ISO 31000 Risk Management

“The long-term success of an organization relies on many things, from continually assessing and updating their offering to optimizing their processes. As if this weren’t enough of a challenge, they also need to account for the unexpected in managing risk. That’s why we’ve developed ISO 31000 for risk management.

In addition to addressing operational continuity, ISO 31000 provides a level of reassurance in terms of economic resilience, professional reputation and environmental and safety outcomes. In a world of uncertainty, ISO 31000 is tailor-made for any organization seeking clear guidance on risk management.”

From Wikipedia:

“ISO 31000 is a family of international standards relating to risk management codified by the International Organization for Standardization. The standard is intended to provide a consistent vocabulary and methodology for assessing and managing risk, resolving the historic ambiguities and differences in the ways risk are described.

ISO 31000 was published as a standard on 13 November 2009, and provides a standard on the implementation of risk management. A revised and harmonized ISO/IEC Guide 73 was published at the same time. The purpose of ISO 31000 is to be applicable and adaptable for ‘any public, private or community enterprise, association, group or individual.’ Accordingly, the general scope of ISO 31000 – as a family of risk management standards – is not developed for a particular industry group, management system or subject matter field in mind, rather to provide best practice structure and guidance to all operations concerned with risk management. It began the process for its first revision on May 13, 2015. A draft International standard (DIS), which was open for public comment, was published on February 17, 2017. The ISO 31000 has been criticized for lack of solidness and misleading language.

An update to ISO 31000 was added in early 2018. The update is different in that it ‘provides more strategic guidance than ISO 31000:2009 and places more emphasis on both the involvement of senior management and the integration of risk management into the organization.’”