, are outlined in ISO 31000:2018.
Changes to ISO 31000:2018
The revision of ISO 31000:2018 drew on new experiences, knowledge and emphasis for process elements, actions, and controls. Furthermore, the standard now focuses on an open systems model that regularly exchanges feedback with its external environment. This helps it fit multiple contexts.
The new revision of ISO 31000, in accordance with the universal applicability of the risk management standard, adheres to a clear goal: to make things simpler, and thus easier, for the user. To this end, ISO 31000:2018 makes use of a very basic language to express coherently the fundamentals of risk management. This document is more concise to convey the ample guidance to the user and express the benefits and values of effective risk management.
A major change in line with this shift to simplicity is the decision to reduce the terminology in ISO 31000:2018 to the core concepts, with the majority of the vocabulary relevant to risk management appearing in ISO Guide 73 – Risk management – Vocabulary.
For example, definitions for risk, risk management, and stakeholder are accessible in the ISO 31000:2018 document, while the terms relating to, for example, risk evaluation – risk attitude, risk appetite, risk tolerance, risk aggregation, and risk acceptance – can only be found in ISO Guide 73. ISO 31000:2018, while being more inclusive and accessible for all users, has further detailed information specific to certain users.
For users of the 2009 version of the standard, ISO 31000:2018 Plus Redline marks all changes to the new document.
Get ISO 31000:2018
As risk management as a subject confronts a range of issues and may even include concerns pertinent only to particular industries, ISO 31000 is often used in tandem with supplementary standard documents. For users needing more than one of these standards documents, standards packages can be useful. Standards packages containing ISO 31000:2018 include:
ISO 31000 – Risk Management Package
ISO 31000 / ISO 37301 – Risk Management Compliance Set
ISO 31000 / ISO 22301 – Risk Management of Societal Security Package
ISO 31000 / ISO Guide 73 / ISO/IEC 31010 Risk Management Package
ISO 31000 / ISO/IEC 27001 / ISO/IEC 27002 – Information Technology Risk Management Package
ISO 31000 / ISO/TR 31004 – Risk Management Principles and Guidance Package
ISO 9001 / ISO 14001 / ISO/IEC 27001 / ISO 31000 / ISO 55001 / ISO 22301 – ISO Requirements Collection
ISO 31000:2018 – Risk Management – Guidelines is available on the ANSI Webstore.