Travel risk management — Guidance for organizations

This document gives guidance to organizations on how to manage the risk(s), to the organization and its travellers, as a result of undertaking travel. This document provides a structured approach to the development, implementation, evaluation and review of: policy; programme development; threat and hazard identification; opportunities and strengths; risk assessment; prevention and mitigation strategies. This document is applicable to any type of organization, irrespective of sector or size, including but not limited to: commercial organizations; charitable and not-for-profit organizations; governmental organizations; non-governmental organizations; educational organizations. This document does not apply to tourism and leisure-related travel, except in relation to travellers travelling on behalf of the organization.

Gestion des risques liés aux voyages — Recommandations pour les organismes

Le présent document fournit des recommandations aux organismes sur la manière de gérer le ou les risques, pour l’organisme et ses voyageurs, lorsqu’ils effectuent un voyage. Le présent document fournit une approche structurée pour l’élaboration, la mise en œuvre, l’évaluation et le contrôle des éléments suivants: la politique; l’élaboration de programmes; l’identification des menaces et des dangers; les opportunités et les points forts; l’appréciation du risque; les stratégies de prévention et d’atténuation. Le présent document s’applique à tout type d’organisme, quel que soit son secteur d’activité ou sa taille, y compris, sans s’y limiter: les organismes commerciaux; les organismes caritatifs et à but non lucratif; les organismes publics; les organisations non gouvernementales; les organismes éducatifs. Le présent document ne s’applique pas aux voyages à but touristique et de loisirs, sauf en ce qui concerne les voyageurs qui voyagent pour le compte de leur organisme.

Obvladovanje tveganja na potovanjih - Napotki za organizacije

General Information

Status
Published
Publication Date
13-Sep-2021
ICS
03.100.01 - Company organization and management in general
Technical Committee
ISO/TC 262 - Risk management
Drafting Committee
ISO/TC 262 - Risk management
Current Stage
6060 - International Standard published
Start Date
14-Sep-2021
Due Date
06-Jul-2021
Completion Date
14-Sep-2021
Ref Project
SIST ISO 31030:2021 - Travel risk management - Guidance for organizations

ISO 31030:2021 - Travel risk management (Overview)

ISO 31030:2021 provides practical guidance for organizations to identify, assess and treat risks associated with work‑related travel. It helps organizations establish a structured travel risk management (TRM) programme - from policy and programme development through risk assessment, prevention, mitigation and review - to meet duty of care obligations for travellers. The standard is applicable to any organization type or size (commercial, charitable, governmental, NGO, educational) and excludes tourism/leisure travel except when undertaken on behalf of the organization.

Key topics and technical requirements

ISO 31030 is guidance-based and is aligned with ISO 31000 (risk management principles) and ISO 45001 (occupational health & safety). Major thematic areas include:

  • Context and stakeholders
    • Understanding operating context, traveller populations and stakeholder roles.
  • Leadership, policy and governance
    • Senior commitment, clear travel risk policy, roles, responsibilities and accountability.
  • Programme lifecycle
    • Planning, implementation, monitoring, evaluation and continual improvement of TRM programmes.
  • Travel risk assessment
    • Systematic risk identification, analysis and evaluation specific to travel exposures.
  • Risk treatment options
    • Avoidance (e.g., pre‑travel authorizations, restrictions), reduction (training, medical and security controls), and sharing (insurance, specialist cover).
  • Operational controls
    • Accommodation selection, transportation safety, journey management, information security and privacy.
  • Preparedness and response
    • Traveller tracking, incident management, evacuation and kidnap & ransom planning, medical/security support services.
  • Communication, recording and metrics
    • Strategic communications, operational protocols, programme metrics, benchmarking and reporting.

Practical applications - who uses ISO 31030

ISO 31030 is used by organizations to design proportionate travel risk management that supports business objectives while protecting travellers. Typical users and applications:

  • Risk managers, travel managers and EHS/security teams - to build or formalize TRM programmes, pre‑travel authorization workflows, and traveller tracking.
  • HR, legal and compliance - to define duty of care, insurance and policy requirements.
  • Operational teams and field managers - to apply journey management, accommodation selection and incident escalation procedures.
  • Executives and boards - to understand travel risk appetite, governance and reporting.

Benefits include improved traveller safety, reduced operational disruption, documented duty of care and better-informed travel decision‑making.

Related standards

  • ISO 31000 - Risk management principles and framework (foundation for TRM).
  • ISO 45001 - Occupational health and safety management (alignment with traveller health and safety).

Keywords: ISO 31030, travel risk management, travel risk assessment, duty of care, traveller tracking, incident management, evacuation planning, travel policy.

Buy Documents

ISO 31030:2021 - BARVE - Page 3 previewISO 31030:2021 - BARVE - Page 1 previewISO 31030:2021 - BARVE - Page 2 previewISO 31030:2021 - BARVE - Page 4 preview
PreviousNext
Standard

ISO 31030:2021 - BARVE

English language (56 pages)
Preview
Preview
e-Library read for
1 day
ISO 31030:2021 - Travel risk management — Guidance for organizations Released:9/14/2021 - Page 1 previewISO 31030:2021 - Travel risk management — Guidance for organizations Released:9/14/2021 - Page 2 previewISO 31030:2021 - Travel risk management — Guidance for organizations Released:9/14/2021 - Page 3 previewISO 31030:2021 - Travel risk management — Guidance for organizations Released:9/14/2021 - Page 4 preview
PreviousNext
Standard

ISO 31030:2021 - Travel risk management — Guidance for organizations Released:9/14/2021

English language (48 pages)
sale 15% off
Preview
sale 15% off
Preview
ISO 31030:2021 - Gestion des risques liés aux voyages — Recommandations pour les organismes Released:9/14/2021 - Page 1 previewISO 31030:2021 - Gestion des risques liés aux voyages — Recommandations pour les organismes Released:9/14/2021 - Page 2 previewISO 31030:2021 - Gestion des risques liés aux voyages — Recommandations pour les organismes Released:9/14/2021 - Page 3 previewISO 31030:2021 - Gestion des risques liés aux voyages — Recommandations pour les organismes Released:9/14/2021 - Page 4 preview
PreviousNext
Standard

ISO 31030:2021 - Gestion des risques liés aux voyages — Recommandations pour les organismes Released:9/14/2021

French language (52 pages)
sale 15% off
Preview
sale 15% off
Preview
ISO 31030:2021 - Travel risk management — Guidance for organizations - Page 1 previewISO 31030:2021 - Travel risk management — Guidance for organizations - Page 2 previewISO 31030:2021 - Travel risk management — Guidance for organizations - Page 3 previewISO 31030:2021 - Travel risk management — Guidance for organizations - Page 4 preview
PreviousNext
Standard

ISO 31030:2021 - Travel risk management — Guidance for organizations

Release Date:09-Mar-2026
Spanish language (50 pages)
sale 15% off
Preview
sale 15% off
Preview

Get Certified

Connect with accredited certification bodies for this standard

BSI Group

BSI (British Standards Institution) is the business standards company that helps organizations make excellence a habit.

UKAS United Kingdom Verified
Visit Website

Bureau Veritas

Bureau Veritas is a world leader in laboratory testing, inspection and certification services.

COFRAC France Verified
Visit Website

DNV

DNV is an independent assurance and risk management provider.

NA Norway Verified
Visit Website

Sponsored listings

Frequently Asked Questions

ISO 31030:2021 is a standard published by the International Organization for Standardization (ISO). Its full title is "Travel risk management — Guidance for organizations". This standard covers: This document gives guidance to organizations on how to manage the risk(s), to the organization and its travellers, as a result of undertaking travel. This document provides a structured approach to the development, implementation, evaluation and review of: policy; programme development; threat and hazard identification; opportunities and strengths; risk assessment; prevention and mitigation strategies. This document is applicable to any type of organization, irrespective of sector or size, including but not limited to: commercial organizations; charitable and not-for-profit organizations; governmental organizations; non-governmental organizations; educational organizations. This document does not apply to tourism and leisure-related travel, except in relation to travellers travelling on behalf of the organization.

This document gives guidance to organizations on how to manage the risk(s), to the organization and its travellers, as a result of undertaking travel. This document provides a structured approach to the development, implementation, evaluation and review of: policy; programme development; threat and hazard identification; opportunities and strengths; risk assessment; prevention and mitigation strategies. This document is applicable to any type of organization, irrespective of sector or size, including but not limited to: commercial organizations; charitable and not-for-profit organizations; governmental organizations; non-governmental organizations; educational organizations. This document does not apply to tourism and leisure-related travel, except in relation to travellers travelling on behalf of the organization.

ISO 31030:2021 is classified under the following ICS (International Classification for Standards) categories: 03.100.01 - Company organization and management in general. The ICS classification helps identify the subject area and facilitates finding related standards.

ISO 31030:2021 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.

Standards Content (Sample)


SLOVENSKI STANDARD
01-december-2021
Obvladovanje tveganja na potovanjih - Napotki za organizacije
Travel risk management - Guidance for organizations
Gestion des risques liés aux voyages - Recommandations pour les organismes
Ta slovenski standard je istoveten z: ISO 31030:2021
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
03.200.01 Prosti čas in turizem na Leisure and tourism in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

INTERNATIONAL ISO
STANDARD 31030
First edition
2021-09
Travel risk management — Guidance
for organizations
Gestion des risques liés aux voyages — Recommandations pour les
organismes
Reference number
©
ISO 2021
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Understanding the organization and its context. 5
4.1 Operating context . 5
4.1.1 General. 5
4.1.2 Industry/sector specific . 6
4.1.3 Risk profile . 6
4.2 Stakeholders . 6
4.3 Travelling population . 7
4.4 Business objectives, risk appetite and criteria . 8
4.5 Travel risk management and delivery . 8
5 Managing travel risk . 8
5.1 Leadership and commitment . 8
5.2 Policy . 9
5.3 Roles, responsibilities and accountability .10
5.4 Objectives.10
5.5 Planning/establishing the programme .10
5.6 Implementation .11
6 Travel risk assessment .12
6.1 General .12
6.2 Risk identification .14
6.3 Risk analysis .14
6.4 Risk evaluation .15
7 Travel risk treatment .16
7.1 General .16
7.2 Risk avoidance .16
7.2.1 Pre-travel authorizations.16
7.2.2 Restrictions .17
7.3 Risk sharing .17
7.3.1 General.17
7.3.2 General insurance .17
7.3.3 Specialist insurance .18
7.4 Risk reduction .18
7.4.1 Selecting treatment options .18
7.4.2 Competence .19
7.4.3 Information, advice and updates .19
7.4.4 Communication protocols/platforms .19
7.4.5 Accommodation selection . .20
7.4.6 Information security and privacy protection .20
7.4.7 Transportation .21
7.4.8 Journey management .22
7.4.9 Medical and health risk reduction .22
7.4.10 Medical and security support services .24
7.4.11 Incident management planning .24
7.4.12 Incident and emergency contact points .25
7.4.13 Traveller tracking .26
7.4.14 Kidnap and ransom planning .27
7.4.15 Evacuation planning .27
8 Communication and consultation .27
8.1 Programme/strategic communications .27
8.2 Operational/technical communications .28
9 Programme monitoring and review .29
9.1 General .29
9.2 Surveys .30
9.3 Benchmarking.30
9.4 Metrics .30
10 Programme recording and reporting .31
10.1 General .31
10.2 Documentation .31
10.3 Recording and reporting .32
Annex A (informative) Development and implementation of a TRM programme .34
Annex B (informative) Minors travelling without legal guardians .37
Annex C (informative) Travel considerations during global disruption .40
Annex D (informative) Risk treatment restrictions .42
Annex E (informative) Training .43
Annex F (informative) Considerations for accommodation in higher-risk locations .45
Bibliography .48
iv © ISO 2021 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 262, Risk management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
Introduction
This document is intended to assist those managing and participating in organizational travel. The
management of travel risk is a component of any organization’s travel-related activities and should
include interaction with stakeholders.
There are many reasons why people travel for their organization. Travelling has increasingly become
a common feature of people’s jobs or functions. Consequently, organizations need to meet their duty of
care across multiple jurisdictions in different parts of the world.
Travellers, whether international or domestic, can be faced with unfamiliar situations and environments
that have different risk profiles to those of their normal location. Road accidents, disease outbreaks,
epidemics and natural disasters, as well as conflict, crime (including cyber and information), cyber
threats, terrorism and political and socially motivated instability, can threaten the safety, security
(including information security) and health (including mental health) of travellers, and can adversely
affect the outcome of their travel objectives.
NOTE Unless otherwise indicated, any reference to security also includes information security.
Managing risks for travel to a country where the organization has no local base requires more
comprehensive controls than for locations where risk profiles are well known and treatments have
already been established. Timeliness and accuracy of intelligence, analysis and advice, including travel
warnings, are increasingly important in influencing travel decisions.
Travel risk management (TRM) requires that organizations anticipate and assess the potential for
events, develop treatments and communicate anticipated risk exposures to their travellers. Advising
and providing travellers with adequate medical and emergency response guidance, security and
information security precautions, including challenges to travel logistics, can significantly impact the
outcome of disruptive events.
This document provides a means for organizations to demonstrate that travel decisions are based on
the organization’s capacity to treat risk using internal resources or with external assistance. Not all
travel requires the same level of rigour for risk assessment and management. Although this document
provides a comprehensive set of risk treatment options that an organization can consider, application
should be reasoned and proportionate to the risk exposure. This will help the organization and
individual travellers realize the opportunities and benefits for which travel is required.
This document proposes that the organization’s overall appetite and acceptance of risk should not take
precedence, or be used exclusively, in deciding whether travel is appropriate for security, safety or
health reasons.
This document is based on the principles, framework and process of ISO 31000, as illustrated in
Figure 1. Travel-related risk presents a specific context and an organization’s existing risk management
process can be adapted to reflect this. It is also aligned with the core occupational health and safety
management system set out in ISO 45001. As such, elements of this document can assist or inform
organizations developing such management systems, but it is not a management system standard.
This document can be used on a standalone basis or integrated within other risk management
programmes.
vi © ISO 2021 – All rights reserved

