ISO31030 and Certification: What Organizations Need to Know

In today's global business environment, protecting employees during business travel is more critical than ever. ISO31030:2021, the international standard for Travel Risk Management (TRM), has emerged as a vital framework for organizations looking to enhance their TRM practices. But there’s often confusion about certification—let's clear that up.

Understanding what ISO31030:2021 is all about 

ISO31030 serves as a comprehensive guide for organizations to

  • Develop and implement effective travel risk management programs 
  • Meet duty of care obligations
  • Protect employees during business travel 
  • Identify and address organizational and traveller needs 
  • Protect the organization’s assets while travelling 
  • Enhance the performance of the Travel Management programme 

The standard offers experienced travel risk and security managers a valuable benchmark to test and improve existing processes. It also provides a structured framework for organizations starting from scratch, helping them build a robust TRM program that can deliver value immediately and grow and adapt to the organization’s needs. The structure and detail it provides specifically address the business travel sector, and the standard helps the Travel Manager identify and address the risks to the traveller and, importantly, the organization. ISO31030:2021 is based on the world’s most influential risk management standard, ISO 31000:2018. This also means it easily fits into your current working practices, complements existing risk management programmes, and seamlessly interacts with Security, Information Security and Health and Safety programmes. 

 

By adopting the standard, you will not only improve your Travel Management programme for travellers but also add to the organization’s security and resilience. The cherry on top is that the standards approach helps manage costs, can increase the overall value gained from business travel, and demonstrates to stakeholders, including the Courts, that you take ‘Duty of Care’ seriously.   

 

ISO 31030 improves travel management, keeps people safer and happier, and helps you deliver better performance for all stakeholders. 

 

ISO and the Certification Question 

Here’s what you need to know about ISO31030 certification.  It can get a little technical, but bear with me! 

 

Firstly, let’s cover the basics: who is ISO? ISO, the International Organization for Standardization, brings global experts together to agree on the best way to do things — from making a product to managing a process. As one of the oldest non-governmental international organizations, ISO has enabled trade and cooperation between people and companies the world over since 1946. The International Standards published by ISO serve to make lives easier, safer, and better. 

 

ISO31030 is an International Standard (IS). It is recognised around the world and has the weight and credibility of the world’s largest standards body behind it, and now you.  ISO comprises around 170 member countries, and the standards produced truly provide relevant good practice guidance that underpins global trade.     

 

Broadly speaking, standards come in three general types. The first two are International Standards (IS) and Management Systems Standards (MSS). There are also a number of other publications that are generally less formal, such as Technical Reports and Specifications and Handbooks. ISO members can propose new standards activities to a technical committee, which is then balloted across the membership.  

 

International Standards (IS) are intended to provide good practice guidance on a subject area that is clearly defined in the standard’s scope. For ISO 31030, this is Travel Risk Management.  While there is a clear framework within the standard, with tons of advice and guidance, users are free to select how they implement the standard based on their needs and level of maturity or experience. International Standards are, by their very nature, designed to help improve your processes and performance. Flexibility is built in, enabling you to grow and develop your programme as needed and in line with your available resources.  How we developed ISO 31030 allows organizations to benchmark or perform a GAP analysis efficiently to quickly see where improvements can be made to current activities or where necessary capabilities may be missing.  From my experience, most travel managers have a decent proportion of the basics in place, especially relating to booking and purchasing, but often lack the broader capabilities needed to meet the Duty of Care. There can also be gaps around incident response, information security, and healthcare that often end up causing serious issues.    

 

The guidance offered by ISO 31030 allows for a pretty adaptable approach across the activities and processes you use.  

 

When you use a guidance standard, you get to choose what elements to apply and why. It is mainly for internal use, and while you can check or ‘audit’ the programme, the baseline is largely based on what you have decided is important.       

Generally speaking, a Management System Standard (MSS) is different. It can provide some of the flexibility of an IS, but its focus is more on ensuring processes work as intended and performance is as expected. A formally defined ISO assurance process can be used to check what is happening in the real world and that it meets the organisation’s expectations.        

  

Standards like ISO 9001, ISO 45001, and ISO 27001 are great examples of the MSS approach to standards. By using MSS standards, organizations can improve the quality of their products and services and provide evidence to a wide variety of stakeholders that they are meeting the expectations laid out in each standard. Many choose to certify their processes not to gain a simple piece of paper but to confirm that they can be trusted to deliver for customers time after time. In some markets, certification can almost be mandatory.  

