Last Week to Comment on ISO31000 Risk Standard

Update 19/4/2017 09:50 UTC: The link to the draft ISO31000 risk standard is broken! For some comedic analysis of how risk-standard-promoter G31000 took a risk and broke some rules, then read the additional notes at the bottom.

Well done for reading this far. Seriously, I see the web stats so I know how many readers will have glanced at the title, decided it holds no interest for them, and so moved on to another topic. That is why you are uncommonly smart. You know that ISO31000 is the world’s leading standard for enterprise risk management (ERM), that a good grounding in the fundamentals of risk management provides essential context for many other specific disciplines, and that downloading a review draft is a great way to get a free copy of an almost-finished standard even if your business is too cheap to pay for the official final version. If nothing else, you realized the recurring problem of people using inconsistent interpretations of words like ‘risk’ or ‘control’ is best solved by you adopting the definitions given by a global standard written by the global team of a global standard-setting body (or you could do what some cheapskate telecoms pseudo-experts do, and write your own definitions for free, then demand the rest of the world adopts it).

The original ISO31000 ERM standard was published in November 2009. Now a team of experts from 68 countries has delivered a revised draft, and made it available for public comment. You can download the draft from here. The users of the standard are encouraged to share comments and suggestions. One way to do so is via G31000, a separate organization that promotes the use of the ISO31000 standard. G31000 will collate and forward any feedback they receive by 25th April. They have a simple web form where you can leave comments on any aspect of the ISO31000 draft.

Or you can do what other people do, by ignoring the most widely used risk standard in the world, writing your own risk standard without any help from others at a time you find most convenient, then persuading some cheesy phony-baloney telecoms-only institute to adopt it because they have literally no other members who care either way. Then you will have absolute freedom to tell your boss whether your telco is or is not compliant with the standard that you wrote. But if you ask me, that is not what a serious professional would do. Keep it a secret, but serious telecoms risk professionals find out what is happening in the world outside their window by reading Commsrisk, and that includes reading the posts with the really boring titles. Well done for being one of them!

Update 19/4/2017 09:50 UTC: So, you snoozed and you loozed (that rhyme does not work so well in the past tense). Michael Lazarou wins the prize for most alert reader this morning, checking the link in the article and finding it was not only broken in the sense that it did not work, but it also broke Google’s terms for using their Google Drive document sharing service. So what went wrong? I am speculating a little but it is a safe bet that:

• G31000 is a separate body from ISO that describes itself as “…The Global Institute for Risk Management Standards. The Global Institute is an international not-for-profit organization incorporated in Paris, France since 2009 for the purpose of promoting the ISO 31000 risk management standard worldwide.” Hilariously, it seems they violated ISO’s copyright by freely sharing the draft on the internet, using Google Drive to do so.
• ISO complained to Google.
• The oh-so-pious people who run Google – an organization that tests the limits of the law whenever it can – took the document down because it violated the relevant clause about copyright infringement in their terms. Readers will have to wait until next week for that joke to develop further – I have an article about how Google interprets their own terms, and whether they do a good job.

For me, this could not be funnier. It combines many of the struggles that Commsrisk deals with on a regular basis: copyright infringement on the web and people not knowing (or choosing not to know) the rules, abuse of a cloud service where the provider will find it hard to police the service themselves, and a breakdown of risk management leading to reputation damage! It also shows that one major issue with ‘standards’ is that the cost of developing them ends up creating barriers to using them in practice – in this case because ISO wants to charge people just for reading a draft.

My apologies to anyone wanting to download the new ISO31000 draft, but now it seems you will need to go to the official ISO website (or the sites of one of their partner organizations) and purchase it. But if you want some fun here, feel free to debate the following: should a professional like Eric Priezkalns delete the draft he obtained for free? Or should Commsrisk be a bit quicker when publishing links like this in future?