Figure 1 — Principles, framework and process
One of the aims of this document is to promote a culture where travel-related risk is taken seriously,
resourced adequately, and managed effectively. And where the benefits to the organization and relevant
stakeholders are recognized. Such benefits include:
— protecting personnel, data, intellectual property and assets;
— reducing legal and financial exposure;
— enabling business in high-risk locations;
— enhancing an organization’s reputation and credibility, which in turn can have a positive effect on
competitiveness, staff turnover and talent acquisition;
— improving worker confidence in health, safety and security arrangements with regard to travel;
— contributing to business continuity capability and organizational resilience;
— demonstrating the organization’s ability to control its travel-related risks effectively and efficiently,
which can also help in lowering its insurance premiums;
— providing assurance to business partners, thus banks and investors will be more willing to finance
its business;
— enabling the organization to meet customers’ expectations in terms of the security and stability of
their supply chain;
— increasing general productivity;
— contributing to meeting the sustainable development goals by strengthening the social dimension
of sustainability.
In this document, the following verbal forms are used:
a) “should” indicates a recommendation;
b) “may” indicates a permission;
c) “can” indicates a possibility or a capability.
Information marked as “NOTE” is intended to assist the understanding or use of the document.
“Notes to entry” used in Clause 3 provide additional information that supplements the terminological
data and can contain provisions relating to the use of a term.
viii © ISO 2021 – All rights reserved

INTERNATIONAL STANDARD ISO 31030:2021(E)
Travel risk management — Guidance for organizations
1 Scope
This document gives guidance to organizations on how to manage the risk(s), to the organization and
its travellers, as a result of undertaking travel.
This document provides a structured approach to the development, implementation, evaluation and
review of:
— policy;
— programme development;
— threat and hazard identification;
— opportunities and strengths;
— risk assessment;
— prevention and mitigation strategies.
This document is applicable to any type of organization, irrespective of sector or size, including but not
limited to:
— commercial organizations;
— charitable and not-for-profit organizations;
— governmental organizations;
— non-governmental organizations;
— educational organizations.
This document does not apply to tourism and leisure-related travel, except in relation to travellers
travelling on behalf of the organization.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 31000, Risk management — Guidelines
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 31000 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
competence
ability to apply knowledge and skills to achieve intended results
Note 1 to entry: This constitutes one of the common terms and core definitions of the harmonized structure for
ISO management system standards.
[SOURCE: ISO 22300:2021, 3.1.42]
3.2
crisis
abnormal or extraordinary event or situation that threatens an organization (3.9) and requires a
strategic, adaptive and timely response in order to preserve its viability and integrity
Note 1 to entry: The event can include a high degree of uncertainty.
Note 2 to entry: The event can exceed the response capacity or capability of the organization.
Note 3 to entry: Given the nature of a crisis, it is possible that there will not be an adequate or appropriate plan to
deal with the event, such that a flexible and dynamic approach is needed.
3.3
crisis management team
group of individuals functionally responsible for the direction and implementation of the organization’s
(3.9) crisis (3.2) management capabilities
3.4
duty of care
moral responsibility or legal requirement of an organization (3.9) to protect the traveller (3.21) from
hazards (3.5) and threats (3.17)
Note 1 to entry: The legal aspect of duty of care can arise from, among others, negligence, contract and statute.
Note 2 to entry: Legal requirements and how they arise, including insurance coverage, can differ between
jurisdictions.
Note 3 to entry: Legal requirements can be qualified in scope (e.g. it is possible they will not be absolute).
Note 4 to entry: Organizations should seek advice from a competent legal adviser to ascertain the scope and
nature of their duty of care relating to the context of this document.
3.5
hazard
source of potential harm
1)
[SOURCE: ISO 31073:— , 3.7.5, modified — Note 1 to entry has been deleted.]
3.6
incident
adverse event that can be, or can lead to, a disruption, loss, emergency or crisis (3.2)
Note 1 to entry: An incident can negatively impact a traveller’s (3.21) health, safety and security.
Note 2 to entry: An incident can negatively impact the organization (3.9), e.g. by reputational damage, financial
loss.
Note 3 to entry: An incident can negatively impact organizational resilience.
1) Under preparation. Stage at the time of publication: ISO/DIS 31073:2021.
2 © ISO 2021 – All rights reserved

3.7
incident management team
group of individuals functionally responsible for planning for the likelihood and management of an
incident (3.6)
Note 1 to entry: Responsibilities of the incident management team can include liaison with external organizations
(3.9), stakeholders (3.15) and families.
3.8
off-duty time
time when travellers (3.21) are not engaged in work activities but remain under the general supervisory
responsibility of the organization (3.9)
Note 1 to entry: This can include a weekend depending on the trip duration.
3.9
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation,
firm, enterprise, authority, partnership, association, charity or institution, or part or combination thereof,
whether incorporated or not, public or private.
[SOURCE: ISO 31022:2020, 3.4, modified — Note 1 to entry has been modified.]
3.10
personal leave time
period of time, occurring before, after or within the scheduled duration of the work activity or project,
that falls outside the supervisory responsibility of the organization (3.9)
3.11
provider
organization (3.9) providing services or products, or both, to the organization in accordance with
agreed specifications, terms and conditions
3.12
risk
effect of uncertainty on objectives
Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address,
create or result in opportunities and threats (3.17).
Note 2 to entry: Objectives can have different aspects and categories and can be applied at different levels.
Note 3 to entry: Risk is usually expressed in terms of risk sources, potential events, their consequences and their
likelihood.
[SOURCE: ISO 31000:2018, 3.1]
3.13
risk assessment
overall process of risk identification, risk analysis and risk evaluation
[SOURCE: ISO 31073:—, 3.6.1]
3.14
risk treatment
process to modify risk (3.12)
Note 1 to entry: Risk treatment can involve:
— avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
— taking or increasing risk in order to pursue an opportunity;
— removing the risk source;
— changing the likelihood;
— changing the consequences;
— sharing the risk with another party or parties (including contracts and risk financing);
— retaining the risk by informed decision.
Note 2 to entry: Risk treatments that deal with negative consequences are sometimes referred to as “risk
mitigation”, “risk elimination”, “risk prevention” and “risk reduction”.
Note 3 to entry: Risk treatment can create new risks or modify existing risks.
[SOURCE: ISO 31073:—, 3.10.1]
3.15
stakeholder
person or organization (3.9) that can affect, be affected by, or perceive themselves to be affected by a
decision or activity
Note 1 to entry: The term “interested party” can be used as an alternative to “stakeholder”.
[SOURCE: ISO 31000:2018, 3.3]
3.16
student
individual on placement, internship, apprenticeship or otherwise, under the control of an employing
organization (3.9) as part of a training programme, or enrolled in a school or other educational
institution
Note 1 to entry: As students can be under the age of legal responsibility, it is possible they will not be able to
make legal decisions themselves.
3.17
threat
potential source of danger, harm or other undesirable outcome
[SOURCE: ISO 31073:—, 3.7.7, modified —Notes 1 and 2 to entry have been deleted.]
3.18
travel
movement of a person(s), on behalf of an organization (3.9), which comes within the scope of the
organization’s duty of care (3.4)
Note 1 to entry: The movement can be either domestic or international.
3.19
travel risk
effect of uncertainty on objectives due to travel (3.18)
3.20
travel risk management
TRM
coordinated activities to direct and control an organization (3.9) with regard to travel risk (3.19)
3.21
traveller
person(s) undertaking travel (3.18)
4 © ISO 2021 – All rights reserved

3.22
worker
person performing work or work-related activities that are under the direct or indirect control of the
organization (3.9)
Note 1 to entry: Persons perform work or work-related activities under various arrangements, paid or unpaid,
such as regularly or temporarily, intermittently or seasonally, casually or on a part-time basis.
Note 2 to entry: Workers include top management, managerial and non-managerial persons.
Note 3 to entry: The work or work-related activities performed under the control of the organization may be
performed by workers employed by the organization, workers of external providers (3.11) (contractors, sub-
providers), individuals, agency workers, and by other persons to the extent the organization shares control over
their work or work-related activities, according to the context of the organization.
[SOURCE: ISO 45001:2018, 3.3, modified — “direct or indirect” has been added to the definition and
“sub-providers” has been added to Note 3 to entry.]
4 Understanding the organization and its context
4.1 Operating context
4.1.1 General
It is important that an organization has a clear understanding of the factors that can affect or influence
its TRM programme objectives, including the external and internal context in which it operates.
The external context can include, but is not limited to:
a) political, socio-economic, cultural, religious/ethical, legal or regulatory factors, whether
international, national, regional or local;
b) political violence (including terrorism, insurgency, politically motivated unrest and war);
c) social unrest (including sectarian, communal and ethnic violence);
d) violent and petty crime;
e) the quality, availability and reliability of the modes of transport;
f) the quality, availability and reliability of telecommunications;
g) the state of industrial relations;
h) the effectiveness of public and private security and emergency services;
i) the responsibilities of other parties (e.g. clients) for the organization’s travellers;
j) natural or geological factors;
k) susceptibility to natural disasters;
l) potential health hazards, including epidemics and pandemics;
m) the quality of local health infrastructure and medical care;
n) information/cyber security;
o) the quality of hotel/accommodation;
p) ground/road conditions.
The internal context can include, but is not limited to, the organization’s:
— vision, mission, values and culture;
— governance, structure, roles responsibilities and accountabilities;
— strategy, objectives and policies;
— plans, standards, guidelines, regulations and instructions;
— risk management strategy and risk criteria;
— range and type of travel activities;
— capabilities, including traveller competences and profiles;
— resources, techniques and tools needed to manage organizational travel risk;
— data, information systems and information flows.
4.1.2 Industry/sector specific
The industry/sector in which an organization operates is another factor which can affect the risks faced
by travellers. An organization should be aware of the relevant legislation, regulatory requirements,
codes of practice, etc. which are relevant to their industry/sector in their country of origin and in other
countries in which they operate. It should also take account of its duty of care, business resilience
policies and arrangements and sustainability objectives, which can all have a positive effect on risk
treatment considerations.
Organizations need to proactively monitor and review their identified, evolving and emerging risks.
Their impact on the organization’s TRM should be considered and any changes recorded and acted
upon.
4.1.3 Risk profile
An organization should have a clear understanding of its risk profile and the dynamic TRM landscape
in which it operates or plans to operate. To do this, an organization should review TRM objectives in
relation to:
— context of the organization;
— the operational sector of the organization;
— specific operations or assignments, or both;
— destinations;
— individual traveller profiles and objectives.
A risk profile can incorporate different risks which can be interdependent.
The risk profile for travel should be reviewed regularly and after any significant change in the internal
and external operational context. Results should be made known through internal and external
communications.
4.2 Stakeholders
The organization should determine the internal and external stakeholders that are relevant to TRM
(see Table 1).
6 © ISO 2021 – All rights reserved

Depending on the size of the organization and its organizational travel needs, the TRM function can
be combined with other functions. Certain functions can also be supported by specialist third-party
providers.
Table 1 — Example of internal and external stakeholders
Internal stakeholders (including those for functions) External stakeholders
— health and safety/environment, — marketing and — insurance providers
health and safety/occupational communications
— travel management
health and safety
— board of directors companies
— corporate security/information
— procurement and sourcing — TRM companies
security
— compliance — appropriate government
— data privacy
agencies
— operations
— business continuity
— regulators and emergency
— workers/students
— crisis management services
— insurance
— incident management — providers and sub-
providers
— finance
— corporate social responsibility/
sustainability — clients
— audit
— global travel/corporate travel — travellers’ designated
— legal
emergency contact
— human resources/internal mobility/
— unions/workers council
training — travellers’ dependants
— travel and mobility
— regional management — local partners or
communities
— medical
— risk management
— security
4.3 Travelling population
Attention needs to be given to the traveller’s profile in relation to destinations because factors such as
race, competencies, nationality, cultural identity, gender, sexual orientation, religion, age, occupation,
position, disability or medical history can all affect the risks associated with the travel. The risks can
extend beyond safety and security and can also include medical and other needs.
An organization can have several different types of traveller, or group of travellers, all with varying duty
of care requirements. The TRM team should liaise closely with the organization’s human resources or
legal department to develop a full understanding of the different types of travellers. These can include,
among others:
— direct workers;
— other workers in the organization and its supply chain;
— interns and guests of the organization;
— families (and others that rely on the traveller for support, e.g. financial support) travelling with the
primary traveller;
— students/pupils of universities/schools.
The pattern of travel should also be considered, for example:
— distinguishing short-term and long-term travellers (including expatriates);
— nationally based, remote workers;
— workers on rotation.
4.4 Business objectives, risk appetite and criteria
An organization should balance its business objectives and opportunities with the steps necessary
to manage the risks and threats it encounters. Risk treatment options should be proportionate to the
level of risk foreseen or expected. An organization should consider the level of risk it is prepared to
accept to meet its business objectives and take advantage of any opportunities, while putting in place
appropriate measures to manage the risk effectively and efficiently. There can be occasions where the
level of risk is unacceptable and the travel should not take place.
The organization’s travel risk criteria should be recorded in the TRM policy.
4.5 Travel risk management and delivery
The nature and scale of an organization’s travel risk will inform how the risk is managed and delivered.
The risk profile of an organization with occasional travel to low-risk locations is very different to one
operating frequently in high-risk locations.
The risk profile will also inform the extent to which the organization can manage the risks using its
own resources or will need to rely on support from third-party providers to assist or deliver necessary
functions. This will be an important factor to address when developing and implementing a TRM policy
and programme. Due consideration should be given to providing a cost–benefit analysis to aid the
decision-making process. Further guidance on cost–benefit analysis can be found in IEC 31010.
5 Managing travel risk
5.1 Leadership and commitment
Top management should take and demonstrate ownership of the organization’s travel risks and provide
evidence of its commitment and support in their effective management by:
— taking accountability for the effectiveness of the TRM process;
— ensuring that the TRM policy and TRM objectives are established and are compatible with the
strategic direction of the organization;
— ensuring the integration of TRM into the organization’s business processes;
— ensuring that the resources needed for the TRM programme are available;
— communicating the importance of effective TRM and of conforming to the TRM process and its legal
responsibilities;
— ensuring that the TRM programme achieves its intended outcome(s);
— directing and supporting persons to contribute to the effectiveness of the TRM programme;
— supporting other relevant management roles to demonstrate their leadership as it applies to their
areas of responsibility;
— conducting, at planned intervals, management reviews of the TRM programme;
— promoting improvement.
An organization should provide instructions and adequate resources for the development and
implementation of a travel risk programme.
8 © ISO 2021 – All rights reserved

5.2 Policy
The TRM policy should be a high-level document that indicates the organization’s TRM strategy, which
is part of its broader risk management strategy. This policy should be fully aligned with the intentions
and direction of the organization, as formally expressed by its top management.
Top management should establish a TRM policy that:
— defines the overall principles, intention and direction to achieve objectives;
— is appropriate for the needs and resources of the organization;
— becomes an integral part of the organization’s management policy;
— is aligned with the organization’s risk management, business continuity, travel procurement and
sustainability policies;
— refers to relevant legislation, standards, policies and codes of practice;
— establishes principles for the risk assessment process;
— takes into consideration (or establishes) the risk criteria of the organization;
— defines roles, responsibilities and accountabilities of all relevant stakeholders including their
competence;
— sets out the organization’s policy with respect to off-duty time and personal leave time (both
sometimes referred to as “bleisure”) associated with any travel;
— takes into consideration the multi-traveller policy and accompanying persons when relevant.
The TRM policy should:
— be approved by top management;
— be made available to all appropriate stakeholders;
— be defined and effectively communicated within the organization through information, education
and training;
— be integrated with any broader risk management framework to ensure a consistent approach to
risk management within the organization;
— be periodically reviewed for relevance and consistent application.
In order for an organization to be agile and responsive to organizational needs, the TRM policy should
include an exception process. This should be designed to ensure that any requested exceptions to the
policy requirements are:
— considered in line with the organization’s risk appetite, priorities and other relevant criteria;
— elevated and approved by the relevant stakeholders;
— managed with compensating controls if necessary;
— recorded and reported.
For example, travellers sometimes need to book travel outside the TRM policy for some reason. In these
cases, it’s crucial that they submit a policy exception request.
It is important that the policy exception request, approval or disapproval, and any associated controls
or recommendations, are acknowledged and recorded.
If the organization uses a travel management company to make travel bookings, then the policy, the
policy exception process and any changes to either should be communicated to the travel management
company in a clear and timely manner.
5.3 Roles, responsibilities and accountability
Ultimate accountability for risk resides with top management even where responsibilities have
been delegated to others. The concept of “criminal liability” of to
...


INTERNATIONAL ISO
STANDARD 31030
First edition
2021-09
Travel risk management — Guidance
for organizations
Gestion des risques liés aux voyages — Recommandations pour les
organismes
Reference number
©
ISO 2021
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Understanding the organization and its context. 5
4.1 Operating context . 5
4.1.1 General. 5
4.1.2 Industry/sector specific . 6
4.1.3 Risk profile . 6
4.2 Stakeholders . 6
4.3 Travelling population . 7
4.4 Business objectives, risk appetite and criteria . 8
4.5 Travel risk management and delivery . 8
5 Managing travel risk . 8
5.1 Leadership and commitment . 8
5.2 Policy . 9
5.3 Roles, responsibilities and accountability .10
5.4 Objectives.10
5.5 Planning/establishing the programme .10
5.6 Implementation .11
6 Travel risk assessment .12
6.1 General .12
6.2 Risk identification .14
6.3 Risk analysis .14
6.4 Risk evaluation .15
7 Travel risk treatment .16
7.1 General .16
7.2 Risk avoidance .16
7.2.1 Pre-travel authorizations.16
7.2.2 Restrictions .17
7.3 Risk sharing .17
7.3.1 General.17
7.3.2 General insurance .17
7.3.3 Specialist insurance .18
7.4 Risk reduction .18
7.4.1 Selecting treatment options .18
7.4.2 Competence .19
7.4.3 Information, advice and updates .19
7.4.4 Communication protocols/platforms .19
7.4.5 Accommodation selection . .20
7.4.6 Information security and privacy protection .20
7.4.7 Transportation .21
7.4.8 Journey management .22
7.4.9 Medical and health risk reduction .22
7.4.10 Medical and security support services .24
7.4.11 Incident management planning .24
7.4.12 Incident and emergency contact points .25
7.4.13 Traveller tracking .26
7.4.14 Kidnap and ransom planning .27
7.4.15 Evacuation planning .27
8 Communication and consultation .27
8.1 Programme/strategic communications .27
8.2 Operational/technical communications .28
9 Programme monitoring and review .29
9.1 General .29
9.2 Surveys .30
9.3 Benchmarking.30
9.4 Metrics .30
10 Programme recording and reporting .31
10.1 General .31
10.2 Documentation .31
10.3 Recording and reporting .32
Annex A (informative) Development and implementation of a TRM programme .34
Annex B (informative) Minors travelling without legal guardians .37
Annex C (informative) Travel considerations during global disruption .40
Annex D (informative) Risk treatment restrictions .42
Annex E (informative) Training .43
Annex F (informative) Considerations for accommodation in higher-risk locations .45
Bibliography .48
iv © ISO 2021 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 262, Risk management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
Introduction
This document is intended to assist those managing and participating in organizational travel. The
management of travel risk is a component of any organization’s travel-related activities and should
include interaction with stakeholders.
There are many reasons why people travel for their organization. Travelling has increasingly become
a common feature of people’s jobs or functions. Consequently, organizations need to meet their duty of
care across multiple jurisdictions in different parts of the world.
Travellers, whether international or domestic, can be faced with unfamiliar situations and environments
that have different risk profiles to those of their normal location. Road accidents, disease outbreaks,
epidemics and natural disasters, as well as conflict, crime (including cyber and information), cyber
threats, terrorism and political and socially motivated instability, can threaten the safety, security
(including information security) and health (including mental health) of travellers, and can adversely
affect the outcome of their travel objectives.
NOTE Unless otherwise indicated, any reference to security also includes information security.
Managing risks for travel to a country where the organization has no local base requires more
comprehensive controls than for locations where risk profiles are well known and treatments have
already been established. Timeliness and accuracy of intelligence, analysis and advice, including travel
warnings, are increasingly important in influencing travel decisions.
Travel risk management (TRM) requires that organizations anticipate and assess the potential for
events, develop treatments and communicate anticipated risk exposures to their travellers. Advising
and providing travellers with adequate medical and emergency response guidance, security and
information security precautions, including challenges to travel logistics, can significantly impact the
outcome of disruptive events.
This document provides a means for organizations to demonstrate that travel decisions are based on
the organization’s capacity to treat risk using internal resources or with external assistance. Not all
travel requires the same level of rigour for risk assessment and management. Although this document
provides a comprehensive set of risk treatment options that an organization can consider, application
should be reasoned and proportionate to the risk exposure. This will help the organization and
individual travellers realize the opportunities and benefits for which travel is required.
This document proposes that the organization’s overall appetite and acceptance of risk should not take
precedence, or be used exclusively, in deciding whether travel is appropriate for security, safety or
health reasons.
This document is based on the principles, framework and process of ISO 31000, as illustrated in
Figure 1. Travel-related risk presents a specific context and an organization’s existing risk management
process can be adapted to reflect this. It is also aligned with the core occupational health and safety
management system set out in ISO 45001. As such, elements of this document can assist or inform
organizations developing such management systems, but it is not a management system standard.
This document can be used on a standalone basis or integrated within other risk management
programmes.
vi © ISO 2021 – All rights reserved

Figure 1 — Principles, framework and process
One of the aims of this document is to promote a culture where travel-related risk is taken seriously,
resourced adequately, and managed effectively. And where the benefits to the organization and relevant
stakeholders are recognized. Such benefits include:
— protecting personnel, data, intellectual property and assets;
— reducing legal and financial exposure;
— enabling business in high-risk locations;
— enhancing an organization’s reputation and credibility, which in turn can have a positive effect on
competitiveness, staff turnover and talent acquisition;
— improving worker confidence in health, safety and security arrangements with regard to travel;
— contributing to business continuity capability and organizational resilience;
— demonstrating the organization’s ability to control its travel-related risks effectively and efficiently,
which can also help in lowering its insurance premiums;
— providing assurance to business partners, thus banks and investors will be more willing to finance
its business;
— enabling the organization to meet customers’ expectations in terms of the security and stability of
their supply chain;
— increasing general productivity;
— contributing to meeting the sustainable development goals by strengthening the social dimension
of sustainability.
In this document, the following verbal forms are used:
a) “should” indicates a recommendation;
b) “may” indicates a permission;
c) “can” indicates a possibility or a capability.
Information marked as “NOTE” is intended to assist the understanding or use of the document.
“Notes to entry” used in Clause 3 provide additional information that supplements the terminological
data and can contain provisions relating to the use of a term.
viii © ISO 2021 – All rights reserved

INTERNATIONAL STANDARD ISO 31030:2021(E)
Travel risk management — Guidance for organizations
1 Scope
This document gives guidance to organizations on how to manage the risk(s), to the organization and
its travellers, as a result of undertaking travel.
This document provides a structured approach to the development, implementation, evaluation and
review of:
— policy;
— programme development;
— threat and hazard identification;
— opportunities and strengths;
— risk assessment;
— prevention and mitigation strategies.
This document is applicable to any type of organization, irrespective of sector or size, including but not
limited to:
— commercial organizations;
— charitable and not-for-profit organizations;
— governmental organizations;
— non-governmental organizations;
— educational organizations.
This document does not apply to tourism and leisure-related travel, except in relation to travellers
travelling on behalf of the organization.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 31000, Risk management — Guidelines
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 31000 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
competence
ability to apply knowledge and skills to achieve intended results
Note 1 to entry: This constitutes one of the common terms and core definitions of the harmonized structure for
ISO management system standards.
[SOURCE: ISO 22300:2021, 3.1.42]
3.2
crisis
abnormal or extraordinary event or situation that threatens an organization (3.9) and requires a
strategic, adaptive and timely response in order to preserve its viability and integrity
Note 1 to entry: The event can include a high degree of uncertainty.
Note 2 to entry: The event can exceed the response capacity or capability of the organization.
Note 3 to entry: Given the nature of a crisis, it is possible that there will not be an adequate or appropriate plan to
deal with the event, such that a flexible and dynamic approach is needed.
3.3
crisis management team
group of individuals functionally responsible for the direction and implementation of the organization’s
(3.9) crisis (3.2) management capabilities
3.4
duty of care
moral responsibility or legal requirement of an organization (3.9) to protect the traveller (3.21) from
hazards (3.5) and threats (3.17)
Note 1 to entry: The legal aspect of duty of care can arise from, among others, negligence, contract and statute.
Note 2 to entry: Legal requirements and how they arise, including insurance coverage, can differ between
jurisdictions.
Note 3 to entry: Legal requirements can be qualified in scope (e.g. it is possible they will not be absolute).
Note 4 to entry: Organizations should seek advice from a competent legal adviser to ascertain the scope and
nature of their duty of care relating to the context of this document.
3.5
hazard
source of potential harm
1)
[SOURCE: ISO 31073:— , 3.7.5, modified — Note 1 to entry has been deleted.]
3.6
incident
adverse event that can be, or can lead to, a disruption, loss, emergency or crisis (3.2)
Note 1 to entry: An incident can negatively impact a traveller’s (3.21) health, safety and security.
Note 2 to entry: An incident can negatively impact the organization (3.9), e.g. by reputational damage, financial
loss.
Note 3 to entry: An incident can negatively impact organizational resilience.
1) Under preparation. Stage at the time of publication: ISO/DIS 31073:2021.
2 © ISO 2021 – All rights reserved

3.7
incident management team
group of individuals functionally responsible for planning for the likelihood and management of an
incident (3.6)
Note 1 to entry: Responsibilities of the incident management team can include liaison with external organizations
(3.9), stakeholders (3.15) and families.
3.8
off-duty time
time when travellers (3.21) are not engaged in work activities but remain under the general supervisory
responsibility of the organization (3.9)
Note 1 to entry: This can include a weekend depending on the trip duration.
3.9
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation,
firm, enterprise, authority, partnership, association, charity or institution, or part or combination thereof,
whether incorporated or not, public or private.
[SOURCE: ISO 31022:2020, 3.4, modified — Note 1 to entry has been modified.]
3.10
personal leave time
period of time, occurring before, after or within the scheduled duration of the work activity or project,
that falls outside the supervisory responsibility of the organization (3.9)
3.11
provider
organization (3.9) providing services or products, or both, to the organization in accordance with
agreed specifications, terms and conditions
3.12
risk
effect of uncertainty on objectives
Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address,
create or result in opportunities and threats (3.17).
Note 2 to entry: Objectives can have different aspects and categories and can be applied at different levels.
Note 3 to entry: Risk is usually expressed in terms of risk sources, potential events, their consequences and their
likelihood.
[SOURCE: ISO 31000:2018, 3.1]
3.13
risk assessment
overall process of risk identification, risk analysis and risk evaluation
[SOURCE: ISO 31073:—, 3.6.1]
3.14
risk treatment
process to modify risk (3.12)
Note 1 to entry: Risk treatment can involve:
— avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
— taking or increasing risk in order to pursue an opportunity;
— removing the risk source;
— changing the likelihood;
— changing the consequences;
— sharing the risk with another party or parties (including contracts and risk financing);
— retaining the risk by informed decision.
Note 2 to entry: Risk treatments that deal with negative consequences are sometimes referred to as “risk
mitigation”, “risk elimination”, “risk prevention” and “risk reduction”.
Note 3 to entry: Risk treatment can create new risks or modify existing risks.
[SOURCE: ISO 31073:—, 3.10.1]
3.15
stakeholder
person or organization (3.9) that can affect, be affected by, or perceive themselves to be affected by a
decision or activity
Note 1 to entry: The term “interested party” can be used as an alternative to “stakeholder”.
[SOURCE: ISO 31000:2018, 3.3]
3.16
student
individual on placement, internship, apprenticeship or otherwise, under the control of an employing
organization (3.9) as part of a training programme, or enrolled in a school or other educational
institution
Note 1 to entry: As students can be under the age of legal responsibility, it is possible they will not be able to
make legal decisions themselves.
3.17
threat
potential source of danger, harm or other undesirable outcome
[SOURCE: ISO 31073:—, 3.7.7, modified —Notes 1 and 2 to entry have been deleted.]
3.18
travel
movement of a person(s), on behalf of an organization (3.9), which comes within the scope of the
organization’s duty of care (3.4)
Note 1 to entry: The movement can be either domestic or international.
3.19
travel risk
effect of uncertainty on objectives due to travel (3.18)
3.20
travel risk management
TRM
coordinated activities to direct and control an organization (3.9) with regard to travel risk (3.19)
3.21
traveller
person(s) undertaking travel (3.18)
4 © ISO 2021 – All rights reserved

