ISO 31000 is not specific to any country, industry or sector and can be used by any public, private or community enterprise, association, group or individual. CSA Standards, a leading standards-based solutions organization, officially announced Canada’s adoption and availability of the ISO 31000 Risk Management standard. CAN/CSA ISO 31000 Risk Management – Principles and Guidelines is a national standard that provides principles, framework, and process for managing risk in a transparent, systematic and credible manner.
“These principals and guidelines in ISO 31000 Risk Management serve as an overarching guide for organizations and individuals to help incorporate internationally-recognized best practices for identifying and managing risks across financial, strategic, and operational areas,” says Doug Morton, director, life sciences & business management, CSA Standards. “The Canadian adoption of the ISO 31000 Risk Management standard will enable Canadian organizations to compare their practices with an internationally-recognized benchmark, providing them with sound principles for effective risk management.”
Risk management is the identification, assessment, and treatment of “risks” that may affect an organization, business or municipality, negatively, including those which can occur through accidents, disasters, natural causes, legal or financial liabilities or opportunities, or positively, such as new technologies, business ventures or continual improvement. The standard will help users manage such risks though careful consideration and awareness of vulnerabilities and opportunities arising from potential and existing risk sources so that they can implement and continuously improve a risk management framework as an integral component of their organization’s governance and management system.
ISO 31000 can be integrated with other management systems such as ISO 14001 Environmental Management; Z1000 Occupational Health and Safety Management; the OHSAS 18001 Occupational Health and Safety Management System Requirements; and Z1002 Occupational Health and Safety – Hazards and Risks – Identification, assessment, elimination and control (currently under development). It can also be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.
The ISO 31000 Risk Management Standard was initially developed by the International Organization for Standardization (ISO), a worldwide federation of national standards bodies representing approximately 140 countries. Following approval by the Standards Council of Canada, the CAN/CSA ISO 31000 Risk Management – Principles and Guidelines standard is now being offered by CSA Standards as a National Standard of Canada.
This standard is not a certification standard. While providing principles and guidelines, it also enables organizations the flexibility to develop and implement risk management in a uniform way that also meets the needs of the organization and its stakeholders. ISO 31000 provides generic guidelines for the design and implementation of risk management plans and frameworks that take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed. The CAN/CSA ISO 31000 is available for purchase in both English and French at
CSA Standards is also developing a new edition of its existing risk management standard to supplement the international standard. CSA Q850-10 Risk Management – Implementation of CAN/CSA ISO 31000 will provide further guidance to implementing the international standard taking into account the need of Canadian stakeholders. CSA Q850-10 is available for public review until March 21, 2010. Publication is expected in late summer 2010.
Additionally, CSA Standards is offering a series of training programs to assist organizations in adopting and implementing the standard through its Education and Training area. The programs include an introduction to ISO 31000, organizational risk assessment and an implementation workshop. For more details visit: