What is ISO 31000?
Risk management is the identification and management of those risks that are attached to all of an organisation’s activities, in order to maximise opportunities and minimise adverse effects. ISO 31000 provides internationally recognised guidelines for this. These are not intended for certification, as are the requirements of many other standards, but their use will help formalise and embed sound risk management practices. ISO 31000 defines risk as “the effect of uncertainty on objectives”, thus causing the word “risk” to refer to positive possibilities as well as negative ones. But those too still have to be managed!
