ISO 31000

ISO 31000 is a general risk management standard that can serve any type of organization, group, association or enterprise and can be used in any industry. ISO 31000 is a standard used to manage uncertainty and risk by using a systematic approach to risk management. Unlike many standards, ISO 31000 does not specify a set of requirements that need to be fulfilled; instead ISO 31000 introduces a set of voluntary guidelines.  

The standard was developed by the ISO Technical Management Board Working Group on risk management and was introduced in November 2009. It’s based off of the AS/NZS 4360:1995 standard. 

One of the biggest differences between ISO 31000 and other ISO standards, which deal with risk management, is the risk definition. ISO 31000 defines risk as:

The effect of uncertainty on objectives

In other words the emphasis is on the effect that uncertainty can have on objectives either positive or negative. This differs from most other risk management frameworks where the emphasis is put on the actual disaster or event.

Overview of ISO 31000

• Provides principles and generic guidelines on risk management
• Can be used by any public, private or community enterprise, association, group or individual
• Applicable throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets