Some organizations want to manage risk because they want to create safe working conditions for their employees or because they want to be good for the environment. Other organizations manage risk because accidents are often more expensive than being proactively safe or simply because they want to comply with certain regulations or standards and perhaps prove this by receiving certificates. Regardless of the reason, managing risk by using a set of regulations or standards as template can simplify the process and make it easier to cover all relevant aspects of risk management.

Well known examples of standards which can be used are the ISO 45001 “Occupational health and safety” or ISO 31000 “Risk management”. Beside ISO’s (which are standards set by the International Organization for Standardization) standards, other examples are ANSI standards (American National Standard Institute) or JCI standards (Joint Commission International).

In the upcoming months, we are going to publish a series of blogs related to this topic. During the series we will cover all chapters of one of the standards using the bowtie method and tools from the CGE portfolio. As we are risk management software developers we are going to use the ISO 31000 standard for this. Also, the ISO 31000 standard is quite light when it comes to discussed matter and therefore easy to understand and translate to your own situation or organization.

What is the ISO 31000 standard?

The ISO 31000 standard is focused on managing risks which can have consequences relating to economic performance, professional reputation, environmental, safety and societal outcomes. Managing those risks effectively will help the organization to perform well in an environment full of uncertainty.

Just like other standards, the ISO 31000 gets updated once every couple of years making the ISO 31000:2018 (year 2018) the most recent one. It describes guidelines and provides principles, a framework and the process for managing risk. As it is a standard it can be used in organizations regardless of their size, activity or industry. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.


In the past we already discussed the changes since the last update of this specific ISO standard. If you didn’t read it yet, you can still do: Main changes in revised ISO 31000 standard – Keep risk management simple

What is the content of the ISO 31000 standard and how are we going to cover this?

As mentioned, the ISO 31000 standard will provide a framework and will guide the organization through the process by covering every relevant aspect of risk management. This can be explained through the below diagram. Managing risk starts with establishing the context and continues through sections of risk assessment, risk treatment, recording and reporting, monitoring and reviewing and communicating and consulting.

In the upcoming months, occasionally a new blog will be published covering one of the chapters below helping you to achieve compliance to the standard by using the CGE software portfolio.

  1. Introduction (todays blog)
  2. Establishing the context
  3. Risk identification
  4. Risk analysis
  5. Risk evaluation
  6. Risk treatment
  7. Recording and reporting
  8. Communication and consultation
  9. Monitoring and review

We hope you will enjoy this blog series!