The international standard, ISO 31000:2018 Risk management — Guidelines, provides guidelines on managing risk faced by organizations but does not define certification requirements for risk management. It includes definitions and terms, principles, and recommendations for establishing a risk management framework and process but does not include detailed instructions on risk management or advice relevant to any specific domain.
The following are related standards:
- ISO Guide 73:2009 on Risk management – Vocabulary
- ISO 31004:2013 on Risk management – Guidance for the implementation of ISO 31000
- ISO 31010:2009 on Risk management – Risk assessment techniques
Risk management of ISO 31000 is driven by values that are realized by the achievement of objectives. In other words, managing risk is managing the effect of uncertainty on objectives to create and protect values, that is directed by a set of principles, based on a robust management framework, and following a defined process.