ISO 31000 is the International Standard for risk management. It provides principles and practices for generic risk management that can be employed whatever the sector, type or location of the organisation.
The principles and practices in the Standard can be applied throughout a wide range of activities with an organisation. These activities include: strategies and decisions, operations, processes, functions, projects, products, services and assets.
The current iteration of the Standard was published in 2009 (ISO31000:2009) and forms the first part of the ISO31000 family of standards.
The ISO 31000 risk management family
Other parts of the ISO 31000 risk management family include:
- ISO/IEC 31010:2009 - This Standard gives guidance on the selection of techniques for generic risk management and their application.
- ISO/TR 31004:2013 - This Standard gives guidance on the implementation of a risk management framework that is fully aligned with ISO 31000. Using the guidance in this standard will ease ISO 31000 implementation.
- BS 31100:2011 - In addition to these members of the ISO 31000 standards family, the British Standard BS 31100 provides advice and guidance on developing, implementing and maintaining proportionate and effective risk management aligned with ISO 31000.