International Standard
ISO 31000:2018
Risk management — Guidelines
Reference number
ISO 31000:2018
Edition 2
2018-02
© ISO 2024
International Standard
Read sample
Published (Edition 2, 2018)
This standard was last reviewed and confirmed in 2023. Therefore this version remains current.

ISO 31000:2018

Format
Language
CHF 96
Convert Swiss francs (CHF) to your currency

What is ISO 31000?

ISO 31000 is an international standard that provides principles and guidelines for risk management. It outlines a comprehensive approach to identifying, analyzing, evaluating, treating, monitoring and communicating risks across an organization.

Why is ISO 31000 important?

In today's fast-paced and unpredictable world, every organization, regardless of its size or sector, encounters risks that can either pose threats or offer opportunities. ISO 31000 serves as a beacon:

  • Comprehensive Understanding: It fosters a shared understanding of risks, their nature, and ways to manage them across an organization.
  • Strategic Decision-Making: The guidelines help embed risk management into an organization’s governance, strategy, planning, reporting processes, policies, values, and culture.
  • Operational Excellence: Implementing ISO 31000 can lead to efficiency gains, as it helps organizations recognize potential threats and opportunities in time, allocate resources wisely, and enhance stakeholder confidence.
  • Proactive Approach: Rather than being purely reactive, ISO 31000 equips organizations to anticipate and address risks head-on, turning potential challenges into strategic advantages.
  • Stakeholder Confidence: A structured approach to risk management signals to stakeholders – from investors to customers – that the organization is robustly prepared to navigate uncertainties, reinforcing trust and credibility.

Benefits

  • Standard risk management principles, framework and process
  • Guidance for implementing risk management practices
  • Tools for contextualizing risk management to any organization
  • Criteria for monitoring, reviewing and continually improving risk management
  • Foundation for integrating risk management throughout an organization

ISO 31000 is valuable for any organization seeking to implement a comprehensive approach to risk management including:

  • Companies in heavily regulated industries like financial services, healthcare, energy
  • Public and governmental organizations Project management and engineering firms
  • Consultancies who advise clients on risk management Organizations wanting to build a risk management culture

No. ISO 31000 provides good practice guidelines but is not a certifiable risk management standard. However, it provides an excellent framework on which to build a robust risk management program.

For risk managers, applying ISO 31000 brings:

  • Internationally-accepted principles and guidelines for risk management
  • A structured framework for implementing risk processes
    • Standard criteria for monitoring, reviewing and improving risk management
    • Tools for reporting and communicating risks organization-wide

General information

  • Status
     : Published
    Publication date
     : 2018-02
    Stage
    : International Standard confirmed [90.93]
  • Edition
     : 2
    Number of pages
     : 16
  • Technical Committee :
    ISO/TC 262
    ICS :
    03.100.01 
  • RSS updates

Life cycle

Sustainable Development Goals

This standard contributes to the following Sustainable Development Goals

3
Good Health and Well-being
8
Decent Work and Economic Growth
9
Industry, Innovation and Infrastructure
11
Sustainable Cities and Communities
14
Life Below Water
15
Life on Land
16
Peace, Justice and Strong Institutions

Got a question?

Check out our FAQs

Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

  2. Store
  3. Standards catalogue
  4. ICS
  5. 03
  6. 03.100
  7. 03.100.01
  8. ISO 31000:2018