ISO 31000

ISO 31000:2018 Risk Management-Guidelines. Available from all national and commercial suppliers of ISO standards, such as SAI Global (for Australians).

This standard updates ISO 31000:2009 Risk Management—Principles and Guidelines. I wouldn’t get impatient about updating to the 2018 version unless you need to quote exact words. Australians – check out HB 436 before ordering ISO 31000. HB 436 includes all the text from ISO 31000:2009.

Peter Blokland is publishing an analysis of changes on LinkedIn from March 2017. You will find other comparisons on the Web. The formal statement of changes within the Foreword to ISO 31000:2018 reads:


The second edition cancels and replaces the first edition (ISO 31000:2009) which has been technically revised.

The main changes compared to the previous edition are as follows:

  • review of the principles of risk management, which are the key criteria for its success;
  • greater emphasis on the iterative nature of risk management, noting that new experiences, knowledge and analysis can lead to a revision of process elements, actions and controls at each stage of the process;
  • streamlining of the content with greater focus on sustaining an open systems model to fit multiple needs and contexts.