ISO 31000 - Risk Management - Guidelines

> "==ISO 31000== is a family of international standards relating to risk management codified by the International Organization for Standardization."^[[Wikipedia](https://en.wikipedia.org/wiki/ISO_31000)] <a href="https://www.iso.org/standard/65694.html" class="custom-button-2">Buy the ISO 31000 Standard</a> # Summary of ISO 31000 ISO 31000 was first published in 2009. It was updated in 2018, and reviewed with no changes in 2023. The ISO 31000 standard is comprised of 4 Parts: 1. **Definitions** of key terms. (8 definitions) 2. **Principles** that describe what good risk management looks like. (8 principles) 3. A **Framework** for integration. (6 components) 4. A **Process** for doing risk management. (8 steps) ## Definitions The following 8 **terms** are defined in the standard: | Term | Definition | | --------------- | ------------------------------------------------------------------------------------------------------------------------ | | [[Risk]] | Effect of uncertainty on objectives. | | Risk Management | Coordinated activities to direct and control an organization with regard to risk. | | Stakeholder | Person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity. | | Risk Source | Element which alone or in combination has the potential to give rise to risk. | | Event | Occurrence or change of a particular set of circumstances. | | Consequence | Outcome of an event affecting objectives. | | Likelihood | Chance of something happening. | | Control | Measure that maintains and/or modifies risk. | ## Principles The **principles** are "characteristics of effective and efficient risk management". 1. Integrated 2. Structured and Comprehensive 3. Customized 4. Inclusive 5. Dynamic 6. Best Available Information 7. Human and Cultural Factors 8. Continual Improvements ## Framework The **framework** is intended to help integrate risk management into an organization's decisions and actions. It is comprised of 6 parts. - Leadership - Integration - Design - Implementation - Evaluation - Improvement Each part of the framework details specific actions and descriptions of the scope of those actions. ## Process The **process** is the application of a risk management workflow. It has 8 steps: 1. Communication and Consultation 2. Scope, Context, and Criteria 3. Risk Identification 4. Risk Analysis 5. Risk Evaluation 6. Risk Treatment 7. Monitoring and Review 8. Recording and Reporting This process is intended to be applied at each level of the organization. However, the **methods** used will vary, depending on the nature of the work.