 

While many seek formal certification, others choose not to certify and instead use the MSS as a powerful management tool that provides similar benefits without the extra effort needed to obtain it.   

 

There is a quick point that needs to be made. ISO does not perform certification or issue certificates, nor permit anyone to use the ISO logo in connection with certification. Certification is performed by external certification bodies, thus a company or organization cannot be certified by ISO.    

  

Independent certification bodies (CBs) certify ISO management system standards. These bodies are accredited by the International Accreditation Forum (IAF) members to be internationally recognized.  

Any service provider claiming to offer such certification should be transparent that any ‘certification’ offered is not from ISO. What is much more likely is that an individual service provider is offering a confirmation document that they have worked with you in some way.  I would advise treating any claims around certification sceptically until they can confirm their IAF status or properly demonstrate their skills and experience fully map onto all of the areas covered by ISO 31030. If they suggest they can help with specific travel-related issues like accommodation, healthcare or incident/crisis management, check out the details to ensure you’re happy the claims being made stack up and don’t confuse any subset of capabilities as being enough to meet the expectations of the whole scope of the standard. 

Standards are really quite simple. It’s really all about trust, saying what you are going to do, and doing what you say… every time!    

Future Developments 

The landscape is evolving, and based on considerable industry feedback we have received, National Standards Bodies and the ISO Technical Committee (TC262) are actively discussing the future development of standards in the travel management space.  

 

In October 2024, we published ISO 31031, which provides Youth and School Travel guidance. This enabled us to add more specific advice for organizations managing travel for millions of young people for schools, universities, clubs and societies worldwide. This guidance will directly support those who are responsible and accountable for these trips, deliver a better experience, and help avoid some of the tragedies seen over the years from being repeated.  

 

The next steps extend the work and will help even more people and their organizations.    

 

Certification for End Users and Service Providers 

ISO 31030 will remain our primary reference document, but there is considerable appetite from across the sector to introduce a certification option for both end users, typically employers, and service providers, i.e. those organizations you rely on to deliver specific services to your organization and your travellers as part of your travel management programme.  

 

As a result, proposals have been developed and reviewed and are now being processed to start developing two additional standards that will deliver certification options for users (usually employers) and service providers covering a broad range of travel-related services.  

 

These standards will closely mirror the content of ISO 31030 and possibly ISO 31031 but will be written from the outset as a Management System Standard (MSS).   

 

Once completed, these standards will help the travel sector develop real improvement and transparency in the quality and reliability of processes and related services. They will also significantly help prove that organizations are meeting the Duty of Care when managing travel risk. Last but by no means least, we believe there will be considerable opportunities to improve the efficiency of the market’s operation, which, over time, will deliver significant value across the whole sector.     

 

What can Organizations do now? 

The first thing is to look at your current travel management process to assess if they really are fit for purpose or if you are just managing a booking system. Every organization has a ‘Duty of Care’ to its people and needs to manage other risks when people travel for work, but all too often fail to deliver what the people and the business need.  A quick search will show you just what the consequences of this mindset are, and the consequences are not to be underestimated.   

 

You can make progress immediately by using ISO 31030 and getting involved in some of the excellent industry initiatives that are springing up, such as the Travel Risk Academy. By working with experts and colleagues in the field, you will quickly realise that these standards aren’t about making more work (or worse—red tape) but rather about helping you and your organization work much better.  

 

You can start making a difference now, and even though certification isn’t yet fully available, organizations shouldn’t wait to implement ISO31030’s principles. Here’s what you can do: 

 

  1. Use ISO 31030 as a Framework: Adopt ISO31030 as the guideline to benchmark and assess your current practices 
  2. Focus on Implementation: Concentrate on developing effective risk management strategies that work for your organization 
  3. Prepare for the Future: Align your practices with the standard now to be ready for potential future certification opportunities 
  4. Look for Opportunities: Identify areas that can be improved or made more efficient and build these into your development plans 
  5. Continuous Improvement: Use the framework to review and enhance your travel risk management program regularly 
  6. Build Experience: Start looking at the needs, skills and capabilities you have and think about how you might need to develop or extend them 

When the new standards are published, spend some time looking at them, and maybe you’ll see that you and the organization are ready to optimise and transform your Travel Risk Management!  

 

Leave a Comment

Shopping Basket
Scroll to Top