ISO:”This document is for use by people who create and protect value in organizations by managing risks, making decisions, setting and achieving objectives and improving performance. Organizations of all types and sizes face external and internal factors and influences that make it uncertain whether they will achieve their objectives. Managing risk is iterative and assists organizations in setting strategy, achieving objectives and making informed decisions. Managing risk is part of governance and leadership, and is fundamental to how the organization is managed at all levels. It contributes to the improvement of management systems.”
ISO 31000:2018 provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context. It provides a common approach to managing any type of risk and is not industry or sector specific, can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels. The most important changes:
- Ensuring that Framework (clause 5) and Process (clause 6) were aligned on common topics such as consultation and communication.
- Some wordings that people were uncomfortable with were deleted: e.g. ‘Level of risk’, ‘Risk appetite’ and ‘Time frames’.
- Sub-clause were clarified e.g. so that they better reflect the contents and is now called: ‘Scope, context and criteria’.
- ‘Risk evaluation’ and ‘Risk treatment’ were better aligned, improved and clarified in steps.
To buy the new version, go to ISO Store.