Guest column
Getting to grips with ISO 31030

By Xavier Carn, vice president and security advisor, security services, International SOS

Xavier Carn

Xavier Carn, vice president and security advisor, security services, International SOS

Xavier Carn, vice president and security advisor, security services, International SOS

In September 2021 the new ISO 31030 standard providing guidance around travel risk management was introduced. This standard aims to help organisations all over the world manage their workforce travel risks, something that has become increasingly complex in today's Covid-affected travelling environment.

So what exactly is the new standard? The ISO 31030 standard has not come out of the blue. In many ways, it follows preceding guidance such as the British Standard Institute's PAS 3001 Code of Practice, which was introduced in 2016 and applied to the UK only.

Using this guidance as a base, the ISO 31030 standard has been developed between 2018 and 2021, drawing on significant expertise of professionals from across sectors, NGOs and international organisations from all over the world.

All of this expertise has produced an informative description of the processes and tools that organisations should look to embrace when considering how best to protect travelling employees.

Notably, the standard includes four distinct areas that travel or risk managers can consider:

Scoping the context of international travel risk management - helping an organisation define its risk criteria

Building a travel risk management process - providing guidance to help organisations identify, analyse, evaluate and manage the risk affecting travellers

Journey and operational management - which includes practical steps that organisations should take to:

  • prepare travellers - including training, compliance processes and establishing communication channels
  • implement controls - such as booking/approval systems, as well as destination monitoring
  • manage incidents - creating tools or systems which highlight how to notify travellers or activate a crisis response

How an organisation can record and report on its travel risk management policy, with the aim of improving its resilience over time

All of this guidance and information can be very valuable to companies of all shapes and sizes - in no way is the standard just aimed at multinational corporations or NGOs.

In fact, the standard arguably applies to any organisation that has responsibility for keeping employees safe and meeting duty of care responsibilities when they are travelling. And this doesn't only include direct employees, but also volunteers or contractors, sub-contractors, long term assignees, students and families - so a very wide scope of organisations should be included when considering where the ISO standard should apply.

In terms of which functions should be responsible for responding to the standard, there are several that are clearly going to be more involved with adopting some of the best practice that it recommends, namely: travel managers, risk managers, medical and security directors, and HR directors.

The involvement of these functions is clearly due to the fact that they are so much more likely to be involved in organising international travel for employees, or at the very least considering the safety and risk implications of any travel that is required. Fortunately for anyone involved, the standard is written in language that should be accessible to non-experts, providing them with a clear roadmap for implementing a travel risk management plan within their organisation.

For those organisations that do look to implement the standard, we'd expect it to help manage various situations that their employees might face, such as:

  • Informing employees of the organisation's travel risk management policy
  • Sharing information on medical and security risks with employees, as well as advice around risk mitigation prior to travelling  
  • Being able to locate employees potentially impacted by a medical or a security situation
  • Being able to assist employees faced with an incident or crisis on the ground

While the theory is a good starting point, many organisations are understandably keen for practical support when it comes to adopting the standard.

This is where the input of risk management specialists comes into its own. Many, like International SOS, offer a variety of training resources which organisations can access if they're looking to implement the ISO 31030 standard.

Corporates might also like to consider conducting a gap analysis to compare existing travel risk management policies and the ISO standard.

More generally, we'd expect that medical and security experts would need to become more familiar with the standard quite quickly, particularly when considering that business travel is likely to return in greater volumes in 2022.

For those experts looking to demonstrate their knowledge and their organisation's compliance with the standard, it's important to keep in mind:

  • There is not yet a certification body, however it is clear that the guidance will be examined and used by courts as a benchmark in future litigation;
  • Organisations/travel managers can demonstrate compliance with the standard by setting up a travel risk management policy drafted by their key stakeholders responsible for international travel, and by communicating this to their employees;
  • Ideally, this will compare favourably with the maturity model presented in the ISO 31030 standard

While the ISO 31030 standard is fantastic in providing the detailed guidance for organisations looking to implement suitable travel risk management policies, it's important to remember that the best thing they can do is be proactive, and remain aware of the risks that travellers might be exposed to.