Relative to older standards on risk management, the 31000 standard innovates in several areas: The standard does not provide detailed instructions or requirements on how to manage specific risks, nor any advice related to a specific application domain it remains at a generic level. It provides guidelines and principles that can help to undertake a critical review of your organization’s risk management process. The standard provides a uniform vocabulary and concepts for discussing risk management. It outlines a generic approach to risk management, which can be applied to different types of risks (financial, safety, project risks) and used by any type of organization. ISO 31000 is an international standard published in 2009 that provides principles and guidelines for effective risk management.
