- Security TWENTY
- Women in Security
BSI, the British Standards Institution (BSI), has published its revised international standard for risk management, BS ISO 31000:2018 Risk management: guidelines.
London-based BSI says he purpose of this standard is to assist an organisation to integrate risk management into all its work. Properly implemented, risk management improves performance, encourages innovation and supports the achievement of objectives. BS ISO 31000 provides best practice guidance on how an organisation can create a framework for risk management strategy which aligns with its broader goals.
A free launch of the new standards BS ISO 31000 Risk management – Guidance and BS 31111 Cyber risk and resilience – Guidance for the governing body and executive management is at the BSI’s Chiswick offices on March 26. Speakers include Fiona Davidge, Julia Graham, Russell Price, Sian John and Richard Peece.
Risk can take many forms – economic, political and environmental. BS ISO 31000 is intentionally broad in its scope, to assist organizations with managing risk of any kind, and is applicable to organisations in all sectors, BSI say.
A change in this revision is a review of the principles of risk management. One of these is continual improvement. This means it is not enough for an organisation to create a risk management framework which is never revisited or reviewed. To be effective, the risk management framework needs to take into account the context of the organisation and its risk management practices so that gaps can be addressed. The parts of the framework and how they work together should always be adapted for specific needs.
Human and cultural factors are also key. For example, opinions will affect risk appetite and the judgement and perception of risk. A traditional hierarchical organization may have very different attitudes to risk to a collaborative, innovation-based company.
This revision highlights the importance of top management not only implementing risk management but promoting it. Ultimately, the effectiveness of risk management depends on its integration into the organisation at all levels.
Anne Hayes, Head of the Governance and Resilience sector at BSI, said: “Effective risk management is about all levels of an organisation strategically planning for today and for tomorrow. BS ISO 31000 provides structured risk management guidance for any organisation so that it can prepare effectively for the future. Having a plan is in the best interests of everyone’s safety, security and resilience.”