ISO 31000:2009
Risk management — Principles and guidelines
ISO 31000:2009 provides principles and generic guidelines on risk management.
ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector.
ISO 31000:2009 can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.
ISO 31000:2009 can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.
Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.
It is intended that ISO 31000:2009 be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.
ISO 31000:2009 is not intended for the purpose of certification.
| Get this standard | Prices exclude GST | |
|---|---|---|
| PDF ( Single user document) |
$118.26 NZD
|
|
| HardCopy |
$152.17 NZD
|
|
| Networkable PDF |
Price varies
|
Scope
Terms and definitions
Principles
Framework
General
Mandate and commitment
Design of framework for managing risk
Understanding of the organization and its context
Establishing risk management policy
Accountability
Integration into organizational processes
Resources
Establishing internal communication and reporting mechanisms
Establishing external communication and reporting mechanisms
Implementing risk management
Implementing the framework for managing risk
Implementing the risk management process
Monitoring and review of the framework
Continual improvement of the framework
Process
General
Communication and consultation
Establishing the context
General
Establishing the external context
Establishing the internal context
Establishing the context of the risk management process
Defining risk criteria
Risk assessment
General
Risk identification
Risk analysis
Risk evaluation
Risk treatment
General
Selection of risk treatment options
Preparing and implementing risk treatment plans
Monitoring and review
Recording the risk management process
Keep me up-to-date
Register to receive notifications when updates are made to this standard.
Related Information
Similar Standards
-
AS/NZS 5050:2010
Business continuity - Managing disruption-related risk
-
AS/NZS 5050(Int):2020
Managing disruption-related risk -
AS/NZS IEC 31010:2020
Risk management - Risk assessment techniques -
AS/NZS IEC 31010:2020 A1
Risk management - Risk assessment techniques
Scope
Terms and definitions
Principles
Framework
General
Mandate and commitment
Design of framework for managing risk
Understanding of the organization and its context
Establishing risk management policy
Accountability
Integration into organizational processes
Resources
Establishing internal communication and reporting mechanisms
Establishing external communication and reporting mechanisms
Implementing risk management
Implementing the framework for managing risk
Implementing the risk management process
Monitoring and review of the framework
Continual improvement of the framework
Process
General
Communication and consultation
Establishing the context
General
Establishing the external context
Establishing the internal context
Establishing the context of the risk management process
Defining risk criteria
Risk assessment
General
Risk identification
Risk analysis
Risk evaluation
Risk treatment
General
Selection of risk treatment options
Preparing and implementing risk treatment plans
Monitoring and review
Recording the risk management process