3.22
worker
person performing work or work-related activities that are under the direct or indirect control of the
organization (3.9)
Note 1 to entry: Persons perform work or work-related activities under various arrangements, paid or unpaid,
such as regularly or temporarily, intermittently or seasonally, casually or on a part-time basis.
Note 2 to entry: Workers include top management, managerial and non-managerial persons.
Note 3 to entry: The work or work-related activities performed under the control of the organization may be
performed by workers employed by the organization, workers of external providers (3.11) (contractors, sub-
providers), individuals, agency workers, and by other persons to the extent the organization shares control over
their work or work-related activities, according to the context of the organization.
[SOURCE: ISO 45001:2018, 3.3, modified — “direct or indirect” has been added to the definition and
“sub-providers” has been added to Note 3 to entry.]
4 Understanding the organization and its context
4.1 Operating context
4.1.1 General
It is important that an organization has a clear understanding of the factors that can affect or influence
its TRM programme objectives, including the external and internal context in which it operates.
The external context can include, but is not limited to:
a) political, socio-economic, cultural, religious/ethical, legal or regulatory factors, whether
international, national, regional or local;
b) political violence (including terrorism, insurgency, politically motivated unrest and war);
c) social unrest (including sectarian, communal and ethnic violence);
d) violent and petty crime;
e) the quality, availability and reliability of the modes of transport;
f) the quality, availability and reliability of telecommunications;
g) the state of industrial relations;
h) the effectiveness of public and private security and emergency services;
i) the responsibilities of other parties (e.g. clients) for the organization’s travellers;
j) natural or geological factors;
k) susceptibility to natural disasters;
l) potential health hazards, including epidemics and pandemics;
m) the quality of local health infrastructure and medical care;
n) information/cyber security;
o) the quality of hotel/accommodation;
p) ground/road conditions.
The internal context can include, but is not limited to, the organization’s:
— vision, mission, values and culture;
— governance, structure, roles responsibilities and accountabilities;
— strategy, objectives and policies;
— plans, standards, guidelines, regulations and instructions;
— risk management strategy and risk criteria;
— range and type of travel activities;
— capabilities, including traveller competences and profiles;
— resources, techniques and tools needed to manage organizational travel risk;
— data, information systems and information flows.
4.1.2 Industry/sector specific
The industry/sector in which an organization operates is another factor which can affect the risks faced
by travellers. An organization should be aware of the relevant legislation, regulatory requirements,
codes of practice, etc. which are relevant to their industry/sector in their country of origin and in other
countries in which they operate. It should also take account of its duty of care, business resilience
policies and arrangements and sustainability objectives, which can all have a positive effect on risk
treatment considerations.
Organizations need to proactively monitor and review their identified, evolving and emerging risks.
Their impact on the organization’s TRM should be considered and any changes recorded and acted
upon.
4.1.3 Risk profile
An organization should have a clear understanding of its risk profile and the dynamic TRM landscape
in which it operates or plans to operate. To do this, an organization should review TRM objectives in
relation to:
— context of the organization;
— the operational sector of the organization;
— specific operations or assignments, or both;
— destinations;
— individual traveller profiles and objectives.
A risk profile can incorporate different risks which can be interdependent.
The risk profile for travel should be reviewed regularly and after any significant change in the internal
and external operational context. Results should be made known through internal and external
communications.
4.2 Stakeholders
The organization should determine the internal and external stakeholders that are relevant to TRM
(see Table 1).
6 © ISO 2021 – All rights reserved

Depending on the size of the organization and its organizational travel needs, the TRM function can
be combined with other functions. Certain functions can also be supported by specialist third-party
providers.
Table 1 — Example of internal and external stakeholders
Internal stakeholders (including those for functions) External stakeholders
— health and safety/environment, — marketing and — insurance providers
health and safety/occupational communications
— travel management
health and safety
— board of directors companies
— corporate security/information
— procurement and sourcing — TRM companies
security
— compliance — appropriate government
— data privacy
agencies
— operations
— business continuity
— regulators and emergency
— workers/students
— crisis management services
— insurance
— incident management — providers and sub-
providers
— finance
— corporate social responsibility/
sustainability — clients
— audit
— global travel/corporate travel — travellers’ designated
— legal
emergency contact
— human resources/internal mobility/
— unions/workers council
training — travellers’ dependants
— travel and mobility
— regional management — local partners or
communities
— medical
— risk management
— security
4.3 Travelling population
Attention needs to be given to the traveller’s profile in relation to destinations because factors such as
race, competencies, nationality, cultural identity, gender, sexual orientation, religion, age, occupation,
position, disability or medical history can all affect the risks associated with the travel. The risks can
extend beyond safety and security and can also include medical and other needs.
An organization can have several different types of traveller, or group of travellers, all with varying duty
of care requirements. The TRM team should liaise closely with the organization’s human resources or
legal department to develop a full understanding of the different types of travellers. These can include,
among others:
— direct workers;
— other workers in the organization and its supply chain;
— interns and guests of the organization;
— families (and others that rely on the traveller for support, e.g. financial support) travelling with the
primary traveller;
— students/pupils of universities/schools.
The pattern of travel should also be considered, for example:
— distinguishing short-term and long-term travellers (including expatriates);
— nationally based, remote workers;
— workers on rotation.
4.4 Business objectives, risk appetite and criteria
An organization should balance its business objectives and opportunities with the steps necessary
to manage the risks and threats it encounters. Risk treatment options should be proportionate to the
level of risk foreseen or expected. An organization should consider the level of risk it is prepared to
accept to meet its business objectives and take advantage of any opportunities, while putting in place
appropriate measures to manage the risk effectively and efficiently. There can be occasions where the
level of risk is unacceptable and the travel should not take place.
The organization’s travel risk criteria should be recorded in the TRM policy.
4.5 Travel risk management and delivery
The nature and scale of an organization’s travel risk will inform how the risk is managed and delivered.
The risk profile of an organization with occasional travel to low-risk locations is very different to one
operating frequently in high-risk locations.
The risk profile will also inform the extent to which the organization can manage the risks using its
own resources or will need to rely on support from third-party providers to assist or deliver necessary
functions. This will be an important factor to address when developing and implementing a TRM policy
and programme. Due consideration should be given to providing a cost–benefit analysis to aid the
decision-making process. Further guidance on cost–benefit analysis can be found in IEC 31010.
5 Managing travel risk
5.1 Leadership and commitment
Top management should take and demonstrate ownership of the organization’s travel risks and provide
evidence of its commitment and support in their effective management by:
— taking accountability for the effectiveness of the TRM process;
— ensuring that the TRM policy and TRM objectives are established and are compatible with the
strategic direction of the organization;
— ensuring the integration of TRM into the organization’s business processes;
— ensuring that the resources needed for the TRM programme are available;
— communicating the importance of effective TRM and of conforming to the TRM process and its legal
responsibilities;
— ensuring that the TRM programme achieves its intended outcome(s);
— directing and supporting persons to contribute to the effectiveness of the TRM programme;
— supporting other relevant management roles to demonstrate their leadership as it applies to their
areas of responsibility;
— conducting, at planned intervals, management reviews of the TRM programme;
— promoting improvement.
An organization should provide instructions and adequate resources for the development and
implementation of a travel risk programme.
8 © ISO 2021 – All rights reserved

5.2 Policy
The TRM policy should be a high-level document that indicates the organization’s TRM strategy, which
is part of its broader risk management strategy. This policy should be fully aligned with the intentions
and direction of the organization, as formally expressed by its top management.
Top management should establish a TRM policy that:
— defines the overall principles, intention and direction to achieve objectives;
— is appropriate for the needs and resources of the organization;
— becomes an integral part of the organization’s management policy;
— is aligned with the organization’s risk management, business continuity, travel procurement and
sustainability policies;
— refers to relevant legislation, standards, policies and codes of practice;
— establishes principles for the risk assessment process;
— takes into consideration (or establishes) the risk criteria of the organization;
— defines roles, responsibilities and accountabilities of all relevant stakeholders including their
competence;
— sets out the organization’s policy with respect to off-duty time and personal leave time (both
sometimes referred to as “bleisure”) associated with any travel;
— takes into consideration the multi-traveller policy and accompanying persons when relevant.
The TRM policy should:
— be approved by top management;
— be made available to all appropriate stakeholders;
— be defined and effectively communicated within the organization through information, education
and training;
— be integrated with any broader risk management framework to ensure a consistent approach to
risk management within the organization;
— be periodically reviewed for relevance and consistent application.
In order for an organization to be agile and responsive to organizational needs, the TRM policy should
include an exception process. This should be designed to ensure that any requested exceptions to the
policy requirements are:
— considered in line with the organization’s risk appetite, priorities and other relevant criteria;
— elevated and approved by the relevant stakeholders;
— managed with compensating controls if necessary;
— recorded and reported.
For example, travellers sometimes need to book travel outside the TRM policy for some reason. In these
cases, it’s crucial that they submit a policy exception request.
It is important that the policy exception request, approval or disapproval, and any associated controls
or recommendations, are acknowledged and recorded.
If the organization uses a travel management company to make travel bookings, then the policy, the
policy exception process and any changes to either should be communicated to the travel management
company in a clear and timely manner.
5.3 Roles, responsibilities and accountability
Ultimate accountability for risk resides with top management even where responsibilities have
been delegated to others. The concept of “criminal liability” of top management can exist in certain
jurisdictions. If delegation of authority is in place, it should be documented in writing.
The TRM function should be managed by a person or team with the necessary competence. This can be
either in a dedicated role or with additional responsibilities.
The TRM policy should set out the responsibilities of the various internal and external stakeholders
that have a role in delivery of both routine operations and non-routine situations, such as during an
incident.
Subclause 4.2 provides a list of internal stakeholder functions that can have a role.
The responsibilities of travellers to cooperate and act in compliance with the organization’s TRM policy
and procedures should also be set out. This is sometimes referred to as “duty of loyalty”.
The responsibilities outlined in the policy can be developed in more detail in the TRM programme.
5.4 Objectives
The principle objective of the TRM policy should be to ensure that travellers can perform duties
optimally, in an environment which is as safe and secure as is reasonably possible, and to have
procedures in p
...


NORME ISO
INTERNATIONALE 31030
Première édition
2021-09
Gestion des risques liés aux
voyages — Recommandations pour les
organismes
Travel risk management — Guidance for organizations
Numéro de référence
©
ISO 2021
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2021
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii © ISO 2021 – Tous droits réservés

Sommaire Page
Avant-propos .v
Introduction .vi
1 Domaine d’application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Compréhension de l’organisme et de son contexte . 5
4.1 Contexte opérationnel . 5
4.1.1 Généralités . 5
4.1.2 Contexte spécifique à une industrie/un secteur d’activité . 6
4.1.3 Profil de risque . 6
4.2 Parties prenantes . 7
4.3 Population de voyageurs . 7
4.4 Objectifs commerciaux, appétence au risque et critères de risques. 8
4.5 Gestion des risques liés aux voyages et mise en œuvre . 8
5 Gestion des risques liés aux voyages . 9
5.1 Leadership et engagement. 9
5.2 Politique . 9
5.3 Rôles et responsabilités . .10
5.4 Objectifs .11
5.5 Planification/élaboration du programme .11
5.6 Mise en œuvre.12
6 Appréciation des risques liés aux voyages .13
6.1 Généralités .13
6.2 Identification des risques .15
6.3 Analyse du risque .16
6.4 Évaluation du risque .16
7 Traitement des risques liés aux voyages .17
7.1 Généralités .17
7.2 Évitement des risques.18
7.2.1 Autorisations préalables aux voyages .18
7.2.2 Restrictions .18
7.3 Partage du risque .19
7.3.1 Généralités .19
7.3.2 Assurance générale .19
7.3.3 Assurance spécialisée .19
7.4 Réduction du risque .20
7.4.1 Choix des options de traitement .20
7.4.2 Compétence .20
7.4.3 Informations, conseils et mises à jour .21
7.4.4 Protocoles/plates-formes de communication .21
7.4.5 Choix de l’hébergement .22
7.4.6 Sécurité de l’information et protection de la vie privée .22
7.4.7 Transport .23
7.4.8 Gestion du déplacement .24
7.4.9 Réduction des risques médicaux et sanitaires .24
7.4.10 Services d’assistance médicale et à la sûreté .26
7.4.11 Planification de la gestion des incidents .27
7.4.12 Points de contact pour les incidents et les urgences .28
7.4.13 Suivi des voyageurs .28
7.4.14 Préparation à la gestion des enlèvements et des rançons .29
7.4.15 Planification de l’évacuation .30
8 Communication et consultation .30
8.1 Communication du programme et de la stratégie .30
8.2 Communications opérationnelles/techniques .31
9 Surveillance et revue du programme .32
9.1 Généralités .32
9.2 Sondages .33
9.3 Analyse comparative .33
9.4 Mesures .34
10 Enregistrement du programme et élaboration de rapports .34
10.1 Généralités .34
10.2 Documentation .34
10.3 Enregistrement et élaboration de rapports .35
Annexe A (informative) Élaboration et mise en œuvre d’un programme de gestion des
risques liés aux voyages .37
Annexe B (informative) Mineurs voyageant sans tuteur légal .41
Annexe C (informative) Considérations relatives aux voyages en cas de perturbation mondiale .44
Annexe D (informative) Restrictions en matière de traitement du risque .46
Annexe E (informative) Formation .47
Annexe F (informative) Considérations relatives aux hébergements situés dans des lieux à
haut risque .49
Bibliographie .52
iv © ISO 2021 – Tous droits réservés

Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes
nationaux de normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est
en général confiée aux comités techniques de l'ISO. Chaque comité membre intéressé par une étude
a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,
gouvernementales et non gouvernementales, en liaison avec l'ISO participent également aux travaux.
L'ISO collabore étroitement avec la Commission électrotechnique internationale (IEC) en ce qui
concerne la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier, de prendre note des différents
critères d'approbation requis pour les différents types de documents ISO. Le présent document a été
rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir www
.iso .org/ directives).
L'attention est attirée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable
de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant
les références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de
l'élaboration du document sont indiqués dans l'Introduction et/ou dans la liste des déclarations de
brevets reçues par l'ISO (voir www .iso .org/ brevets).
Les appellations commerciales éventuellement mentionnées dans le présent document sont données
pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un
engagement.
Pour une explication de la nature volontaire des normes, la signification des termes et expressions
spécifiques de l'ISO liés à l'évaluation de la conformité, ou pour toute information au sujet de l'adhésion
de l'ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles
techniques au commerce (OTC), voir www .iso .org/ avant -propos.
Le présent document a été élaboré par le Comité technique ISO/TC 262, Management du risque.
Il convient que l’utilisateur adresse tout retour d’information ou toute question concernant le présent
document à l’organisme national de normalisation de son pays. Une liste exhaustive desdits organismes
se trouve à l’adresse www .iso .org/ fr/ members .html.
Introduction
Le présent document est destiné à aider les personnes qui gèrent et participent à des voyages d’affaires.
La gestion des risques liés aux voyages est une composante des activités de voyage de tout organisme et
il convient d’y inclure l’interaction avec les parties prenantes.
Les raisons de voyager pour le compte d’un organisme sont nombreuses. Les voyages sont de plus en plus
fréquents dans le cadre de l’exercice d’un emploi ou d’une fonction. Par conséquent, il est nécessaire que
les organismes s’acquittent de leur devoir de protection sous de multiples juridictions dans différentes
parties du monde.
Les voyageurs, qu’ils soient internationaux ou nationaux, peuvent être confrontés à des situations et
à des environnements qu’ils ne connaissent pas et qui présentent des profils de risque différents de
ceux de leur lieu de résidence habituel. Les accidents de la route, les épidémies et les catastrophes
naturelles, ainsi que les conflits, la criminalité (y compris la cybercriminalité et le vol d’information), les
cybermenaces, le terrorisme et l’instabilité politique et sociale peuvent menacer la sécurité, la sûreté (y
compris la sécurité de l’information) et la santé (y compris la santé mentale) des voyageurs, et peuvent
avoir des conséquences négatives sur les objectifs de leurs missions.
NOTE Sauf indication contraire, toute référence à la sûreté inclut également la sécurité de l’information.
La gestion des risques liés aux voyages dans un pays où l’organisme n’a pas de bureau local nécessite
des moyens de maîtrise du risque plus complets que pour les lieux dont les profils de risque sont bien
connus et où des mesures de traitement ont déjà été prises. L’actualisation permanente et l’exactitude
des renseignements, des analyses et des conseils, y compris les avertissements aux voyageurs, jouent
un rôle de plus en plus important dans les décisions de voyage.
La gestion des risques liés aux voyages exige que les organismes anticipent et évaluent les probabilités
que des événements se produisent, élaborent des mesures de traitement et communiquent à leurs
voyageurs leur exposition anticipée aux risques. Le fait de conseiller les voyageurs et de leur fournir
des recommandations adéquates en matière de soins médicaux, d’intervention d’urgence ainsi que des
consignes en matière de sûreté et de sécurité de l’information, y compris les défis liés à la logistique des
voyages, peut avoir une incidence importante sur l’impact potentiel d’événements perturbateurs.
Le présent document fournit aux organismes un moyen de démontrer que les décisions de voyage sont
fondées sur la capacité de l’organisme à traiter le risque en utilisant des ressources internes ou avec
une aide externe. Tous les voyages ne justifient pas le même degré de rigueur dans l’appréciation et
le management du risque. Bien que le présent document fournisse un ensemble complet d’options de
traitement du risque pouvant être envisagées par un organisme, il convient que son application soit
raisonnée et proportionnée à l’exposition au risque. Cela a vocation à aider l’organisme et chaque
voyageur à saisir les opportunités et les avantages pour lesquels le voyage est requis.
Le présent document dispose qu’il convient que l’appétence générale de l’organisme au risque et son
acceptation du risque ne priment pas, ou ne soient pas utilisées exclusivement, pour décider si un
voyage est approprié pour des raisons de sûreté, de sécurité ou de santé.
Le présent document est basé sur les principes, le cadre organisationnel et le processus de l’ISO 31000,
comme illustré à la Figure 1. Le risque lié aux voyages présente un contexte spécifique et il peut être
nécessaire d’adapter le processus de management du risque existant d’un organisme pour en tenir
compte. Il est également aligné sur le système central de management de la santé et de la sécurité au
travail défini dans l’ISO 45001. À ce titre, certains éléments du présent document peuvent aider ou
éclairer les organismes qui élaborent de tels systèmes de management, mais il ne s’agit pas d’une norme
de système de management.
Le présent document peut être utilisé de manière autonome ou intégré dans d’autres programmes de
gestion des risques.
vi © ISO 2021 – Tous droits réservés

Figure 1 — Principes, cadre organisationnel et processus
L’un des objectifs du présent document est de promouvoir une culture où le risque lié aux voyages est
pris au sérieux, mobilise suffisamment de ressources et est géré de manière efficace, et où les avantages
pour l’organisme et les parties prenantes concernées sont reconnus. Ces avantages comprennent:
— protéger le personnel, les données, la propriété intellectuelle et les biens;
— réduire les impacts financiers et juridiques de l’exposition au risque;
— permettre de traiter des affaires dans des lieux à haut risque;
— améliorer la réputation et la crédibilité d’un organisme, ce qui peut avoir un effet positif sur la
compétitivité, la rotation du personnel et l’acquisition de talents;
— améliorer la confiance des travailleurs dans les dispositions en matière de santé, de sécurité et de
sûreté relatives aux voyages;
— contribuer à la capacité de continuité d’activité et à la résilience de l’organisme;
— démontrer la capacité de l’organisme à maîtriser ses risques liés aux voyages de manière efficace et
efficiente, ce qui peut également contribuer à réduire ses primes d’assurance;
— rassurer ses partenaires commerciaux, de sorte que les banques et les investisseurs soient plus
disposés à financer ses activités;
— permettre à l’organisme de répondre aux attentes de ses clients en termes de sûreté et de stabilité
de leur chaîne d’approvisionnement;
— augmenter la productivité générale;
— contribuer à l’atteinte des objectifs de développement durable en renforçant la dimension sociale du
développement durable.
Dans le présent document, les formes verbales suivantes sont utilisées:
a) «il convient de/que» indique une recommandation;
b) «peut/il est admis/permis» (« may » en anglais) indique une permission;
c) «peut/il est possible» (« can » en anglais) indique une possibilité ou une capacité.
Les informations sous forme de «NOTE» sont destinées à faciliter la compréhension ou l’utilisation du
document.
Les «Notes à l’article» utilisées à l’Article 3 fournissent des informations supplémentaires qui viennent
compléter les données terminologiques et peuvent contenir des précisions concernant l’usage d’un
terme.
viii © ISO 2021 – Tous droits réservés

NORME INTERNATIONALE ISO 31030:2021(F)
Gestion des risques liés aux voyages — Recommandations
pour les organismes
1 Domaine d’application
Le présent document fournit des recommandations aux organismes sur la manière de gérer le ou les
risques, pour l’organisme et ses voyageurs, lorsqu’ils effectuent un voyage.
Le présent document fournit une approche structurée pour l’élaboration, la mise en œuvre, l’évaluation
et le contrôle des éléments suivants:
— la politique;
— l’élaboration de programmes;
— l’identification des menaces et des dangers;
— les opportunités et les points forts;
— l’appréciation du risque;
— les stratégies de prévention et d’atténuation.
Le présent document s’applique à tout type d’organisme, quel que soit son secteur d’activité ou sa taille,
y compris, sans s’y limiter:
— les organismes commerciaux;
— les organismes caritatifs et à but non lucratif;
— les organismes publics;
— les organisations non gouvernementales;
— les organismes éducatifs.
Le présent document ne s’applique pas aux voyages à but touristique et de loisirs, sauf en ce qui concerne
les voyageurs qui voyagent pour le compte de leur organisme.
2 Références normatives
Les documents suivants sont cités dans le texte de sorte qu’ils constituent, pour tout ou partie de leur
contenu, des exigences du présent document. Pour les références datées, seule l’édition citée s’applique.
Pour les références non datées, la dernière édition du document de référence s'applique (y compris les
éventuels amendements).
ISO 31000, Management du risque — Lignes directrices
3 Termes et définitions
Pour les besoins du présent document, les termes et les définitions de l’ISO 31000 ainsi que les suivants
s’appliquent.
L’ISO et l’IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en
normalisation, consultables aux adresses suivantes:
— ISO Online browsing platform: disponible à l’adresse https:// www .iso .org/ obp
— IEC Electropedia: disponible à l’adresse http:// www .electropedia .org/
3.1
compétence
aptitude à mettre en pratique des connaissances et des savoir-faire pour obtenir les résultats escomptés
Note 1 à l'article: Il s’agit de l’un des termes communs et définitions de base de la structure harmonisée des
normes de systèmes de management de l’ISO.
[SOURCE: ISO 22300:2021, 3.1.42]
3.2
crise
événement ou situation anormale ou extraordinaire qui menace un organisme (3.9) et nécessite une
réponse stratégique, adaptative et rapide afin de préserver sa viabilité et son intégrité
Note 1 à l'article: L’événement peut comporter un degré élevé d’incertitude.
Note 2 à l'article: L’événement peut dépasser la capacité de réponse ou les capacités générales de l’organisme.
Note 3 à l'article: Étant donné la nature d’une crise, il est possible qu’il n’existe pas de plan adéquat ou approprié
permettant de faire face à l’événement, de sorte qu’une approche souple et dynamique est nécessaire.
3.3
équipe de gestion de crise
groupe de personnes responsables de par leurs fonctions de l’orientation et de la mise en œuvre des
capacités de gestion de crise (3.2) de l’organisme (3.9)
3.4
devoir de protection
responsabilité morale ou exigence légale d’un organisme (3.9) de protéger le voyageur (3.21) contre les
dangers (3.5) et les menaces (3.17)
Note 1 à l'article: L’aspect juridique du devoir de protection peut découler, entre autres, d’une négligence, d’un
contrat et d’une loi.
Note 2 à l'article: Les exigences légales et la manière dont elles se présentent, y compris la couverture d’assurance,
peuvent varier d’une juridiction à l’autre.
Note 3 à l'article: Les exigences légales peuvent être assorties de réserves quant à leur portée (par exemple, elles
peuvent ne pas être absolues).
Note 4 à l'article: Il convient que les organismes demandent l’avis d’un conseiller juridique compétent pour
déterminer la portée et la nature de leur devoir de protection dans le contexte du présent document.
3.5
danger
source de dommage potentiel
1)
[SOURCE: ISO 31073:— , 3.7.5, modifié — La Note 1 à l’article a été supprimée.]
1) En préparation. Stade au moment de la publication : ISO/DIS 31073:2021.
2 © ISO 2021 – Tous droits réservés

3.6
incident
événement indésirable qui peut constituer ou conduire à une perturbation, une perte, une urgence ou
une crise (3.2)
Note 1 à l'article: Un incident peut avoir un impact négatif sur la santé, la sécurité et la sûreté d’un voyageur
(3.21).
Note 2 à l'article: Un incident peut avoir un impact négatif sur l’organisme (3.9), par exemple une perte de
réputation ou une perte financière.
Note 3 à l'article: Un incident peut avoir un impact négatif sur la résilience de l’organisme.
3.7
équipe de gestion des incidents
groupe de personnes responsables de par leurs fonctions de planifier la vraisemblance et la gestion
d’un incident (3.6)
Note 1 à l'article: Les responsabilités de l’équipe de gestion des incidents peuvent inclure la liaison avec les
organismes (3.9) externes, les parties prenantes (3.15) et les familles.
3.8
temps libre
temps pendant lequel les voyageurs (3.21) n’exercent pas d’activités professionnelles mais restent sous
la responsabilité générale de l’organisme (3.9)
Note 1 à l'article: Cela peut inclure un week-end selon la durée du voyage.
3.9
organisme
personne ou groupe de personnes ayant des fonctions définies avec les responsabilités, l’autorité et les
relations lui permettant d’atteindre ses objectifs
Note 1 à l'article: Le concept d’organisme englobe sans s’y limiter, les travailleurs indépendants, les compagnies,
les sociétés, les firmes, les entreprises, les administrations, les partenariats, les associations, les organisations
caritatives ou les institutions, ou bien une partie ou une association des entités précédentes, ayant soit un statut
de société commerciale soit un autre statut, de droit public ou privé.
[SOURCE: ISO 31022:2020, 3.4, modifié — La Note 1 à l’article a été modifiée.]
3.10
temps de congé personnel
période survenant avant, après ou pendant la durée prévue de l’activité professionnelle ou du projet, ne
relevant pas de la responsabilité de l’organisme (3.9)
3.11
prestataire
organisme (3.9) fournissant des services ou des produits, ou les deux, à l’organisme conformément à des
spécifications, termes et conditions convenus
3.12
risque
effet de l’incertitude sur les objectifs
Note 1 à l'article: Un effet est un écart par rapport à un attendu. Il peut être positif, négatif ou les deux à la fois, et
traiter, créer ou entraîner des opportunités et des menaces (3.17).
Note 2 à l'article: Les objectifs peuvent avoir différents aspects, être de catégories différentes, et peuvent
concerner différents niveaux.
Note 3 à l'article: Un risque est généralement exprimé en termes de sources de risque, événements potentiels
avec leurs conséquences et leur vraisemblance.
[SOURCE: ISO 31000:2018, 3.1]
3.13
appréciation du risque
ensemble du processus d’identification des risques, d’analyse du risque et d’évaluation du risque
[SOURCE: ISO 31073:—, 3.6.1]
3.14
traitement du risque
processus destiné à modifier un risque (3.12)
Note 1 à l'article: Le traitement du risque peut inclure:
— un évitement du risque en décidant de ne pas démarrer ou poursuivre l’activité porteuse du risque;
— la prise ou l’augmentation d’un risque afin de saisir une opportunité ;
— l’élimination de la source de risque;
— une modification de la vraisemblance;
— une modification des conséquences;
— un partage du risque avec une ou plusieurs autres parties (incluant des contrats et un financement du risque);
— une rétention du risque fondée sur une décision argumentée.
Note 2 à l'article: Les traitements du risque portant sur les conséquences négatives sont parfois appelés
«atténuation du risque», «élimination du risque», «prévention du risque» et «réduction du risque».
Note 3 à l'article: Le traitement du risque peut créer de nouveaux risques ou modifier des risques existants.
[SOURCE: ISO 31073:—, 3.10.1]
3.15
partie prenante
personne ou organisme (3.9) susceptible d’affecter, d’être affecté ou de se sentir affecté par une décision
ou une activité
Note 1 à l'article: Le terme «partie intéressée» peut être utilisé comme alternative à «partie prenante».
[SOURCE: ISO 31000:2018, 3.3]
3.16
étudiant
personne en stage, en apprentissage ou sous le contrôle d’un organisme (3.9) employeur dans le cadre
d’un programme de formation, ou inscrite dans une école ou un autre établissement d’enseignement
Note 1 à l'article: Les étudiants pouvant être en dessous de l’âge de la responsabilité légale, il est possible qu’ils
ne soient pas en mesure de prendre eux-mêmes des décisions juridiques.
3.17
menace
source potentielle de danger, de dommage ou d’un autre résultat indésirable
[SOURCE: ISO 31073:—, 3.7.7, modifié — Les Notes 1 et 2 à l’article ont été supprimées.]
3.18
voyage
déplacement d’une ou de plusieurs personnes, pour le compte d’un organisme (3.9), qui relève du devoir
de protection (3.4) de l’organisme
Note 1 à l'article: Le déplacement peut être national ou international.
4 © ISO 2021 – Tous droits réservés

