Back to all certifications
Home/ Consulting Services/ Certifications/ ISO 31000:2009
ISO 31000:2009

A common language and framework for managing risk across your entire organisation — not just the risks your auditors look for.

ISO 31000 provides principles, a framework, and a process for risk management that can be applied to any organisation, at any level. It doesn't prescribe a one-size-fits-all system — it provides the structure to build one that works for how your organisation actually operates.

Book a Gap Assessment
What It Covers

The scope of ISO 31000:2009

  • Risk identificationSystematically identify risks across strategic, operational, financial, compliance, and reputational dimensions — not just the obvious ones.
  • Risk analysis and evaluationAssess the likelihood and consequence of identified risks and prioritise them against your organisation's defined risk criteria and risk appetite.
  • Risk treatmentSelect and implement appropriate treatment options — avoid, mitigate, transfer, or accept — with clear ownership and monitoring for each.
  • Monitoring, review, and reportingEstablish the processes that keep your risk picture current, surface emerging risks early, and communicate risk status to those who need to act.
Why It Matters

The business case

01
Build decision-making on real risk intelligence

Organisations with mature risk management make better strategic decisions — because they understand what could go wrong and have planned for it.

02
Satisfy board and investor expectations

Boards, investors, and regulators increasingly expect formal enterprise risk management. ISO 31000 provides the framework that satisfies their scrutiny.

03
Prevent costly surprises

The organisations that suffer most from unexpected events typically have the weakest risk management processes. A structured approach reduces frequency and severity.

04
Integrate with other management systems

ISO 31000 principles integrate seamlessly with ISO 9001, ISO 14001, and ISO 45001 — strengthening risk-based thinking across your entire management system portfolio.

How We Get You There

The certification journey

Most firms hand you a document pack and leave. We stay with you from gap assessment through certification — and beyond.

1
Gap Assessment

We audit your current operations against the standard's requirements and show you exactly where you stand.

2
System Design & Documentation

We build your management system — policies, procedures, process maps — tailored to how your business actually works.

3
Implementation & Training

We work alongside your team on the ground to embed the system into daily operations and train your people to own it.

4
Internal Audit & Review

We run a full internal audit cycle, close any gaps, and make sure you're ready before the certification body arrives.

5
Certification & Beyond

We support you through the certification audit — and stay available for surveillance prep and continuous improvement after.

25+
Successful certifications supported
92%
First-attempt pass rate
Industries served
Financial ServicesGovernmentHealthcareConstructionManufacturing

Ready to get certified?

Book a gap assessment and we'll show you exactly what it takes.

Book a Gap Assessment