What is this standard about?
Organizations of every size and sector need to manage the factors that threaten the achievement of their objectives. This standard provides guidelines on how to do that.
Who is this standard for?
Relevant in all markets and sectors, this standard has been developed specifically for people who create and protect value in organizations by managing risks, making decisions, setting and achieving objectives and improving performance.
Why should you use this standard?
- It provides guidelines on managing the risks that organizations face. These guidelines can be customized to any organization and its context.
- It provides a common approach to managing any type of risk and is not industry- or sector-specific.
- It can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.
- The concepts in this document are also included in all of the key ISO standards, such as ISO 14001, ISO 27001, ISO 9001, ISO 22301 and ISO 45000.
NOTE: This is a guidance standard which is sometimes mistaken for a management system standard because it provides a “framework” for risk management. However it is not a management system and does not provide “requirements”.
What’s changed since the last update?
In revising the standard, very few technical changes were needed. Instead, the focus was on providing greater clarity, making the document more succinct and providing user-friendly language.
As a result, this version will enable the terms, concepts and process of risk management to be better understood, communicated and applied. The revision also includes more emphasis on the importance of human and cultural factors in achieving an organization’s objectives and on embedding risk management within the decision-making process.