ISO/TC 262 - Risk management

This document gives guidance on managing risk for youth and school trips for both domestic and international travel with specific attention to minors. This document is applicable to any organization, institution or group that provides activities, visits or trips for children and youth outside of their usual place of operation. These include, but are not limited to: — educational institutions (schools, colleges and universities); — children’s homes (including foster care provision); — residential tutorial centres (summer schools and language colleges); — community-based youth groups (scouts, guides, cadet units and youth clubs); — faith-based groups; — youth sports clubs; — youth arts clubs (music, drama, painting and literature); — adventurous activity centres (day visits and residential); — commercial and non-commercial providers of visits abroad (offshore sailing, cultural tours, sports, community projects, adventure activities and expeditions); — tourist attractions, tour operators and other service providers. This document is applicable to trips of any duration, from day trips visiting local points of interest to months-long trips to other continents. These trips can be for purposes such as excursions, fieldwork, expeditions and adventurous or cultural activities undertaken for educational, research, training or recreational purposes. This document is applicable any sort of travel under the auspices of an organization, be it one person travelling for an internship or dozens travelling for a sporting match. This document is applicable to the physical movement between locations, as well as to the events and activities associated with the objectives of the trip. This document provides good practices to address typical risks arising from activities related to trips. It also includes guidance for creating an emergency response plan. This document does not apply to groups of vulnerable adults per se. However, some aspects of the guidance can also be relevant to the management of trips for vulnerable adults. This document does not apply to situations such as minors travelling with their families, as well as how to organize such trips. This document does not apply to virtual travel, although some parts of it can be relevant.

This document gives guidance on managing emerging risks that an organization can face. This document complements ISO 31000. This document is applicable to any organization, at any stage and to any activity of the organization. Its application can be customized to suit different organizations or the context of different organizations.

This document defines generic terms related to the management of risks faced by organizations.

This document gives guidance to organizations on how to manage the risk(s), to the organization and its travellers, as a result of undertaking travel. This document provides a structured approach to the development, implementation, evaluation and review of: policy; programme development; threat and hazard identification; opportunities and strengths; risk assessment; prevention and mitigation strategies. This document is applicable to any type of organization, irrespective of sector or size, including but not limited to: commercial organizations; charitable and not-for-profit organizations; governmental organizations; non-governmental organizations; educational organizations. This document does not apply to tourism and leisure-related travel, except in relation to travellers travelling on behalf of the organization.

This document gives guidelines for managing the specific challenges of legal risk faced by organizations, as a complementary document to ISO 31000. The application of these guidelines can be customized to any organization and its context. This document provides a common approach to the management of legal risk and is not industry or sector specific.

This document gives guidelines for integrating and using ISO 31000 in organizations that have implemented one or more ISO and IEC Management System Standards (MSS), or that have decided to undertake a project implementing one or more MSS incorporating ISO 31000. This document explains how the clauses of ISO 31000 relate to the high level structure (HLS) for MSS. This document does not provide guidance on implementing a management system in general. It does not specify requirements of a MSS. It does not provide a summary of ISO 31000; however, it does, as explained above, provide the background for understanding ISO 31000. Using this document does not remove the need to use other standards to address specific aspects of risk.

IEC 31010:2019 is published as a double logo standard with ISO and provides guidance on the selection and application of techniques for assessing risk in a wide range of situations. The techniques are used to assist in making decisions where there is uncertainty, to provide information about particular risks and as part of a process for managing risk. The document provides summaries of a range of techniques, with references to other documents where the techniques are described in more detail. This second edition cancels and replaces the first edition published in 2009. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: • more detail is given on the process of planning, implementing, verifying and validating the use of the techniques; • the number and range of application of the techniques has been increased; • the concepts covered in ISO 31000 are no longer repeated in this standard. Keywords: uncertainty, risk management

ISO 31000:2018 provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context. ISO 31000:2018 provides a common approach to managing any type of risk and is not industry or sector specific. ISO 31000:2018 can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.

ISO/TR 31004:2013 provides guidance for organizations on managing risk effectively by implementing ISO 31000:2009. It provides: a structured approach for organizations to transition their risk management arrangements in order to be consistent with ISO 31000, in a manner tailored to the characteristics of the organization; an explanation of the underlying concepts of ISO 31000; guidance on aspects of the principles and risk management framework that are described in ISO 31000. ISO/TR 31004:2013 can be used by any public, private or community enterprise, association, group or individual. ISO/TR 31004:2013 is not specific to any industry or sector, or to any particular type of risk, and can be applied to all activities and to all parts of organizations.

IEC 31010:2009 is a dual logo IEC/ISO, single prefix IEC, supporting standard for ISO 31000 and provides guidance on selection and application of systematic techniques for risk assessment. This standard is not intended for certification, regulatory or contractual use. NOTE: This standard does not deal specifically with safety. It is a generic risk management standard and any references to safety are purely of an informative nature. Guidance on the introduction of safety aspects into IEC standards is laid down in ISO/IEC Guide 51.

ISO Guide 73:2009 provides the definitions of generic terms related to risk management. It aims to encourage a mutual and consistent understanding of, and a coherent approach to, the description of activities relating to the management of risk, and the use of uniform risk management terminology in processes and frameworks dealing with the management of risk. ISO Guide 73:2009 is intended to be used by: those engaged in managing risks, those who are involved in activities of ISO and IEC, and developers of national or sector-specific standards, guides, procedures and codes of practice relating to the management of risk. For principles and guidelines on risk management, reference is made to ISO 31000:2009.

ISO 31000:2009 provides principles and generic guidelines on risk management. ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector. ISO 31000:2009 can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets. ISO 31000:2009 can be applied to any type of risk, whatever its nature, whether having positive or negative consequences. Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed. It is intended that ISO 31000:2009 be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards. ISO 31000:2009 is not intended for the purpose of certification.