Frequently companies only have themselves insured against the common and known hazards or risks and meet legal requirements. Many hazards or risks often will not be considered. In February 2018, ISO 31000:2018 (Risk Management) was put into force. ISO 31000:2018 integrates risk management in all business activities. This ranges from establishing corporate strategy to operational implementation in the individual process steps. The new standard does not turn risk management into yet another management system but introduces the perspective of hazards and chances into both strategic management and operational implementation.
- Risk and safety management means to anticipate coincidence by means of a systematic approach
- Well-aimed and systematic prevention is the best way to protect the company in order to avert damage done to the company and to increase the opportunity of making higher profits
- If vulnerability and avoidable hazards are detected, this yields advantages for each company
- The assessment will be carried out by an accredited Certification Body with qualified auditors
- Early warning is possible
- Integration in management systems existing within the company is possible
Assessment acc. to ISO 31000 as well as the Risk Scans can be conducted in combination with a quality, environmental or safety management audit or implemented independently from auditing services.
ONR 49001:2014 Certification (not accredited)
ONR 49001 is based on ISO 31000 and represents its implementation in practice. This risk management audit is correspondingly practice oriented. The single clauses of ONR 49001 will be reviewed at the audit objectively. Afterwards the relevant results will be available in an audit report. The term of “risk management” acc. to ONR 49001 includes all uncertainties and impacts on the objectives and targets, activities and requirements of an organization.
ATTENTION: ONR 49001:2014 will soon be revised on the basis of ISO 31000:2018 and will probably be published in the second quarter of 2019 as ÖNORM 4901. Quality Austria is represented in the standardization committee and accordingly has all the information in the customer's interest quickly and on time.
ISO 31000:2018 Audit (not accredited)
ONR 49001 is based on ISO 31000 (green text in ONR 49001) and represents its implementation in practice. This risk management audit is correspondingly practice oriented. As ONR 49001 is based on ISO 31000, the ONR 49001:2014 Audit will simultaneously refer to ISO 31000:2018.
Combination of ONR 49001:2014 Certification and ISO 31000:2018 Audit (both are not accredited)
Upon positive completion of the ONR 49001 Audit, you will receive
- a Certificate acc. to ONR 49001
- an Attestation of Auditing acc. to ISO 31000
ISO 22301:2012 Certification (accredited)
ISO 22301:2012 is a framework making it possible to achieve the systematic maintenance of an organization’s operating ability (business continuity). ISO 22301 serves to systematically maintain business continuity. Thanks to Business Continuity Management (BCM), the organization can systematically reduce the number of incidents threatening operation and respond to these incidents in a structured and adequate manner. Thus it can restrict the adverse impacts on the organization. BCM is part of an organization’s generic risk management.
- ISO 31000: Guarantee of a systematic risk management for all industries and sectors
- Risk Scan / Risk Quick Scan: Quickly obtaining a rough overview of the organization
Requirements relating to assessment acc. to ISO 31000
Assessment acc. to ISO 31000, which is conducted by Quality Austria, will be conducted according to an audit plan made together at the site. The assessors are certified Risk Managers or Risk Assessors. The following requirements will be considered:
- identification of conformity to the requirements placed by the standard
- people awareness
- identifying strengths and opportunities for improvement
- identifying hidden chances and risks and hazards
- showing alternative methods and practices
Requirements relating to qualityaustria‘s Risk Quick Scans or Risk Scans
qualityaustria‘s Risk Scans will be conducted together with top management in the form of a moderated self-assessment by experienced assessors at the site. qualityaustria’s Risk Scan acc. to the 10 RCM Method is a company analysis with a holistic approach:
- The company’s risk potential will be analyzed on the basis of the 10 RCM Method.
- Based on the 10 RCM Matrix Checklist, a risk related temperature curve will be made for the company.
At the Risk Quick Scan, 3 priorities from among the 10 RCM main groups will be chosen by the customer. These priorities will be processed completely. The remaining 7 RCM main groups will be covered by 10 key questions each. The Risk Quick Scan will take approx. 4 hours.
The Risk Scan includes complete processing of all the 10 main groups acc. to the 10 RCM Method and will take 8 hours. All documents and records created during the Risk Quick Scan and Risk Scan will exclusively remain at the customer’s.
Risk management can be conducted by companies and organizations independently from the size or sector.
ISO 9001, ISO 14001, ISO 45001 (formerly OHSAS 18001), ISO 55001, ISO 41001, ISO 39001