Aligning your plans around ISO 31030 with upcoming updates in ISO 45001

There are changes coming in ISO 45001 that are worth the effort to review alongside the rollout of your ISO 31030 Travel Risk Management (TRM) solutions. If you weren't aware, ISO 45001 covers Occupational Health and Safety Management Systems aiming to reduce risks in the workplace and create a safer working culture (amongst other things). There are some cross overs in approach and scope with the ISO 31000 family of standards and are relevant to your ISO 31030 journey. These changes are likely to happen in the next couple of years (most likely 2027) and some of this may align with how you are looking to approach your TRM solutions, technologies and partnerships associated with those efforts. Let's walkthrough some of the areas you should consider ...

I won't go into the depths of either standard, but I want to pull out a few areas that have a larger cross over where you risk technology strategy should consider or start planning for ...

Climate Change and Resilience

The update covers more focus on how these risks, such as extreme weather, affect the working environment. If you have or are putting a TRM solution in place, this is typically covered when it comes to travel destination assessments/advisories and alerting. It would be wise to see how both travellers and workers, affected by the same conditions are managed within the same technology solution. This underlines the shift in thinking from providing a Travel Risk solution and widening that into a more People Risk solution. If climate change and resilience are not currently part of your travel risk approach, it may be wise to combine your risks with other areas of the business.

Mental Health and Psychosocial Risks

Beyond normal workplace and hybrid working patterns, mental health risks can be exasperated on travel, especially when caught up during an incident or crisis. Having ways for your workforce to consistently get help and report whether at work or on travel feels like it should be covered within a single solution. There is a bridge between what is provided within an HR solution and your other worker risk solutions.

Enhanced External Controls

This one is a little more vague, but it looks to bring a tighter control with external workforces and suppliers, but more to TRM this is relevant for external services for worker safety. So, I am thinking the medical and security assistance providers might want to understand how they and their technologies fit into the 45001 compliance model. There needs to be a shift in the TRM space to integrate with other risk solutions to ensure threats to the workplace are also considered when it comes to mitigations, insurance and assistance for travellers.

Leadership and Governance Enhancements

Whether just focused on ISO 45001, you should look to how your overall governance works in context to business continuity and critical event management. These are often very role centric when it comes to responsibilities, whether managed internally or through external assistance providers. The analytics in your future risk solutions (including travel) should be able to provide a business wide picture on expectations in leadership and governance mapped to your overall risk tolerance and mitigations.

Measurement and Monitoring

How many risk solutions do you need across the business that claim they are a 'single pane of glass' only to have multiple reports that show how a single threat affects your people, assets, technology etc. Putting actual measures in place is not often easy. However, your technology may be able to provide mechanisms to set goals and objectives and look at timelines and decisions against those, often part of incident and crisis management auditing. In context to travel risk, you might see this more to your SLAs when incidents are detected, triaged and escalated outside of the effectiveness of your response activities. The effectiveness of your activities and the transition from response to recovery from incidents is something you should look for in any risk solution.

In summary

A major theme in risk technology is 'Converged Risk' that you should take very seriously when it comes to your technology strategy. Replication of risk identification (risk registers and beyond etc.) will hold you back. You need to start working with your risk technology providers to ensure that you are able to see risk across your entire business relating to your workforce, assets, technologies, revenue, supply chains and so on. For the vendors, you either need to widen your view on risk or work with partnerships to create a more consistent journey through risk. As always, let me know your thoughts in the comments or directly message me through LinkedIn.