ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2018 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.
Organizations of different types and sizes are subject to different external and internal factors and influences, which can create insecurity relative to achieving aims and objectives set by these organizations. The effects of this insecurity exerted on organizations are called “risks”.
Many actions undertaken by an organization are connected with risk. Organizations manage risks through identifying, analysing and evaluating the risks and then determining how to deal with them. During this process organizations maintain communication and consultation with the interested parties, as well as monitoring the risks and the controlling elements, which may influence a change in the risk to a higher or lower priority. This International Standard describes this process systematically and logically.
This norm establishes certain rules, which it is necessary to follow for the risk management process to be effective. Thus it recommends that organizations should develop, implement, as well as constantly improve the structure, which aims at integrating the risk management process with the organization’s control, strategy and planning, management, report process, politics, values and culture.
Risk management can be applied to the whole organization, in many areas and levels, as well as for specific functions, projects and actions.