What is the ISO 31000 Standard?

The ISO 31000:2018 standard is an international standard providing enterprise risk management guidelines published by the International Organization for Standardization. Originally published in 2009 (ISO 31000:2009), it was updated in 2018.

The new ISO standard includes risk management principles and a framework and process applicable to an organization’s management system as a whole, no matter the enterprise’s size or sector. The ISO states that anyone in an organization—not just top management—can use ISO 31000 for risk management.

The ISO states that this standard can help organizations achieve their objectives, better identify threats, and improve their risk treatment.

One key aspect of ISO 31000:2018 is its emphasis on developing a risk management culture where everyone involved, including employees and stakeholders, understands the risk management process.

ISO 31000 is an integral part of the larger ISO portfolio of risk management standards. Others in the family include:

  •   Technical report ISO/TR 31004, Risk management – Guidance for the implementation of ISO 31000
  •   ISO Guide 73, Risk management – Vocabulary, a collection of terms and definitions relating to the management of risk
  •   ISO/IEC 31010, Risk managementRisk assessment techniques, developed jointly with the International Electrotechnical Commission. This document aids in decision-making by discussing the risks that could affect the achievement of business objectives. It also helps users assess the adequacy of the controls already in place. IEC 31010:2009 focuses on risk assessment concepts, processes and the selection of risk assessment techniques.