ISO31000

ISO 31000, Risk management – Guidelines, is an international standard published by the International Organization for Standardization (ISO). The standard, first released in 2009 and updated as ISO 31000:2018, provides principles, a framework, and a process for managing risk within any organization. It is designed to be used by organizations of all sizes, sectors, and locations, and it is not itself a certifiable management system, but a guide to embedding risk management into governance, strategy, planning, and operations.

Risk is defined as the effect of uncertainty on objectives, and risk management aims to reduce threats

The framework within ISO 31000 covers leadership and commitment, integration into organizational processes and culture, design