ISO 31000 (Risk management – principles and guidelines) is currently under revision by ISO Technical Committee ISO/TC 262/WG 2 in line with the five year revision cycle of all ISO standards. Unlike ISO 9001 (quality) and ISO 14001 (environmental) however, ISO 31000 isn’t a management system standard and so is not certifiable within the accredited certification process, but its’ revision is still significant.
Why does ISO 31000 matter if it isn’t certifiable?
ISO 31000 is a reference document which links very closely with Annex SL, the high level structure that all new and revised ISO management system standards are written in line with. Understanding risk and how to manage it is key within the Planning requirements (clause 6) of Annex SL. Although not specifically referenced in all the newly structured management system standards such as ISO 9001:2015 and ISO 14001:2015, it does appear in others including ISO 27001 and ISO 22301 and references to ISO 31000 appear within publicly available guidance for both ISO 9001 and ISO 14001.
When will the revised standard be published?
ISO 31000 is still in the early stages of the revision process and publication of the final standard isn’t expected until mid-2016 although current information from the International Organization for Standardization (ISO) also suggests that publication could be as late as 2017.
So do I need to do anything?
In relation to ISO 31000, no you don’t need to do anything. With the revisions to both ISO 9001 and ISO 14001 at Final Draft International Stage (FDIS) and the publication of both ISO/FDIS 9001:2015 and ISO/FDIS 14001:2015 expected imminently, organisations currently certified to one or both of these standards should be focusing on preparing for transition to these new standards. The recommendation from ISO is that ISO 31000 can continue to be used as a guidance document.