Definition

ISO 31000

ISO 31000 is the international standard providing principles, a framework and a process for risk management applicable to any organization.

ISO 31000:2018 establishes guidelines for managing risks systematically, transparently and reliably. It is not certifiable but a reference framework complementing all ISO management system standards. It defines risk as the effect of uncertainty on objectives.

Key aspects

Risk management principles

Defines 8 principles: integrated, structured, customized, inclusive, dynamic, based on best available information, human and cultural factors, and continual improvement.

Risk management process

Establishes a cyclical process: establish context, identify, analyze, evaluate and treat risks, with continuous communication and monitoring.

Universal reference framework

Applicable to any type of risk (strategic, operational, financial, security) and compatible with all ISO management system standards.

Frequently asked questions

No. ISO 31000 is a guidelines standard, not a requirements standard. There is no accredited ISO 31000 certification. It is used as a reference to improve risk management.

ISO 27001 requires an information security risk assessment process. ISO 31000 provides the methodological framework many organizations adopt to meet that requirement.

Comparison

Ready to act on these findings?

Need an assessment in this area?

Request diagnosis→View research→

Loading content…

ISO 31000

Key aspects

Risk management principles

Risk management process

Universal reference framework

Frequently asked questions

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

ISO 42001 vs EU AI Act: voluntary standard vs mandatory regulation

How to implement ISO 27001 in your organization

How to implement ISO 42001 for AI management

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?

ISO 31000

Key aspects

Risk management principles

Risk management process

Universal reference framework

Frequently asked questions

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

ISO 42001 vs EU AI Act: voluntary standard vs mandatory regulation

How to implement ISO 27001 in your organization

How to implement ISO 42001 for AI management

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?

ISO 31000

Key aspects

Risk management principles

Risk management process

Universal reference framework

Frequently asked questions

Related content

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

ISO 42001 vs EU AI Act: voluntary standard vs mandatory regulation

How to implement ISO 27001 in your organization

How to implement ISO 42001 for AI management

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?

ISO 31000

Key aspects

Risk management principles

Risk management process

Universal reference framework

Frequently asked questions

Related content

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

ISO 42001 vs EU AI Act: voluntary standard vs mandatory regulation

How to implement ISO 27001 in your organization

How to implement ISO 42001 for AI management

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?