ISO 31000 - Risk management

Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.

ISO 31000:2009

ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programmes. Organizations using it can compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.

Related Standards

A number of other standards also relate to risk management.

ISO Store

Visit the ISO Store to buy more standards

Useful articles

The revision of ISO 31000 on risk management has started

by Sandrine Tranchard

Reducing, anticipating and managing risk are all part of the daily grind for organizations that have integrated risk management into their business strategy. That’s why they often turn to ISO 31000 on risk management to support themselves in this task.

Read the full entry

Power up your profits with ISO's new management standards collection

by Elizabeth Gasiorowski Denis

Looking for ways to improve your operations, while reducing costs and improving margins? Look no further than the Management standards essential collection to help you achieve success on all of these fronts.

Read the full entry

Are you in control of your records?

Business information, once totally paper-based, is now distributed in millions of digital records and e-mails that make up an organization’s data. Companies spend a tremendous amount of time and money managing business databases and other corporate records so they can control their activities, improve their operations and demonstrate compliance with the law. But what happens when documents are misfiled, databases damaged, or even worse, deleted? Time to prepare for the worst-case scenario.

Read the full entry


Mainstreaming disaster management

Disasters often strike without warning and leave a trail of destruction in their wake. Yet armed with the right tools, the chances of getting through the toughest circumstances are improved. Here, we look at some of the deadly hazards we've been exposed to, and how standards can help us to prepare for, and react in, many of life's most unpredictable scenarios.

ISO's magazine focuses on standards and crisis management

With crises like earthquakes, tornadoes, tsunamis, IT attacks and terrorist threats regularly making the news around the world, ISO has dedicated the May 2012 issue of ISO Focus+ magazine to crisis management. The issue gives an overview of different kinds of disaster and how International Standards can help manage them at different stages, from preparation to recovery.