Dynamic Strategies

"What lies behind youand what lies in front of you, pales in comparison to what lies inside of you." ~ Ralph Waldo Emerson.

The International Risk Management Standard

ISO 31000:2009 provides principles and generic guidelines on risk management.

ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector.

ISO 31000:2009 can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.

ISO 31000:2009 can be applied to any type of risk, whatever its nature, whether having positive or negative consequences. Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.

It is intended that ISO 31000:2009 be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.

What is ISO 31000?

ISO 31000 is an international standard developed to help organizations of any size and type to manage risk effectively. Touted as a practical document to help organizations develop their own approach to risk, ISO 31000 provides the principles, framework and generic process for managing any type of risk in a transparent and systematic manner. ISO 31000 can be applied "to any public, private or community enterprise, association, group or individual."

How does ISO 31000 define risk?

Although risk often is defined in terms of negative impact or hazard, ISO 31000 views risk as exposure to the consequences of uncertainty -- positive or negative. Risk management is about identifying the variations from what is planned or desired, and managing those risks to maximize opportunities, minimize losses, and improve decisions and outcomes.

How does ISO 31000 relate to specific risks?

ISO 31000 should not be seen as a replacement for established international standards that are used successfully to manage specific risks in such sectors as machinery safety, transportation, energy, IT and the environment, Rather, it should be viewed as a top-level document that supports those existing standards.

The International Risk Management Standard

The International Risk Management Standard

Can my business become ISO 31000-certified?

ISO 31000 is not a standard in which organizations can seek to be certified. By implementing ISO 31000, organizations can compare their risk management practices with an internationally recognized benchmark that provides sound principles for effective management. The ISO Guide 73 ensures that everybody is using the same terms and definitions when talking about risk.

For risk management to be effective, an organization should at all levels comply with the principles below.

Risk Management:


Steps to ISO/IEC 20000 certification

If you’re already one of our clients and have various standards in place, your Client Manager can help you to assess where you are now, and guide you through the certification process.

If you’re new to Dynamic Strategies, don’t worry, it’s still a simple process.

  • 1. Choose the standard

  • 2. Make contact

  • 3. Meet your assessment team

  • 4. Consider training

  • 5. Review and assessment

  • 6. Certification and beyond