ISO 31000 2018 Risk Management

ISO 31000 philosophy has been a holistic approach to Risk Management, ensuring both positive and negative risk assessments are completed respective to each organisational department. Effective risk management can greatly attribute to greater sustained business growth.

The principles and practices in ISO 31000 can be applied throughout a wide range of activities with an organisation. These activities include:

  • strategies and decisions,
  • operations,
  • processes,
  • functions,
  • projects,
  • products,
  • services and
  • assets.

ISO 31000 does not provide detailed instructions or requirements on how to manage specific risks, nor any advice related to a specific application domain; it remains at a generic level.


  • Responsible business growth

    Responsible business growth which minimises losses

  • Targeted developmental plans

    Targeted developmental plans protects against and reacts to global fluctuations

  • Resilience and confidence

    Resilience and confidence amongst stakeholder relations

Most organisations have more than one management system standard. Uncoordinated systems take up extra time and resources, so there is a clear need to find a way of integrating and combining the standards in the best possible way. Existing management system standards often have different structures, requirements and terminology, so integration is challenging. To address this problem, ISO developed Annex SL – the framework for a generic management system and the blueprint for all new and revised management system standards in future

Additional Info

Annex SL applies to all management system standards, including full ISO standards. The revised ISO 9001 and ISO 14001, as well as the new ISO 45001 will all be based on the Annex SL high-level structure, as follows: