The new ISO 31000 Risk Management Standard was released in February. ISO 31000:2018 supersedes ISO 31000:2009. The risks organizations face have changed significantly the last 9 years. Risks such as terrorism and cyber-attacks were not as prevalent a decade ago. To adapt to these new realities and to facilitate risk management, the standard Risk Management standard ISO 31000 has been revised, and the latest version has just been released.
Simple is the best way to describe the new ISO 31000:2018 standard. It is clear and concise while giving enough detail to be applicable to organization anywhere in the world and applied to different processes from finance to production. It has been presented with a simple language where risk management fundamentals can be understood by everyone. To make the standard accessible and easy to understand, its terminology has been revised and certain terms used in risk management have been moved to ISO Guide 73, Risk Management – Vocabulary.
In addition to the changes aimed at making the standard easier to read and apply, there have also been changes regarding the principles of risk management. In ISO 31000:2018 these principles are designed in order for risk management to provide Value Creation and Protection to every organization. These principles make risk management:
- Structured and comprehensive
- Based on best available information
- Aware of human and cultural factors
- Focused on continual improvement
These principles and the standard’s new definition of risk as the “effect of uncertainty on objectives” will drive organizations to look at the internal and external uncertainties that could jeopardize the accomplishments of their objectives. In this way, risk management is tailored to the needs and objectives of each organization. The integrated and inclusive principles help organizations develop a system which brings risk management to the center of decision making and which supports all activities across the organization.
ISO 31000:2018 recognizes risk as ever changing, therefore the system must be flexible and dynamic to adapt to the changing uncertainties, while always focusing on the continual improvement of processes.
Overall, the new ISO 31000:2018 standard presents guidelines for effective and efficient risk management in a simple manner. These guidelines will help organizations understand and address the different uncertainties which will inevitably appear in their path to achieving their objectives.
To the novice quality manager, ISO jargon can be extremely overwhelming. What is an NCR? What do you mean by OFI? Are we certified or accredited? But before you go and pull out your hair, let’s take a moment to go over some of the most frequently used terms and their definitions with regards to ISO and Management System Certification.