# ISO 31000:2018*

Risk management - Guidelines

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
ISO International Organization for Standardization

# Overview

Key components of ISO 31000 are designing, implementing, and reviewing risk management. The key requirement of ISO 31000 is management endorsement, support, and commitment. A key concept in ISO 31000 involves risk management being an embedded component as opposed to a separate activity.

ISO 31000 is an international standard that focuses on designing, implementing, and reviewing risk management processes and practices. It is not intended for certification purposes; implementing it does not address specific or legal requirements related to risk assessments, risk reviews, and overall risk management. The standard explains that proper implementation of a risk management process can be used to:

  • Create and protect value
  • Integrate organizational procedures
  • Be part of the decision-making process
  • Explicitly address uncertainty
  • Be a systematic, structured, and timely risk management program
  • Ensure the risk management program is based on the best available information
  • Be tailored to the organization's business requirements and actual risks
  • Take human and cultural factors into account
  • Ensure the risk management program is transparent and inclusive
  • Create a risk management program that is dynamic, iterative, and responsive to change
  • Facilitate continual improvement and enhancement of the organization