ISO INTERNATIONAL STANDARD 31000 Second edition 2018-02 Risk management Guidelines Management du risque - Lignes directrices Reference number IS0 31000:2018(E) ISO @IS02018 IS0 31000:2018(E) COPYRIGHTPROTECTEDDOCUMENT @ IS0 2018 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or Iso's member body in the country of the requester. ISO copyright office CP 401 : Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +4122 749 0111 Fax: +41 22 749 09 47 Email: [email protected] Website: www.iso.org Published in Switzerland ii @ IS0 2018 - All rights reserved IS0 31000:2018(E) Contents Page Foreword ..iv Introduction. 1 Scope. 2 Normative references ..1 3 Terms and definitions 4 Principles ..2 5 Framework ..4 5.1 General 4 5.2 Leadership and commitment .5 5.3 Integration .5 5.4 Design .6 5.4.1 Understanding the organization and its context 6 5.4.2 Articulating risk management commitment .6 5.4.3 Assigning organizational roles, authorities, responsibilities and accountabilities 7 5.4.4 Allocating resources. 7 5.4.5 Establishing communication and consultation 7 5.5 Implementation 1 5.6 Evaluation. .8 5.7 Improvement .8 5.7.1 Adapting ..8 5.7.2 Continually improving .8 6 Process. ..8 6.1 General 6.2 Communication and consultation .9 6.3 Scope, context and criteria. 10 6.3.1 General. .10 6.3.2 Defining the scope .10 6.3.3 External and internal context .10 6.3.4 Defining risk criteria. .10 6.4 Risk assessment .11 6.4.1 General. 11 6.4.2 Risk identification 11 6.4.3 Risk analysis .12 6.4.4 Risk evaluation 12 6.5 Risk treatment. .13 6.5.1 General. .13 6.5.2 Selection of risk treatment options .13 6.5.3 Preparing and implementing risk treatment plans ..14 6.6 Monitoring and review ..14 6.7 Recording and reporting .14 Bibliography .16 IS0 2018 - All rights reserved iii