ISO IEC 31010-2009 PDF

Full title and description

ISO/IEC 31010:2009 — Risk management — Risk assessment techniques. Provides guidance on the selection and application of systematic techniques for risk assessment as a supporting standard to ISO 31000. It is a generic, non-certification standard intended to help organisations choose appropriate qualitative and quantitative risk-assessment methods for different contexts and decision needs.

Abstract

This standard describes a catalogue of risk assessment techniques and gives guidance on their selection and application within the risk management process (identification, analysis and evaluation). It covers a broad range of methods (from simple checklists and brainstorming to advanced quantitative techniques such as Monte Carlo simulation and Bayesian networks) and explains planning, information management, verification/validation and reporting considerations for assessments.

General information

• Status: Withdrawn / superseded (replaced by the 2019 revision).
• Publication date: November 2009 (Edition 1).
• Publisher: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) — dual-logo publication.
• ICS / categories: 03.100.01 (General — management systems / risk management).
• Edition / version: Edition 1 (2009).
• Number of pages: 176 pages (original publication).

Scope

ISO/IEC 31010:2009 provides guidance to organisations on selecting and applying a range of risk assessment techniques appropriate to their objectives, context and available information. It supports implementation of ISO 31000 by summarising strengths, limitations and typical applications of techniques for risk identification, analysis and evaluation, and by covering planning, data management, verification and presentation of results. The standard is generic (not safety-specific) and is not intended for certification or contractual use.

Key topics and requirements

• Overview of the risk assessment process: planning, scoping, stakeholder engagement and defining decision criteria.
• Guidance on selecting appropriate techniques based on purpose, available data, resources and required level of detail.
• Catalogue summaries of identification, qualitative and quantitative techniques with strengths, weaknesses and application notes (e.g., brainstorming, structured interviews, Delphi, checklists, PHA, HAZOP, HACCP, SWIFT).
• Hazard/failure and human-factor methods: FMEA/FMECA, FTA, ETA, root-cause analysis, cause–consequence and cause–effect analyses.
• Layered and protective analyses: LOPA, Bow-tie diagrams, HACCP and layered protection concepts.
• Quantitative modelling and uncertainty analysis: Monte Carlo simulation, Markov analysis, Bayesian analysis and Bayesian networks, event-tree/fault-tree techniques, sensitivity analysis.
• Decision-support and evaluation tools: decision trees, multi-criteria analysis, cost–benefit approaches, risk matrices, F–N curves and risk indices.
• Requirements for documentation, verification/validation of results, and communication of assessment outcomes to decision‑makers.

Typical use and users

Used by risk managers, safety and reliability engineers, quality managers, project managers, auditors, consultants and regulators across industries (manufacturing, energy, healthcare, finance, transport, food safety and public sector). Typical applications include project risk assessment, safety and hazard studies, business continuity and impact analysis, process safety, and asset/reliability planning. The guidance helps users choose methods that match their context, from quick qualitative screens to detailed quantitative studies.

Related standards

Closely linked to ISO 31000 (risk management — principles and guidelines) and ISO/IEC Guide 51 (safety aspects); replaces earlier guidance such as IEC 60300-3-9. The 2009 edition was subsequently revised and published in the 2019 edition of IEC/ISO 31010 (expanded technique catalogue and increased detail on planning and validation).

Keywords

risk assessment, risk management, techniques, ISO 31000, HAZOP, FMEA, FMECA, FTA, ETA, Monte Carlo, Bayesian networks, LOPA, Bow-tie, decision tree, SWIFT, Delphi, checklists, risk matrix, uncertainty analysis.

FAQ

Q: What is this standard?

A: ISO/IEC 31010:2009 is an international guidance standard titled "Risk management — Risk assessment techniques" that summarises and describes a wide range of methods for identifying, analysing and evaluating risk.

Q: What does it cover?

A: It covers planning and conduct of risk assessments, a catalogue of qualitative and quantitative techniques (identification, hazard/failure analysis, human reliability, probabilistic modelling, decision support), and guidance on selecting and applying those techniques in different contexts.

Q: Who typically uses it?

A: Risk professionals, engineers, project and safety managers, auditors and consultants across many sectors who need guidance on choosing and applying appropriate risk-assessment methods.

Q: Is it current or superseded?

A: The 2009 edition has been withdrawn/superseded; a revised version (IEC/ISO 31010) was published in 2019, which expands the catalogue of techniques and gives more detail on planning, verification and validation of assessments. Organisations should consult the 2019 edition for the latest guidance.

Q: Is it part of a series?

A: Yes — it is a supporting standard to ISO 31000 (risk management principles and guidelines) and is part of the broader family of risk-management guidance and IEC/ISO standards and guides (for example ISO/IEC Guide 51 and other normative documents referenced in the standard).

Q: What are the key keywords?

A: Risk assessment, risk techniques, qualitative methods, quantitative methods, uncertainty, hazard analysis, failure analysis, decision support, ISO 31000.