ISO 31000:2018 – Risk Management – Guidelines has been released. This document revises and supersedes the 2009 edition of the same international standard.
As much as we’d like to not be troubled by risk, virtually all organizations face some level of the persistent force. The key is managing the risk that surrounds you. However, this brings up numerous questions. For example, what defines reliable risk management? Which factors should be considered?
This uncertainty—surrounding both the possibility that internal and external influences could hinder an organization from achieving its objectives and the effectiveness of risk management goals—can be minimized through the aid of ISO 31000:2018. This is because the nonprescriptive document outlines the general framework of risk management. It also aids organizations in identifying their context, implementing the risk management system, involving top management, and allowing for continual improvement.
ISO 31000:2018 is incredibly accessible, in that it is for use by any organization, regardless of sector or size, at any point throughout the life of the organization, and applicable to any activity. The new revision, keeping in line with this range of applicability, was developed with one clear goal in mind: to make the document simpler and easier for the user. This major change impacts every section of the standard.
Using basic language to express the fundamentals of risk management, ISO 31000:2018 is remarkably concise in expressing the benefits and values of effective risk management. Furthermore, the terminology in the document is only relevant to core concepts. Most terminology related to risk management now appears in ISO Guide 73 – Risk management – Vocabulary, such as the definitions for risk tolerance and risk acceptance.
The revision of ISO 31000:2018 drew on new experiences, knowledge and emphasis for process elements, actions, and controls. Furthermore, the standard now focuses on an open systems model that regularly exchanges feedback with its external environment. This helps it fit multiple contexts.
Risk management system background information, principles, framework, and process, from design to risk treatment and review, are outlined in ISO 31000:2018.
For users of the 2009 version of the standard, ISO 31000:2018 Plus Redline marks all changes to the new document.
As risk management as a subject confronts a range of issues and may even include concerns pertinent only to particular industries, ISO 31000 is often used in tandem with supplementary standard documents. For users needing more than one of these standards documents, standards packages can be useful. Standards packages containing ISO 31000:2018 include:
ISO 31000:2018 – Risk Management – Guidelines is available on the ANSI Webstore.