Introduction

This document is intended to assist those managing and participating in organizational travel. The management of travel risk is a component of any organization’s travel-related activities and should include interaction with stakeholders.

There are many reasons why people travel for their organization. Travelling has increasingly become a common feature of people’s jobs or functions. Consequently, organizations need to meet their duty of care across multiple jurisdictions in different parts of the world.

Travellers, whether international or domestic, can be faced with unfamiliar situations and environments that have different risk profiles to those of their normal location. Road accidents, disease outbreaks, epidemics and natural disasters, as well as conflict, crime (including cyber and information), cyber threats, terrorism and political and socially motivated instability, can threaten the safety, security (including information security) and health (including mental health) of travellers, and can adversely affect the outcome of their travel objectives.

NOTE Unless otherwise indicated, any reference to security also includes information security.

Managing risks for travel to a country where the organization has no local base requires more comprehensive controls than for locations where risk profiles are well known and treatments have already been established. Timeliness and accuracy of intelligence, analysis and advice, including travel warnings, are increasingly important in influencing travel decisions.

Travel risk management (TRM) requires that organizations anticipate and assess the potential for events, develop treatments and communicate anticipated risk exposures to their travellers. Advising and providing travellers with adequate medical and emergency response guidance, security and information security precautions, including challenges to travel logistics, can significantly impact the outcome of disruptive events.

This document provides a means for organizations to demonstrate that travel decisions are based on the organization’s capacity to treat risk using internal resources or with external assistance. Not all travel requires the same level of rigour for risk assessment and management. Although this document provides a comprehensive set of risk treatment options that an organization can consider, application should be reasoned and proportionate to the risk exposure. This will help the organization and individual travellers realize the opportunities and benefits for which travel is required.

This document proposes that the organization’s overall appetite and acceptance of risk should not take precedence, or be used exclusively, in deciding whether travel is appropriate for security, safety or health reasons.

This document is based on the principles, framework and process of ISO 31000, as illustrated in Figure 1. Travel-related risk presents a specific context and an organization’s existing risk management process can be adapted to reflect this. It is also aligned with the core occupational health and safety management system set out in ISO 45001. As such, elements of this document can assist or inform organizations developing such management systems, but it is not a management system standard.

This document can be used on a standalone basis or integrated within other risk management programmes.

Figure 1 — Principles, framework and process

One of the aims of this document is to promote a culture where travel-related risk is taken seriously, resourced adequately, and managed effectively. And where the benefits to the organization and relevant stakeholders are recognized. Such benefits include:

— protecting personnel, data, intellectual property and assets;
— reducing legal and financial exposure;
— enabling business in high-risk locations;
— enhancing an organization’s reputation and credibility, which in turn can have a positive effect on competitiveness, staff turnover and talent acquisition;
— improving worker confidence in health, safety and security arrangements with regard to travel;
— contributing to business continuity capability and organizational resilience;
— demonstrating the organization’s ability to control its travel-related risks effectively and efficiently, which can also help in lowering its insurance premiums;
— providing assurance to business partners, thus banks and investors will be more willing to finance its business;
— enabling the organization to meet customers’ expectations in terms of the security and stability of their supply chain;
— increasing general productivity;
— contributing to meeting the sustainable development goals by strengthening the social dimension of sustainability.

In this document, the following verbal forms are used:

a) “should” indicates a recommendation;
b) “may” indicates a permission;
c) “can” indicates a possibility or a capability.

Information marked as “NOTE” is intended to assist the understanding or use of the document.

“Notes to entry” used in Clause 3 provide additional information that supplements the terminological data and can contain provisions relating to the use of a term.

BS ISO 31030:2021

Travel risk management. Guidance for organizations

Current

Published:

30 Sep 2021