Subject and Scope:

ISO 31000:2018 standard provides principles and generic guidelines for risk management. The standard can be used by any public, private, or societal enterprise, association, group, or individual.
Therefore, this international standard is not specifically focused on any particular industry or sector.

ISO 31000:2018 standard can be applied throughout the existence of an organization and across a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services, and assets.

ISO 31000:2018 standard can be applied to any type of risk, regardless of its nature, whether it has positive or negative consequences. While this standard provides generic guidelines, it is not intended to promote uniformity in risk management across all organizations.

When designing and implementing risk management frameworks and plans, the specific needs of the organization, its unique objectives, context, structure, operations, processes, functions, projects, products, services, or assets, and applied specific practices should be considered.

ISO 31000:2018 standard is intended for the harmonization of risk management processes in existing and future standards. It provides a common approach to support standards that address specific risks and/or sectors, without replacing those standards.

This standard is not intended for Certification.