ISO 31000 defines risk as “the effect of uncertainty on objectives”. Translation: How likely is a certain event or a particular consequence of a process going to happen? And will it have a positive or negative impact on your organization’s objectives?
An ISO 31000 risk management system, certified on the basis of ONR 49001, gives your organization the tools to accurately identify, evaluate and manage economic, technical and social risks before it’s too late.
Risk management is a top priority for senior management. If you’re a top management executive who wants to operate a comprehensive risk management system that goes beyond the risk-based approach of ISO 9001, you should give ISO 31000 a closer look. This standard provides guidance on implementing a systematic risk management system that supports entire organizations regardless of size or industry. It isn’t restricted to specific risk types or business segments, either. Instead, it focuses on building a highly customized system that reflects your organization’s strategy, processes and organizational structures.
Since the current 2009 version of ISO 31000 contains no concrete requirements, your risk management system is certified against ONR 49001, a suitable Austrian standard. To be eligible, you must have a process-driven management system already in place, such as one based on ISO 9001. In our certification audit, we determine whether you meet the requirements of ONR 49001 in all respects. The DQS certificate serves as proof of your organization’s compliance. An annual surveillance audit ensures process stability. You can recertify after three years.