Earlier this year the International Organization for Standardization (ISO) revised their ISO 31000 standard.
With this ISO 31000:2018 standard, ISO promises to “keep risk management simple” and “deliver a clearer, shorter and more concise guide that will help organizations use risk management principles to improve planning and make better decisions.”
Main changes since the previous edition: ISO 31000:2009
According to the ISO, the main changes are:
- Review of the principles of risk management, which are the key criteria for its success
- Focus on leadership by top management who should ensure that risk management is integrated into all organizational activities, starting with the governance of the organization
- Greater emphasis on the iterative nature of risk management, drawing on new experiences, knowledge and analysis for the revision of process elements, actions and controls at each stage of the process
- Streamlining of the content with a greater focus on sustaining an open systems model that regularly exchanges feedback with its external environment to fit multiple needs and contexts
These changes led to a revision of the ISO 31000 model as well (image below).