3.19
risque lié aux voyages
effet de l’incertitude sur les objectifs dû aux voyages (3.18)
3.20
gestion des risques liés aux voyages
activités coordonnées ayant pour but de diriger et piloter un organisme (3.9) au regard du risque lié aux
voyages (3.19)
3.21
voyageur
personne(s) effectuant un voyage (3.18)
3.22
travailleur
personne effectuant un travail ou exerçant des activités en relation avec le travail qui sont sous le
contrôle direct ou indirect de l’organisme (3.9)
Note 1 à l'article: Les personnes effectuent un travail ou exercent des activités en relation avec le travail dans
diverses configurations, avec ou sans rémunération, par exemple de façon régulière ou temporaire, intermittente
ou saisonnière, ponctuelle ou à temps partiel.
Note 2 à l'article: Les travailleurs incluent la direction et le personnel d’encadrement ou non.
Note 3 à l'article: Le travail ou les activités en relation avec le travail exercés sous le contrôle de l’organisme
peuvent l’être par des travailleurs employés par l’organisme, des travailleurs de prestataires (3.11) extérieurs
(intervenants extérieurs, sous-traitants), des particuliers, des travailleurs intérimaires, et par d’autres personnes
dans la mesure où l’organisme exerce un contrôle conjoint sur leur travail ou leurs activités en relation avec le
travail, et ce, en fonction du contexte de l’organisme.
[SOURCE: ISO 45001:2018, 3.3, modifié — Les mots «direct ou indirect» ont été ajoutés dans la définition
et «sous-traitants» a été ajouté dans la Note 3 à l’article.]
4 Compréhension de l’organisme et de son contexte
4.1 Contexte opérationnel
4.1.1 Généralités
Il est important qu’un organisme comprenne clairement les facteurs qui peuvent avoir une incidence ou
une influence sur les objectifs de son programme de gestion des risques liés aux voyages, y compris le
contexte externe et interne dans lequel il exerce ses activités.
Le contexte externe peut inclure, entre autres:
a) les facteurs politiques, socio-économiques, culturels, religieux/éthiques, légaux ou réglementaires,
au niveau international, national, régional ou local;
b) la violence politique (y compris le terrorisme, l’insurrection, les troubles et les conflits armés à
caractère politique);
c) les troubles sociaux (y compris la violence sectaire, communautaire et ethnique);
d) les crimes violents et la petite délinquance;
e) la qualité, la disponibilité et la fiabilité des moyens de transport;
f) la qualité, la disponibilité et la fiabilité des télécommunications;
g) l’état des relations industrielles;
h) l’efficacité des services de sécurité et de secours publics et privés;
i) les responsabilités des autres parties (par exemple, les clients) à l’égard des voyageurs de
l’organisme;
j) les facteurs naturels ou géologiques;
k) la prédisposition aux catastrophes naturelles;
l) les dangers sanitaires potentiels, y compris les épidémies et les pandémies;
m) la qualité des infrastructures sanitaires et des soins médicaux locaux;
n) la sécurité de l’information/cybersécurité;
o) la qualité de l’hôtellerie/hébergement;
p) l’état des sols/des routes.
Le contexte interne peut comprendre, entre autres:
— la vision, la mission, les valeurs et la culture de l’organisme;
— la gouvernance, la structure, les rôles, les responsabilités et les obligations de rendre compte de
l’organisme;
— la stratégie, les objectifs et les politiques de l’organisme;
— les plans, les normes, les lignes directrices, les règlements et les instructions de l’organisme;
— la stratégie de gestion du risque et les critères de risque de l’organisme;
— la gamme et le type des activités de voyage de l’organisme;
— les capacités de l’organisme, y compris les compétences et les profils des voyageurs;
— les ressources, techniques et outils de l’organisme nécessaires à la gestion des risques liés aux
voyages;
— les données, les systèmes d’information et les flux d’informations de l’organisme.
4.1.2 Contexte spécifique à une industrie/un secteur d’activité
L’industrie/le secteur d’activité dans laquelle/lequel un organisme opère est un autre facteur qui peut
influer sur les risques rencontrés par les voyageurs. Il convient qu’un organisme connaisse la législation,
les exigences réglementaires, les codes de bonne pratique, etc. qui s’appliquent à son industrie/son
secteur d’activité dans son pays d’origine et dans les autres pays où il exerce ses activités. Il convient
également qu’il tienne compte de son devoir de protection, de ses politiques et dispositions pour la
résilience de ses activités et de ses objectifs de développement durable, tous ces éléments qui peuvent
avoir un effet positif sur les considérations relatives au traitement du risque.
Il est nécessaire que les organismes surveillent et examinent de manière proactive leurs risques
identifiés, évolutifs et émergents. Il convient de tenir compte de leur impact sur la gestion des risques
liés aux voyages de l’organisme et d’enregistrer tout changement et d’agir en conséquence.
4.1.3 Profil de risque
Il convient qu’un organisme ait une bonne compréhension de son profil de risque et du contexte
dynamique de la gestion des risques liés aux voyages dans lequel il exerce ses activités ou prévoit
d’exercer ses activités. Pour ce faire, il convient que l’organisme examine les objectifs de la gestion des
risques liés aux voyages par rapport:
— au contexte de l’organisme;
6 © ISO 2021 – Tous droits réservés

— au secteur opérationnel de l’organisme;
— aux opérations ou missions spécifiques, ou les deux;
— aux destinations;
— aux profils et objectifs individuels des voyageurs.
Un profil de risque peut comprendre différents risques qui peuvent être interdépendants.
Il convient de revoir le profil de risque des voyages régulièrement et après tout changement significatif
du contexte opérationnel interne et externe. Il convient de communiquer les résultats par le biais des
services de communication interne et externe.
4.2 Parties prenantes
Il convient que l’organisme détermine les parties prenantes internes et externes qui sont pertinentes
pour la gestion des risques liés aux voyages (voir Tableau 1).
Selon la taille de l’organisme et ses besoins en matière de voyages, la fonction chargée de la gestion des
risques liés aux voyages peut être combinée à d’autres fonctions. Certaines fonctions peuvent également
être prises en charge par des prestataires tiers spécialisés.
Tableau 1 — Exemples de parties prenantes internes et externes
Parties prenantes internes (dont celles correspondant à des fonctions) Parties prenantes externes
— santé et sécurité/environnement, santé — marketing et — assureurs/assisteurs
et sécurité/santé et sécurité au travail communication
— agences de voyages
— sûreté globale de l’entreprise/ sécurité — conseil d’administration
— entreprises de gestion des
de l’information
— achats et risques liés aux voyages
— confidentialité des données approvisionnement
— organismes publics
— continuité d’activité — conformité appropriés
— gestion de crise — opérations — organismes de régulation
et services d’urgence
— gestion des incidents — travailleurs/étudiants
— prestataires et sous-
— responsabilité sociétale de l’entreprise/ — assurance
traitants
développement durable
— finances
— clients
— voyages internationaux/voyages
— audit
d’affaires — contact désigné par les
voyageurs en cas d’urgence
— juridique
— ressources humaines/mobilité interne/
formation — accompagnants à la charge
— syndicats/comité
des voyageurs
d’entreprise
— direction régionale
— partenaires locaux ou
— voyages et mobilité
— gestion du risque
collectivités locales
— santé au travail
— sûreté
4.3 Population de voyageurs
Il est nécessaire de prêter attention au profil du voyageur par rapport aux destinations, car des facteurs
tels que l’origine, les compétences, la nationalité, l’identité culturelle, le sexe, l’orientation sexuelle, la
religion, l’âge, la profession, la position, le handicap ou les antécédents médicaux peuvent tous influer
sur les risques liés au voyage. Les risques peuvent aller au-delà de la sécurité et de la sûreté et peuvent
également inclure des besoins médicaux et autres.
Un organisme peut compter différents types de voyageurs ou groupes de voyageurs, ayant tous des
exigences différentes concernant le devoir de protection. Il convient que l’équipe chargée de la gestion
des risques liés aux voyages soit en contact étroit avec le service des ressources humaines ou le service
juridique de l’organisme afin de bien comprendre quels sont les différents types de voyageurs. Ceux-ci
peuvent inclure, entre autres:
— les travailleurs directs;
— les autres travailleurs au sein de l’organisme et de sa chaîne d’approvisionnement;
— les stagiaires et les invités de l’organisme;
— les familles (et autres personnes qui dépendent du voyageur pour leur prise en charge, par exemple
financière) qui voyagent avec le voyageur principal;
— les étudiants/élèves des universités/écoles.
Il convient également de tenir compte du mode de déplacement, par exemple:
— en distinguant les voyageurs à court terme et les voyageurs à long terme (y compris les expatriés);
— les travailleurs basés dans le pays et travaillant à distance;
— les travailleurs en rotation.
4.4 Objectifs commerciaux, appétence au risque et critères de risques
Il convient qu’un organisme trouve un équilibre entre ses objectifs et opportunités commerciaux et les
mesures nécessaires pour gérer les risques et les menaces qu’il rencontre. Il convient que les options
de traitement du risque soient proportionnées au niveau de risque prévu ou attendu. Il convient
qu’un organisme prenne en considération le niveau de risque qu’il est prêt à accepter pour atteindre
ses objectifs commerciaux et saisir toutes les opportunités, tout en mettant en place des mesures
appropriées pour gérer le risque de manière efficace et efficiente. Il peut arriver que le niveau de risque
soit inacceptable et qu’il convienne de ne pas faire le voyage.
Il convient que les critères de risque de l’organisme concernant les voyages figurent dans la politique de
gestion des risques liés aux voyages.
4.5 Gestion des risques liés aux voyages et mise en œuvre
La nature et l’ampleur des risques liés aux voyages d’un organisme déterminent la manière dont
les risques sont gérés et pris en charge. Le profil de risque d’un organisme effectuant des voyages
occasionnels dans des lieux à faible risque est très différent de celui d’un organisme exerçant
fréquemment ses activités dans des lieux à haut risque.
Le profil de risque a vocation à indiquer également dans quelle mesure l’organisme peut gérer les
risques en utilisant ses propres ressources ou devra compter sur l’assistance de prestataires tiers
pour faciliter ou assurer la mise en œuvre des fonctions nécessaires. Il s’agit d’un facteur important à
prendre en compte lors de l’élaboration et de la mise en œuvre d’une politique et d’un programme de
gestion des risques liés aux voyages. Il convient d’envisager de fournir une analyse coût/bénéfice pour
faciliter le processus de prise de décision. Des recommandations supplémentaires relatives à l’analyse
coût/bénéfice sont données dans l’IEC 31010.
8 © ISO 2021 – Tous droits réservés

5 Gestion des risques liés aux voyages
5.1 Leadership et engagement
Il convient que la direction s’approprie les risques liés aux voyages de l’organisme et démontre
l’appropriation de ces risque
...


Norma internacional
ISO 31030
Primera edición
Gestión del riesgo asociado
2021-09
a viajes — Orientación para
organizaciones
Travel risk management — Guidance for organizations
Publicado por la Secretaría Central de ISO en Ginebra, Suiza,
como traducción oficial en español avalada por el Translation
Management Group, que ha certificado la conformidad en
relación con las versiones inglesa y francesa.
Número de referencia
DOCUMENTO PROTEGIDO POR COPYRIGHT
© ISO 2021
Todos los derechos reservados. Salvo que se especifique de otra manera o se requiera en el contexto de su implementación, no
puede reproducirse ni utilizarse ninguna parte de esta publicación bajo ninguna forma y por ningún medio, electrónico o mecánico,
incluidos el fotocopiado, o la publicación en Internet o una Intranet, sin la autorización previa por escrito. La autorización puede
solicitarse a ISO en la siguiente dirección o al organismo miembro de ISO en el país del solicitante.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Publicado en Suiza
Versión en español publicada en 2026
Traducción oficial
ii
Índice Página
Prólogo .v
Prólogo de la versión en español.vi
Introducción .vii
1 Objeto y campo de aplicación . 1
2 Referencias normativas . 1
3 Términos y definiciones . 1
4 Comprensión de la organización y su contexto . 5
4.1 Contexto operacional .5
4.1.1 Generalidades .5
4.1.2 Contexto específico de la industria/sector .6
4.1.3 Perfil de riesgo .6
4.2 Partes interesadas .7
4.3 Población viajera .7
4.4 Objetivos del negocio, apetito de riesgo y criterios de riesgo .8
4.5 Gestión e implementación del riesgo asociado a viajes .8
5 Gestión del riesgo asociado a viajes . 8
5.1 Liderazgo y compromiso .8
5.2 Política .9
5.3 Roles, responsabilidades y rendición de cuentas .10
5.4 Objetivos.10
5.5 Planificación/establecimiento del programa .10
5.6 Implementación .11
6 Evaluación del riesgo asociado a viajes .13
6.1 Generalidades . 13
6.2 Identificación del riesgo .14
6.3 Análisis del riesgo . 15
6.4 Valoración del riesgo . 15
7 Tratamiento del riesgo asociado a viajes .16
7.1 Generalidades .16
7.2 Evitar el riesgo .17
7.2.1 Autorizaciones previas al viaje .17
7.2.2 Restricciones .17
7.3 Riesgo compartido .18
7.3.1 Generalidades .18
7.3.2 Seguros generales .18
7.3.3 Seguro especializado .18
7.4 Reducción de riesgos .19
7.4.1 Selección de opciones de tratamiento .19
7.4.2 Competencia .19
7.4.3 Información, consejos y actualizaciones . 20
7.4.4 Protocolos/plataformas de comunicación. 20
7.4.5 Selección de alojamiento . 20
7.4.6 Seguridad de la información y protección de la privacidad .21
7.4.7 Transporte . 22
7.4.8 Gestión de los trayectos . 22
7.4.9 Reducción de riesgos médicos y de salud . 23
7.4.10 Servicios de apoyo médico y de seguridad .24
7.4.11 Planificación de la gestión de incidentes . 25
7.4.12 Puntos de contacto ante incidentes y emergencias . 26
7.4.13 Seguimiento de viajeros .27
7.4.14 Planificación para gestionar secuestros y rescates .27
7.4.15 Planificación de la evacuación . 28

