Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo Especially for content not in the forum
Such as files in the Cove "Members" Directory

Does ISO plan to sponsor certification to ISO 31000 soon?

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#1
A local Information Systems Security group has asked me to submit proposals for subjects I can teach at the May 2013 "Excellence in Governance, Risk Management and Compliance" conference in Portland Maine.

Of course I am proposing an introduction to ISO 31000, but I was interested to notice ISO says there is no certification to this standard (despite my having found organizations claiming to offer certification to it - but that's another, familiar enough subject :rolleyes:).

So I wondered: Does anyone know if, and if so when, ISO plans to start recognizing certification to ISO 31000?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#2
So I wondered: Does anyone know if, and if so when, ISO plans to start recognizing certification to ISO 31000?
ISO 31000:2009 is a "principles and guidelines" document, without "shalls". Without clear, auditable requirements is impossible very difficult for anyone to demonstrate conformance to a standard, which is the essence of certification. The abstract of the standard reads:
Abstract

ISO 31000:2009 provides principles and generic guidelines on risk management.

ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector.

ISO 31000:2009 can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.

ISO 31000:2009 can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.

Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.

It is intended that ISO 31000:2009 be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.

ISO 31000:2009 is not intended for the purpose of certification
Check the ISO space on ISO 31000.

Further, ISO typically does not get itself involve with conformity assessment practices, such as certification. One of the few exceptions had to do with ISO 26000, because ISO had committed, back in 2004, NOT to develop a certifiable CSR document. When and if ISO gets involved with Conformity Assessment practices, it does so via CASCO.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#3
Yes, I noticed there are no shalls and there is no section on internal auditing. I wondered if anyone knew of plans to migrate this rather young standard document in the same way that OHSAS 18001 eventually did.
 
#4
A local Information Systems Security group has asked me to submit proposals for subjects I can teach at the May 2013 "Excellence in Governance, Risk Management and Compliance" conference in Portland Maine.

Of course I am proposing an introduction to ISO 31000, but I was interested to notice ISO says there is no certification to this standard (despite my having found organizations claiming to offer certification to it - but that's another, familiar enough subject :rolleyes:).

So I wondered: Does anyone know if, and if so when, ISO plans to start recognizing certification to ISO 31000?
Might I suggest that something on ISO 27001 might be helpful? So far I've yet to find anyone in this industry who has a clue about the ISO 9001 based requirements and you'd be very well qualified to help them understand more about this part of 27K! The community I know appear to be oblivious of anything but hearsay/mythology etc about ISO ("say what you do, do what you say") etc.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#5
I wondered if anyone knew of plans to migrate this rather young standard document in the same way that OHSAS 18001 eventually did.
:confused: What do you mean? OHSAS 18001 and OHSAS 18002 were developed simultaneously. Looking at the work under development by the ISO TC 262, the only document I see is ISO 31004, which is going to be a guidance document on implementation of ISO 31000. I don't see any work towards a requirements document on risk management.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#6
:confused: What do you mean? OHSAS 18001 and OHSAS 18002 were developed simultaneously. Looking at the work under development by the ISO TC 262, the only document I see is ISO 31004, which is going to be a guidance document on implementation of ISO 31000. I don't see any work towards a requirements document on risk management.
I had recalled that at the point I started my auditing at my last employer the 18001 document was still guidance. But it could be that I lost too many brain cells when installing that radiant heat system. :bonk:
 
Top Bottom