Navigating ISO 31030
Getting started with ISO 31030 can be a daunting prospect. But it need not seem like a mountain to climb and most organisations will already have many of the components in place.
Understanding the inter-relationships between your policy, stakeholder engagement and regular reviews are key to achieving an agile and effective travel risk management programme.
Plan your road map and goals. Articulate your response to these questions before engaging management:
- Why are you doing this and what is the objective?
- Where is your organisation now and where are the gaps?
- Who are essential stakeholders to help achieve this?
Are senior management committed to travel safety and duty of care?
Excellent. Few bosses would openly state they don’t care but demonstrable commitments to safety and staff wellbeing, support for your goals and activities are paramount to success.
You’ll have some convincing to do before embarking on the ISO journey, probably starting with discussions with legal and finance about the dangers of neglecting risk management!
Have you identified the key internal and external stakeholders who contribute to your travel management programme?
Great. Is this documented and when was it last reviewed? Are points of contact tested and is this easily available to staff? Does this document not only who, but what each role is responsible for?
IT asset registers or HR organisational charts can be useful available templates for how to identify and record the stakeholders. ISO 31030 gives a great overview of some of the key stakeholders to consider. Speak to frequent travellers and gauge their feedback too.
Do you have a travel management policy?
Bravo. Like the stakeholder mapping, check it was updated in last 12 months and ensure you record updates for auditing purposes. Is it fit for purpose in a pandemic world with high rates of remote working? Make sure the policy is accessible, agile and that any changes are clearly communicated to staff. VITALLY, check your policy reflects your insurance coverage and any exemptions are clearly stated here, with designated procedures in place.
Ok, this will be something you should work towards in the months ahead. But before embarking on this, get senior managerial approval (they will need to sign it off) and commitment from stakeholders who will participate (including legal and insurance). The four-stage guidance that ISO-31030 provides on developing a travel risk management programme is really useful here. And remember, it doesn’t all need to be done at once!
Does your travel policy include procedures for risk assessment, booking and authorisation, communication and monitoring of travellers? Have risk tolerances/thresholds been defined?
Bravo again. Bear in mind, however, that this isn’t everything that a policy should contain. Risk tolerance should not solely be based on destination risk or insurance cover and will differ for every organisation. In some cases, the definition is less important than the review and authorisation process that accompany a decision.
Start by considering your policy first from the user’s perspective and what they need to take from it. Working with legal and insurance, consider what must be included and identify what activities fall outside of standard travel and necessitate a separate authorisation process. The policy can guide a process but does not need to be a detailed description of every stage of travel; if it’s too long, people won’t engage. Visualisations like flow charts can help here.
Do your crisis management or staff training exercises “stress test” your travel management programme?
Excellent. Training can help build up competence and contribute to overall organisational risk reduction. It does not make you immune from any risks but can importantly reduce exposure, ensure compliance, and help preparedness in the event of an incident. Training exercises can expose gaps not documented in policy; for example: how to obtain emergency details for a staff member out of hours, or who are the individuals that make up a crisis management committee.
A documented travel management programme is somewhat redundant if not regularly reviewed and tested. It should be integrated with your crisis management operations and outline escalation procedures in a number of crisis scenarios.
Do you record incidents, trends and share lessons learned from returning travellers?
Many organisations record accidents or near misses but fewer effectively share lessons learned. A process for effective and efficient reporting and dissemination of lessons learned that encourages staff participation can be really valuable. See your travel management programme as a continually evolving collective exercise rather than just a static task.
Efficiently capturing staff feedback on incidents, destination security or global service providers is a real challenge but the benefits of developing a peer-to-peer reporting process are considerable and will help boost organisational safety culture. More accurate data on your travel activities, incidents and suppliers will considerably help overall risk management in your travel programme.
Still unsure where to begin? Get in touch to discuss your travel risk management needs.
Upcoming RiskPal articles on ISO 31030:
Learn how security and health and safety managers can navigate sensitive data related to protected characteristics in risk assessments, and how RiskPal can help ensure privacy and compliance.
Learn how to protect your remote workforce with a comprehensive security management program. Explore the risks digital nomads face and the steps to mitigate them.
Traveling during protests or political unrest? Learn how to navigate disruptions and protect yourself while on the go.