Traducción oficial
iii
8 Comunicación y consulta .28
8.1 Programa/comunicaciones estratégicas . 28
8.2 Comunicaciones operacionales/técnicas . 29
9 Seguimiento y revisión del programa .30
9.1 Generalidades . 30
9.2 Encuestas.31
9.3 Evaluación comparativa con las mejores prácticas (benchmarking).31
9.4 Métrica .31
10 Registro e informe del programa.32
10.1 Generalidades .32
10.2 Documentación .32
10.3 Registro y elaboración de informes . 33
Anexo A (informativo) Desarrollo e implementación de un programa de GRV .35
Anexo B (informativo) Menores que viajan sin tutores legales .39
Anexo C (informativo) Consideraciones relativas a viajes durante una disrupción global .42
Anexo D (informativo) Restricciones relativas al tratamiento del riesgo .44
Anexo E (informativo) Formación .45
Anexo F (informativo) Consideraciones para el alojamiento en lugares de alto riesgo . 47
Bibliografía.50

Traducción oficial
iv
Prólogo
ISO (Organización Internacional de Normalización) es una federación mundial de organismos nacionales
de normalización (organismos miembros de ISO). El trabajo de elaboración de las Normas Internacionales
se lleva a cabo normalmente a través de los comités técnicos de ISO. Cada organismo miembro interesado
en una materia para la cual se haya establecido un comité técnico, tiene el derecho de estar representado
en dicho comité. Las organizaciones internacionales, gubernamentales y no gubernamentales, vinculadas
con ISO, también participan en el trabajo. ISO colabora estrechamente con la Comisión Electrotécnica
Internacional (IEC) en todos los temas de normalización electrotécnica.
En la Parte 1 de las Directivas ISO/IEC se describen los procedimientos utilizados para desarrollar este
documento y aquellos previstos para su mantenimiento posterior. En particular debería tomarse nota de los
diferentes criterios de aprobación necesarios para los distintos tipos de documentos ISO. Este documento
ha sido redactado de acuerdo con las reglas editoriales de la Parte 2 de las Directivas ISO/IEC (véase
www.iso.org/directives).
Se llama la atención sobre la posibilidad de que algunos de los elementos de este documento puedan estar
sujetos a derechos de patente. ISO no asume la responsabilidad por la identificación de alguno o todos los
derechos de patente. Los detalles sobre cualquier derecho de patente identificado durante el desarrollo de
este documento se indicarán en la Introducción y/o en la lista ISO de declaraciones de patente recibidas
(véase www.iso.org/patents).
Cualquier nombre comercial utilizado en este documento es información que se proporciona para comodidad
del usuario y no constituye una recomendación.
Para una explicación de la naturaleza voluntaria de las normas, el significado de los términos específicos de
ISO y las expresiones relacionadas con la evaluación de la conformidad, así como la información acerca de la
adhesión de ISO a los principios de la Organización Mundial del Comercio (OMC) respecto a los Obstáculos
Técnicos al Comercio (OTC), véase www.iso.org/iso/foreword.html.
Este documento ha sido elaborado por el Comité Técnico ISO/TC 262, Gestión del riesgo.
Cualquier comentario o pregunta sobre este documento deberían dirigirse al organismo nacional de
normalización del usuario. En www.iso.org/members.html se puede encontrar un listado completo de estos
organismos.
Traducción oficial
v
Prólogo de la versión en español
Este documento ha sido traducido por el Grupo de Trabajo Spanish Translation Task Force (STTF) del Comité
Técnico ISO/TC 262, Gestión del riesgo, en el que participan representantes de los organismos nacionales de
normalización y otras partes interesadas, para lograr la unificación de la terminología en lengua española
en el ámbito de la gestión del riesgo.
Este documento ha sido validado por el ISO/TMBG/Spanish Translation Management Group (STMG)
conformado por los siguientes países: Argentina, Bolivia, Chile, Colombia, Costa Rica, Cuba, Ecuador, El
Salvador, España, Guatemala, Honduras, República Dominicana, México, Panamá, Paraguay, Perú y Uruguay.

Traducción oficial
vi
Introducción
Este documento está previsto para ayudar a quienes gestionan y participan en viajes de una organización.
La gestión del riesgo asociado a viajes es un componente de las actividades relacionadas con los viajes de
cualquier organización y debería incluir la interacción con las partes interesadas.
Existen muchas razones por las que las personas viajan para su organización. Viajar se ha convertido
cada vez más en una característica común de los trabajos o funciones de las personas. En consecuencia,
las organizaciones necesitan cumplir con su deber de protección en múltiples jurisdicciones en diferentes
partes del mundo.
Los viajeros, ya sean internacionales o nacionales, se pueden enfrentar a situaciones y entornos desconocidos
que tienen perfiles de riesgo diferentes a los de su ubicación normal. Los accidentes de tráfico, los brotes de
enfermedades, las epidemias y los desastres naturales, así como los conflictos, la delincuencia (incluidos los
delitos cibernéticos y el robo de información), las amenazas cibernéticas, el terrorismo y la inestabilidad
política y social, pueden amenazar la seguridad, la protección (incluida la seguridad de la información) y la
salud (incluida la salud mental) de los viajeros, y puede afectar negativamente el resultado de sus objetivos
de viaje.
NOTA A menos que se indique lo contrario, cualquier referencia a la seguridad también incluye la seguridad de la
información.
La gestión del riesgo para viajar a un país donde la organización no tiene una oficina local requiere de
controles más completos que para lugares donde los perfiles de riesgo son bien conocidos y los tratamientos
ya se han establecido. La puntualidad y precisión de la inteligencia, el análisis y el asesoramiento, incluidas
las alertas de viaje, son cada vez más importantes para influir en las decisiones de viaje.
La gestión del riesgo asociado a viajes (GRV) requiere que las organizaciones anticipen y evalúen el
potencial de que ocurran eventos, desarrollen tratamientos y comuniquen a los viajeros las exposiciones a
riesgo previstas. Aconsejar y proporcionar a los viajeros orientación médica y de respuesta a emergencias
adecuada, precauciones de seguridad y seguridad de la información, incluidos los desafíos para la logística
del viaje, puede tener un impacto significativo en el resultado de eventos disruptivos.
Este documento proporciona un medio para que las organizaciones demuestren que las decisiones de
viaje se basan en la capacidad de la organización para tratar el riesgo utilizando recursos internos o con
asistencia externa. No todos los viajes requieren el mismo nivel de rigor para la evaluación y gestión del
riesgo. Aunque este documento proporciona un conjunto integral de opciones de tratamiento del riesgo que
una organización puede considerar, la aplicación debería estar razonada y proporcionada a la exposición al
riesgo. Esto ayudará a la organización y a los viajeros individuales a darse cuenta de las oportunidades y
beneficios por los cuales se requiere viajar.
Este documento propone que el apetito global y la aceptación del riesgo de la organización no se deberían
tener como prioridad, ni utilizar exclusivamente, para decidir si el viaje es apropiado por razones de
seguridad o salud.
Este documento se basa en los principios, el marco de referencia y el proceso de la Norma ISO 31000, como
se muestra en la Figura 1. El riesgo relacionado con los viajes presenta un contexto específico y el proceso de
gestión del riesgo existente de una organización se puede adaptar para reflejarlo. También está alineado con
el sistema de gestión de la seguridad y salud en el trabajo establecido en la Norma ISO 45001. Como tal, los
elementos de este documento pueden ayudar o informar a las organizaciones que desarrollan tales sistemas
de gestión, pero no es una norma de sistema de gestión.
Este documento se puede utilizar de forma independiente o integrado en otros programas de gestión del
riesgo.
Traducción oficial
vii
Figura 1 — Principios, marco de referencia y proceso
Uno de los objetivos de este documento es promover una cultura en la que el riesgo relacionado con los viajes
se tome en serio, se cuente con los recursos adecuados y se gestione con eficacia. Y donde se reconozcan los
beneficios para la organización y las partes interesadas pertinentes. Tales beneficios incluyen:
— proteger al personal, los datos, la propiedad intelectual y los activos;
— reducir la exposición legal y financiera;
— habilitar negocios en lugares de alto riesgo;
— mejorar la reputación y la credibilidad de una organización, lo que a su vez puede tener un efecto positivo
en la competitividad, la rotación del personal y la adquisición de talento;
— mejorar la confianza de los trabajadores en las disposiciones relativas a la salud, la seguridad y la
protección durante los viajes;
— contribuir a la capacidad de continuidad del negocio y la resiliencia de la organización;
— demostrar la capacidad de la organización para controlar sus riesgos relacionados con los viajes de
manera eficaz y eficiente, lo que también puede ayudar a reducir sus primas de seguro;
— proporcionar seguridad a los socios comerciales, por lo que los bancos y los inversores estarán más
dispuestos a financiar su negocio;
— permitir que la organización cumpla con las expectativas de los clientes en términos de seguridad y
estabilidad de su cadena de suministro;
— aumentar la productividad general;

Traducción oficial
viii
— contribuir al logro de los objetivos de desarrollo sostenible mediante el fortalecimiento de la dimensión
social de la sostenibilidad.
En este documento, se utilizan las siguientes formas verbales:
a) “debería” indica una recomendación;
b) “puede” indica un permiso, una posibilidad o una capacidad.
La información marcada como "NOTA" pretende ayudar a comprender o utilizar el documento.
Las “Notas a la entrada” utilizadas en el Capítulo 3 proporcionan información adicional que complementa los
datos terminológicos y pueden contener disposiciones relacionadas con el uso de un término.

Traducción oficial
ix
Norma internacional ISO 31030:2021(es)
Gestión del riesgo asociado a viajes — Orientación para
organizaciones
1 Objeto y campo de aplicación
Este documento proporciona orientación a las organizaciones sobre cómo gestionar los riesgos, para la
organización y sus viajeros, como resultado de un viaje.
Este documento proporciona un enfoque estructurado para desarrollar, implementar, valorar y revisar:
— la política;
— el desarrollo de programas;
— la identificación de amenazas y peligros;
— las oportunidades y fortalezas;
— la evaluación del riesgo;
— las estrategias de prevención y mitigación.
Este documento es aplicable a cualquier tipo de organización, independientemente de su sector o tamaño,
incluyendo, pero no limitado a:
— organizaciones comerciales;
— organizaciones benéficas y sin fines de lucro;
— organizaciones gubernamentales;
— organizaciones no gubernamentales;
— organizaciones educativas.
Este documento no se aplica a los viajes relacionados con turismo y ocio, excepto para los viajeros que viajen
en nombre de su organización.
2 Referencias normativas
Los siguientes documentos se mencionan en el texto de tal manera que parte o la totalidad de su contenido
constituye requisitos de este documento. Para las referencias con fecha, solo se aplica la edición citada.
Para las referencias sin fecha, se aplica la última edición del documento de referencia (incluidas las
modificaciones).
ISO 31000, Gestión del riesgo — Directrices
3 Términos y definiciones
Para los fines de este documento, se aplican los términos y definiciones incluidos en la Norma ISO 31000
además de los siguientes:
Traducción oficial
ISO e IEC mantienen bases de datos terminológicas para su utilización en normalización en las siguientes
direcciones:
— Plataforma de búsqueda en línea de ISO: disponible en https:// www .iso .org/ obp
— Electropedia de IEC: disponible en https:// www .electropedia .org/
3.1
competencia
capacidad de aplicar conocimientos y habilidades para lograr los resultados previstos
Nota 1 a la entrada: Este constituye uno de los términos comunes y definiciones esenciales de la estructura armonizada
para las normas ISO de sistema de gestión.
[FUENTE: ISO 22300:2021, 3.1.42]
3.2
crisis
evento o situación anormal o extraordinaria que amenaza a una organización (3.9) y requiere una respuesta
estratégica, adaptativa y oportuna para preservar su viabilidad e integridad
Nota 1 a la entrada: El evento puede incluir un alto grado de incertidumbre.
Nota 2 a la entrada: El evento puede exceder la capacidad de respuesta o capacidad de la organización.
Nota 3 a la entrada: Dada la naturaleza de una crisis, es posible que no haya un plan adecuado o apropiado para
enfrentar el evento, por lo que se necesita un enfoque flexible y dinámico.
3.3
equipo de gestión de crisis
grupo de personas funcionalmente responsables de la dirección e implementación de las capacidades de
gestión de crisis (3.2) de la organización (3.9)
3.4
deber de protección
responsabilidad moral o requisito legal de una organización (3.9) para proteger al viajero (3.21) de peligros
(3.5) y amenazas (3.17)
Nota 1 a la entrada: El aspecto legal del deber de protección puede surgir, entre otros, de negligencia, de contrato y de
estatuto.
Nota 2 a la entrada: Los requisitos legales y cómo surgen, incluida la cobertura de seguro, pueden diferir entre
jurisdicciones.
Nota 3 a la entrada: Los requisitos legales pueden tener un alcance limitado (por ejemplo, es posible que no sean
absolutos).
Nota 4 a la entrada: Las organizaciones deberían buscar el asesoramiento de un asesor legal competente para
determinar el alcance y la naturaleza de su deber de diligencia en relación con el contexto de este documento.
3.5
peligro
fuente de daño potencial
1)
[FUENTE: ISO 31073:— , 3.7.5, modificado — Se ha eliminado la Nota 1 a la entrada.]
3.6
incidente
evento adverso que puede ser, o puede conducir a, una disrupción, pérdida, emergencia o crisis (3.2)
Nota 1 a la entrada: Un incidente puede tener un impacto negativo en la salud y la seguridad de un viajero (3.21).
1) En preparación. Fase en el momento de la publicación: ISO/DIS 31073:2021.

