What is ISO 31000?
ISO 31000 sets out best-practice guidance for identifying, assessing, managing, and monitoring risk across strategic, operational, financial, compliance, and reputational dimensions.
Embedded Risk Awareness
Unlike certifiable ISO standards, ISO 31000 is guidance-based, designed to support better decision-making and embed risk awareness into leadership, planning, and day-to-day operations.
The standard helps organisations move from reactive risk management to proactive, risk-based thinking that supports corporate governance and business continuity.
- ✓ Strategic and operational risks
- ✓ Financial and compliance risks
- ✓ Reputational risk management
- ✓ Integrated governance framework
Risk Management Process
Benefits of ISO 31000
Proactive risk management for organisational resilience
Clearer Decision-Making
Risk-informed decisions at all levels of the organisation with consistent assessment methodologies.
Reduced Surprises
Proactive identification and treatment of risks before they become crises or disrupt operations.
Stakeholder Confidence
Enhanced resilience and long-term sustainability that builds trust with investors and partners.
UK Governance Alignment
Supports corporate governance codes, regulatory expectations, and board accountability requirements.
Improved Accountability
Clear ownership of risks with documented frameworks and leadership involvement.
Integration Ready
Integrates naturally with ISO 9001, ISO 14001, ISO 45001, and ISO 27001 management systems.
Who Is ISO 31000 For?
Applicable to organisations of all sizes and sectors
🏢 Small & Growing Businesses
Provides structure without bureaucracy for managing compliance, contracts, and growth risks.
🏭 Large Enterprises
Multi-site organisations needing consistent risk frameworks across divisions and geographies.
🏛 Public Sector
Public sector and not-for-profit bodies facing regulatory scrutiny and stakeholder accountability.
🛠 Service & Manufacturing
Both sectors benefit - service firms manage contractual risks, manufacturers address supply chain disruption.
Frequently Asked Questions
Is ISO 31000 certifiable?
No, ISO 31000 is a guidance-based standard and cannot be certified. However, organisations can demonstrate alignment through independent assessments and integrate its principles into certifiable management systems.
Is ISO 31000 suitable for UK SMEs?
Yes, ISO 31000 is scalable and provides structure without unnecessary bureaucracy. It's particularly valuable for SMEs managing compliance, contracts, or growth-related risks.
How does ISO 31000 integrate with other standards?
ISO 31000 integrates naturally with ISO 9001, ISO 14001, ISO 45001, and ISO 27001, supporting integrated management systems and providing the risk framework that underpins all ISO standards.
What do auditors look for?
Although not certifiable, auditors and stakeholders look for documented risk frameworks, leadership involvement, consistent risk assessment methods, and evidence of review and improvement activities.
How Much Does ISO 31000 Cost?
The cost of ISO 31000 certification varies based on several factors. Some auditors and certifiers adopt charging models based on the project's complexity, company size, and sometimes even the company's turnover.
At Certigence, our pricing is straightforward, calculated by multiplying an agreed day rate by the number of days work. This is based on the work to be done, mitigated by any the company has done already or will be doing internally. This ensures clarity and transparency, giving you a clear understanding of the commitment before the project commences.
We provide a free telephone or Zoom enquiry with one of our auditors to find out enough about your organisation to be able to make a formal proposal without charge or obligation. This allows you to research costs for free before making any commitments!
How Can Certigence Help?
Certigence's extensive auditor network spans the entire UK and has been operating ISO systems expertise combined with industry know-how for over 25 years. This dual proficiency enables them to comprehend your unique needs and translate them into certifier-accepted procedures that genuinely suit your organisation's operations.
Our services encompass full or partial ISO system development and implementation, including GAP analysis and customised internal training to support system functionality. We craft organisation-specific reports tailored to your activities.
Beyond initial implementation, we conduct internal audits, facilitate management review meetings, and offer ongoing maintenance for short, medium, or long terms. Our presence during certification stages, if desired, ensures assessors avoid unnecessary complexity. Furthermore, we offer pre- and post-certification review services to address certifier-raised concerns, reinforcing your ISO system's effectiveness.
Process Overview
Initiation and Assessment Discussion
We engage in a free, no-obligation discussion to understand your existing systems and operations, allowing us to generate a formal proposal.
Work Commencement and Collaborative Development
Upon acceptance, collaborative work commences to create and install systems, involving you and your team to ensure alignment with your needs, your understanding and acceptance of the results and compliance with ISO standards.
Initial Assessment (Stage 1): Ensuring Systems Meet Standard
The certifier reviews that systems cover all relevant parameters correctly. You may choose to have our auditor present during the initial assessment to assist with any questions the certifier may have.
Final Evaluation (Stage 2): Achieving Certification
The auditor ensures internal audit, management review, and training aspects are covered. The certifier conducts the conclusive Stage 2 assessment, verifying operational systems' alignment with Standard requirements. Upon successful completion, you attain Certification.
Why Should You Use a Certigence Auditor?
At Certigence, we match your requirements with suitable auditors based on their industry expertise, proximity, and compatibility. In the event of a auditor's unavailability, a substitute can step in promptly, avoiding project disruptions and re-hiring expenses. Our auditors have often previously worked with certifiers, learning that side of the procedure - facilitating a seamless Certification process.
This commitment reflects in our track record - a 100% first-time certification success rate spanning over 25 years.
Ready to Speak? What Happens Next?
After contacting Certigence, you'll receive an email or a call from the Director or a auditor. Discussions about needs, timelines, reasons, and costs occur. A auditor will directly engage with you to understand your requirements and system alignment. A formal proposal is then presented for your consideration. Charges apply only from that point if you proceed with the proposal.
Build Organisational Resilience
Our risk management auditors will help you implement ISO 31000 principles, improving decision-making and governance across your organisation.