Does ISO plan to sponsor certification to ISO 31000 soon?

Jen Kirley

Jen Kirley

Quality and Auditing Expert
Leader
Admin
A local Information Systems Security group has asked me to submit proposals for subjects I can teach at the May 2013 "Excellence in Governance, Risk Management and Compliance" conference in Portland Maine.

Of course I am proposing an introduction to ISO 31000, but I was interested to notice ISO says there is no certification to this standard (despite my having found organizations claiming to offer certification to it - but that's another, familiar enough subject :rolleyes:).

So I wondered: Does anyone know if, and if so when, ISO plans to start recognizing certification to ISO 31000?
 
Sidney Vianna

Sidney Vianna

Post Responsibly
Leader
Admin
Jennifer Kirley said:
So I wondered: Does anyone know if, and if so when, ISO plans to start recognizing certification to ISO 31000?
Click to expand...
ISO 31000:2009 is a "principles and guidelines" document, without "shalls". Without clear, auditable requirements is impossible very difficult for anyone to demonstrate conformance to a standard, which is the essence of certification. The abstract of the standard reads:
Abstract

ISO 31000:2009 provides principles and generic guidelines on risk management.

ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector.

ISO 31000:2009 can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.

ISO 31000:2009 can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.

Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.

It is intended that ISO 31000:2009 be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.

ISO 31000:2009 is not intended for the purpose of certification
Click to expand...
Check the ISO space on ISO 31000.

Further, ISO typically does not get itself involve with conformity assessment practices, such as certification. One of the few exceptions had to do with ISO 26000, because ISO had committed, back in 2004, NOT to develop a certifiable CSR document. When and if ISO gets involved with Conformity Assessment practices, it does so via CASCO.
 
Jen Kirley

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Yes, I noticed there are no shalls and there is no section on internal auditing. I wondered if anyone knew of plans to migrate this rather young standard document in the same way that OHSAS 18001 eventually did.
 
A

AndyN

Moved On
Jennifer Kirley said:
A local Information Systems Security group has asked me to submit proposals for subjects I can teach at the May 2013 "Excellence in Governance, Risk Management and Compliance" conference in Portland Maine.

Of course I am proposing an introduction to ISO 31000, but I was interested to notice ISO says there is no certification to this standard (despite my having found organizations claiming to offer certification to it - but that's another, familiar enough subject :rolleyes:).

So I wondered: Does anyone know if, and if so when, ISO plans to start recognizing certification to ISO 31000?
Click to expand...

Might I suggest that something on ISO 27001 might be helpful? So far I've yet to find anyone in this industry who has a clue about the ISO 9001 based requirements and you'd be very well qualified to help them understand more about this part of 27K! The community I know appear to be oblivious of anything but hearsay/mythology etc about ISO ("say what you do, do what you say") etc.
 
Sidney Vianna

Sidney Vianna

Post Responsibly
Leader
Admin
Jennifer Kirley said:
I wondered if anyone knew of plans to migrate this rather young standard document in the same way that OHSAS 18001 eventually did.
Click to expand...
:confused: What do you mean? OHSAS 18001 and OHSAS 18002 were developed simultaneously. Looking at the work under development by the ISO TC 262, the only document I see is ISO 31004, which is going to be a guidance document on implementation of ISO 31000. I don't see any work towards a requirements document on risk management.
 
Jen Kirley

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Sidney Vianna said:
:confused: What do you mean? OHSAS 18001 and OHSAS 18002 were developed simultaneously. Looking at the work under development by the ISO TC 262, the only document I see is ISO 31004, which is going to be a guidance document on implementation of ISO 31000. I don't see any work towards a requirements document on risk management.
Click to expand...
I had recalled that at the point I started my auditing at my last employer the 18001 document was still guidance. But it could be that I lost too many brain cells when installing that radiant heat system. :bonk:
 
You must log in or register to reply here.

Similar threads

Forum Administrator
  • Locked
  • Sticky
Terms & Conditions of Use
Replies
0
Views
15K
Forum Administrator
Forum Administrator
G
Is ISO 9001:2015 certification worth it for a company that does only contract manufacturing?
2
Replies
14
Views
3K
hogheavenfarm
hogheavenfarm
Sidney Vianna
ISO seems not to be aware that ILO is not very happy with ISO's work on OHS
Replies
5
Views
2K
Henria
H
E
Department Plan for QA and HSE (profile, plans, structure, goals, etc.)
Replies
2
Views
2K
eSBee15
E
classical_quality
AS9100 Surveillance Audit - advice on drafting strong responses
2
Replies
11
Views
3K
normzone
N
Top Bottom