Traducción oficial
Nota 2 a la entrada: Un incidente puede afectar negativamente a la organización (3.9), por ejemplo, por daño a la
reputación, pérdida financiera.
Nota 3 a la entrada: Un incidente puede afectar negativamente la resiliencia de la organización.
3.7
equipo de gestión de incidentes
grupo de personas funcionalmente responsables de planificar la probabilidad y la gestión de un incidente
(3.6)
Nota 1 a la entrada: Las responsabilidades del equipo de gestión de incidentes pueden incluir el enlace con
organizaciones (3.9) externas, partes interesadas (3.15) y familias.
3.8
tiempo libre
tiempo en que los viajeros (3.21) no están involucrados en actividades laborales pero permanecen bajo la
responsabilidad general de supervisión de la organización (3.9)
Nota 1 a la entrada: Esto puede incluir un fin de semana dependiendo de la duración del viaje.
3.9
organización
persona o grupo de personas que tiene sus propias funciones con responsabilidades, autoridades y relaciones
para lograr sus objetivos
Nota 1 a la entrada: El concepto de organización incluye, entre otros el trabajador independiente, la compañía, la
corporación, la firma, la empresa, la autoridad, la sociedad, la fundación o la institución, o parte o combinación de
ellas, ya estén constituidas o no, sean públicas o privadas.
[FUENTE: ISO 31022:2020, 3.4, modificado — Se ha modificado la Nota 1 a la entrada.]
3.10
tiempo libre personal
período de tiempo, que ocurre antes, después o dentro de la duración programada de la actividad de trabajo
o proyecto, que queda fuera de la responsabilidad de supervisión de la organización (3.9)
3.11
proveedor
organización (3.9) que proporciona servicios o productos, o ambos, a la organización de acuerdo con las
especificaciones, términos y condiciones acordados
3.12
riesgo
efecto de la incertidumbre sobre los objetivos
Nota 1 a la entrada: Un efecto es una desviación respecto a lo previsto. Puede ser positivo, negativo o ambos, y puede
abordar, crear o resultar en oportunidades y amenazas (3.17).
Nota 2 a la entrada: Los objetivos pueden tener diferentes aspectos y categorías y se pueden aplicar a diferentes
niveles.
Nota 3 a la entrada: Con frecuencia, el riesgo se expresa en términos de fuentes de riesgo, eventos potenciales, sus
consecuencias y sus probabilidades.
[FUENTE: ISO 31000:2018, 3.1]
3.13
evaluación del riesgo
proceso global que comprende la identificación del riesgo, el análisis del riesgo y la valoración del riesgo
[FUENTE: 31073:—, 3.6.1]
Traducción oficial
3.14
tratamiento del riesgo
proceso para modificar el riesgo (3.12)
Nota 1 a la entrada: El tratamiento del riesgo puede implicar:
— evitar el riesgo, decidiendo no iniciar o continuar con la actividad que genera el riesgo;
— aceptar o aumentar el riesgo con objeto de buscar una oportunidad;
— eliminar la fuente de riesgo;
— cambiar la probabilidad;
— cambiar las consecuencias;
— compartir el riesgo con otra u otras partes (incluyendo los contratos y el financiamiento del riesgo);
— retener el riesgo con base en una decisión informada.
Nota 2 a la entrada: Los tratamientos del riesgo que manejan consecuencias negativas en ocasiones son referidos como
"mitigación del riesgo", "eliminación del riesgo", "prevención del riesgo" y "reducción del riesgo".
Nota 3 a la entrada: El tratamiento del riesgo puede originar nuevos riesgos o modificar los riegos existentes.
[FUENTE: ISO 31073:—, 3.10.1]
3.15
parte interesada
persona u organización (3.9) que puede afectar, verse afectada, o percibirse como afectada por una decisión
o actividad
Nota 1 a la entrada: a la versión en español: Los términos en inglés “interested party” y “stakeholder” tienen una
traducción única al español como “parte interesada”.
[FUENTE: ISO 31000:2018, 3.3]
3.16
estudiante
persona en colocación, pasantía, aprendizaje o de otra manera, bajo el control de una organización (3.9)
empleadora como parte de un programa de formación, o inscrito en una escuela u otra institución educativa
Nota 1 a la entrada: Como los estudiantes pueden tener menos de la edad de responsabilidad legal, es posible que no
puedan tomar decisiones legales por sí mismos.
3.17
amenaza
fuente potencial de peligro, daño u otro resultado no deseado
[FUENTE: ISO 31073:—, 3.7.7, modificado — Se han eliminado las Notas 1 y 2 a la entrada.]
3.18
viajar
viaje
desplazamiento de una o varias personas, en nombre de una organización (3.9), que entra dentro del alcance
del deber de protección (3.4) de la organización
Nota 1 a la entrada: El desplazamiento puede ser nacional o internacional.
3.19
riesgo asociado a viajes
efecto de la incertidumbre sobre los objetivos debido a los viajes (3.18)

Traducción oficial
3.20
gestión del riesgo asociado a viajes
GRV
actividades coordinadas para dirigir y controlar una organización (3.9) en lo relativo al riesgo asociado a
viajes (3.19)
3.21
viajero
personas que emprenden un viaje (3.18)
3.22
trabajador
persona que realiza trabajo o actividades relacionadas con el trabajo que están bajo el control directo o
indirecto de la organización (3.9)
Nota 1 a la entrada: Personas que realizan trabajo o actividades relacionadas con el trabajo bajo diversos acuerdos,
pagados o no pagados, tales como de manera regular o temporal, intermitente o estacional, esporádica o a tiempo
parcial.
Nota 2 a la entrada: Los trabajadores incluyen la alta dirección, personas directivas y no directivas.
Nota 3 a la entrada: El trabajo o las actividades relacionadas con el trabajo realizadas bajo el control de la organización
puede ser realizado por trabajadores empleados por la organización, trabajadores de proveedores (3.11) externos
(contratistas, subproveedores), independientes, trabajadores proporcionados por otra organización, y por otras
personas en la medida en que la organización comparta el control sobre su trabajo o actividades relacionadas con el
trabajo, de acuerdo con el contexto de la organización.
[FUENTE: ISO 45001:2018, 3.3, modificado — Se ha añadido "directo o indirecto" en la definición y
"subproveedores" en la Nota 3 a la entrada.]
4 Comprensión de la organización y su contexto
4.1 Contexto operacional
4.1.1 Generalidades
Es importante que una organización comprenda claramente los factores que pueden afectar o influir en los
objetivos de su programa de GRV, incluido el contexto externo e interno en el que opera.
El contexto externo puede incluir, entre otros:
a) los factores políticos, socioeconómicos, culturales, religiosos/éticos, legales o reglamentarios, ya sean
internacionales, nacionales, regionales o locales;
b) la violencia política (incluyendo el terrorismo, la insurgencia, los disturbios y la guerra por motivos
políticos);
c) los disturbios sociales (incluyendo la violencia sectaria, comunal y étnica);
d) los delitos menores y violentos;
e) la calidad, la disponibilidad y la confiabilidad de los medios de transporte;
f) la calidad, la disponibilidad y la confiabilidad de las telecomunicaciones;
g) el estado de las relaciones laborales;
h) la eficacia de los servicios de seguridad y emergencia públicos y privados;
i) las responsabilidades de otras partes (por ejemplo, clientes) con respecto a los viajeros de la
organización;
Traducción oficial
j) los factores naturales o geológicos;
k) la susceptibilidad a los desastres naturales;
l) los peligros potenciales para la salud, incluidas epidemias y pandemias;
m) la calidad de la infraestructura local de salud y de atención médica;
n) la seguridad de la información/ciberseguridad;
o) la calidad del hotel/alojamiento;
p) las condiciones del suelo/carretera.
El contexto interno puede incluir, entre otros, los siguientes elementos de la organización:
— la visión, la misión, los valores y la cultura;
— la gobernanza, la estructura, las funciones, las responsabilidades y la rendición de cuentas;
— la estrategia, los objetivos y las políticas;
— los planes, los estándares, las directrices, los reglamentos y las instrucciones;
— la estrategia de gestión del riesgo y los criterios de riesgo;
— el alcance y el tipo de actividades de viaje;
— las capacidades, incluyendo las competencias y los perfiles de los viajeros;
— los recursos, las técnicas y las herramientas necesarios para gestionar el riesgo asociado a viajes de la
organización;
— los datos, los sistemas de información y los flujos de información.
4.1.2 Contexto específico de la industria/sector
La industria/sector en el que opera una organización es otro factor que puede afectar los riesgos a los
que se enfrentan los viajeros. Una organización debería conocer la legislación pertinente, los requisitos
reglamentarios, los códigos de práctica, etc. que son relevantes para su industria/sector en su país de origen
y en otros países en los que opera. También debería tener en cuenta su deber de protección, las políticas y
acuerdos de resiliencia del negocio y los objetivos de sostenibilidad, que pueden tener un efecto positivo en
las consideraciones de tratamiento del riesgo.
Las organizaciones necesitan hacer seguimiento y revisar proactivamente sus riesgos identificados, en
evolución y emergentes. Se debería considerar su impacto en la GRV de la organización y registrar y actuar
sobre cualquier cambio.
4.1.3 Perfil de riesgo
Una organización debería tener una comprensión clara de su perfil de riesgo y el panorama dinámico de la
GRV en el que opera o planea operar. Para hacer esto, una organización debería revisar los objetivos de la
GRV en relación con:
— el contexto de la organización;
— el sector operativo de la organización;
— las operaciones o las asignaciones específicas, o ambas;
— los destinos;
— los perfiles y los objetivos individuales de los viajeros.

Traducción oficial
Un perfil de riesgo puede incorporar diferentes riesgos que pueden ser interdependientes.
El perfil de riesgo para viajes se debería revisar periódicamente y después de cualquier cambio significativo
en el contexto operativo interno y externo. Los resultados se deberían dar a conocer a través de
comunicaciones internas y externas.
4.2 Partes interesadas
La organización debería determinar las partes interesadas internas y externas que son pertinentes para la
GRV (véase la Tabla 1).
Según el tamaño de la organización y sus necesidades de viaje, la función de GRV se puede combinar con otras
funciones. Ciertas funciones también pueden ser compatibles con proveedores externos especializados.
Tabla 1 — Ejemplo de partes interesadas internas y externas
Partes interesadas internas (incluidas las de las funciones) Partes interesadas externas
— salud y seguridad/medio ambiente, — marketing y comunicaciones — proveedores de seguros
salud y seguridad/salud y seguridad
— junta Directiva — compañías de gestión de
en el trabajo
viajes
— adquisiciones y abastecimiento
— seguridad corporativa/seguridad de la
— compañías de GRV
información
— cumplimiento
— agencias gubernamentales
— privacidad de datos
— operaciones
apropiadas
— continuidad del negocio
— trabajadores/estudiantes
— reguladores y servicios de
— gestión de crisis emergencia
— seguros
— gestión de incidentes — proveedores y
— finanzas
subproveedores
— responsabilidad social corporativa/
— auditoría
sostenibilidad — clientes
— jurídico
— viajes globales/viajes corporativos — contacto de emergencia
designado por los viajeros
— sindicatos/consejo de
— recursos humanos/movilidad interna/
trabajadores
formación — dependientes de los viajeros
— viajes y movilidad
— gerencia regional — socios o comunidades locales
— médico
— gestión del riesgo
— seguridad
4.3 Población viajera
Es necesario prestar atención al perfil del viajero en relación con los destinos porque factores como la raza,
las competencias, la nacionalidad, la identidad cultural, el género, la orientación sexual, la religión, la edad, la
ocupación, el puesto, la discapacidad o el historial médico pueden afectar los riesgos asociados con el viaje.
Los riesgos se pueden extender más allá de la seguridad y la protección y también pueden incluir necesidades
médicas y de otro tipo.
Una organización puede tener varios tipos diferentes de viajeros, o grupos de viajeros, todos con diferentes
requisitos de deber de protección. El equipo de GRV debería colaborar estrechamente con el departamento
jurídico o de recursos humanos de la organización para desarrollar una comprensión completa de los
diferentes tipos de viajeros. Estos pueden incluir, entre otros:
— los trabajadores directos;
— otros trabajadores de la organización y su cadena de suministro;
— los estudiantes en prácticas y los invitados de la organización;

Traducción oficial
— las familias (y otras personas que dependen del viajero para su apoyo, por ejemplo, apoyo financiero) que
viajan con el viajero principal;
— los estudiantes/alumnos de universidades/escuelas.
También se debería considerar el patrón de viaje, por ejemplo:
— distinguir a los viajeros a corto y largo plazo (incluidos los expatriados);
— los trabajadores remotos a nivel nacional;
— los trabajadores en rotación.
4.4 Objetivos del negocio, apetito de riesgo y criterios de riesgo
Una organización debería equilibrar sus objetivos y oportunidades de negocio con los pasos necesarios
para gestionar los riesgos y amenazas que enfrenta. Las opciones de tratamiento del riesgo deberían ser
proporcionales al nivel de riesgo previsto o esperado. Una organización debería considerar el nivel de riesgo
que está dispuesta a aceptar para cumplir con sus objetivos del negocio y aprovechar cualquier oportunidad,
al tiempo que implementa las medidas adecuadas para administrar el riesgo de manera efectiva y eficiente.
Puede haber ocasiones en las que el nivel de riesgo sea inaceptable y el viaje no se debería realizar.
Los criterios de riesgo asociado a viajes de la organización se deberían registrar en la política de GRV.
4.5 Gestión e implementación del riesgo asociado a viajes
La naturaleza y la escala del riesgo asociado a viajes de una organización determinará cómo se gestiona y
entrega el riesgo. El perfil de riesgo de una organización que viaja ocasionalmente a lugares de bajo riesgo es
muy diferente al de una que opera con frecuencia en lugares de alto riesgo.
El perfil de riesgo también determinará hasta qué punto la organización puede gestionar los riesgos
utilizando sus propios recursos o necesitará contar con el apoyo de proveedores externos para ayudar o
realizar las funciones necesarias. Este será un factor importante a abordar al desarrollar e implementar una
política y un programa de GRV. Se debería prestar la debida consideración a la realización de un análisis de
costos y beneficios para ayudar en el proceso de toma de decisiones. Se puede encontrar más orientación
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...