How the ISO 31030 Framework Enhances Travel Safety and Business Resilience
How do you know what your travel program is missing without a benchmark? Your traveling employees’ safety shouldn’t be left up to guesswork. Enter: ISO 31030, travel risk management standard.
Nearly three years after the onset of COVID-19, business travel is still vastly different than it was before the pandemic. The United States had 229 million business travelers in 2021—almost 25% more than in 2020, yet less than half of the total from 2019. While COVID-19’s risks are receding thanks to advances in vaccines and treatments, new corporate travel hazards are continually emerging.
Going forward, safety leaders have a new tool in their arsenal to protect their employees—ISO 31030. Released in September 2021, it’s the first international standard for travel risk management (TRM). In this article, we’ll outline the new standard and cover how your company can integrate it into your TRM plans and procedures.
What Is ISO 31030?
Developed over the course of four years by the International Organization for Standardization, the new ISO 31030 is a comprehensive standard for managing travel risk. It’s based on the more general risk management principles of ISO 31000 and follows much of the same framework.
Companies have always had a duty of care to business travelers. But in the past, there was no standardized approach to travel management. Organizations developed their own plans and processes, but the need for external standards created gaps in risk management strategies.
ISO 31030 fills that void by providing end-to-end guidance on best practices for protecting people and ensuring business continuity, including
- Policies for travel planning and authorization
- Traveler assessment
- Evaluation of transportation options
- Destination and accommodation hazards
What are the benefits of adhering to ISO 31030?
Travel risk management is a complex field, and having a benchmark to work against better enables your company to identify gaps in your plans. It also helps establish internal frameworks you can rely on as your company grows, expands, and travels to new locations with which you’re less familiar.
By standardizing your travel risk management policies, you don’t just take the guesswork out of keeping your employees safe. Your company also will also be able to
- Protect your company’s personnel, assets, and data
- Facilitate doing business in high-risk locations
- Improve operational continuity and resilience
- Increase employees’ willingness to travel by ensuring their health and safety
- Enhance your organization’s reputation and credibility with current and future employees, clients, and vendors
- Limit legal and financial liability through documented compliance with international standards
- Reduce insurance costs by demonstrating more robust risk management
- Promote sustainable business growth by ensuring the company can do business in a wider range of locations
Download Our Business Travel Safety Guide
What are the limitations and challenges?
While ISO 31030 is a big step forward for corporate travel safety, it has limitations. As with any standard, ISO will amend, expand, and redevelop it over time.
One of the most significant limitations is that ISO 31030 is currently classified as a set of guidelines rather than requirements. This creates gray areas around legal liability, accreditation, and compliance. While liability questions vary heavily by jurisdiction, most experts believe that attempting to comply with ISO standards—even when they’re just guidelines—reduces a company’s legal exposure.
The other primary challenge in implementing ISO 31030 is its comprehensive and abstract nature. Its flexibility is remarkable as a framework that can fit companies of any size in any industry. But businesses will need to dedicate resources to integrating it into their policies. For smaller companies, the sheer scope of the processes might be intimidating. At larger organizations, aligning all key stakeholders—including HR, accounting, operations, and security—can be a time-consuming ordeal.
How to Implement the ISO 31030 Framework
As mentioned, ISO 31030 is suitable for companies of any size, in any industry, and with any scope of global travel. While that breadth might seem daunting, integrating it into your travel risk management strategy is manageable as long as you have a process.
Let’s go through each of the critical steps to cover in your planning.
1. Understand your company’s operational context
The first step is to understand all factors that will impact travel-related risk management. Known as operational context, this includes both internal and external factors.
Internal factors tend to be easier to address since your company has more control over them:
- Your organization’s industry, mission, and internal culture
- Scope and frequency of travel activities
- The backgrounds, skills, and health of employees who will be traveling
- Internal resources dedicated to managing travel risk
- Company policies, strategies, and approval processes for travel
- Intellectual property and tangible assets that employees will travel with
External factors are more varied but critical to get a handle on, as they can have a tremendous impact on your employees’ safety:
- Political and socio-economic conditions at their destination
- Reliability of infrastructure, including transportation and telecommunications
- Availability of local medical resources
- Security and quality of accommodation options
- Susceptibility to natural disasters such as hurricanes, tornados, or earthquakes
- Commercial and immigration regulations that could impact business trips
- Cultural or religious differences
- Effectiveness of local law enforcement
- Outbreaks of infectious diseases or viruses
2. Develop risk assessment processes
Once you’ve collected data, you can build out your risk assessment process. At this point, the goal is to discover all potential risks business travelers might face.
The threat assessment process has three components:
- Risk identification: Start by identifying all hazardous (and potentially hazardous) conditions. While some risks will be obvious—like an ongoing civil war—many are situational. For example, employees can face different levels of risk depending on their gender or race. In other instances, hazards can be temporal—an employee traveling to Buffalo, NY, in January has a higher risk of weather-related injuries than one going to San Diego, CA, in May.
- Risk analysis: Next, analyze the potential hazards. Who is at risk, and how likely will a negative outcome occur? For example, sending an employee into an active war zone would be high risk, while a trip to an island with a volcano that erupts once every few centuries would be much lower risk.
- Risk evaluation: Lastly, contextualize the hazards against the benefits of following through with a trip and decide on an acceptable level of risk. Following the last example, business travel to a war zone to secure a $5,000 contract would be beyond unreasonable. Conversely, sending an employee to a client in a cold-weather region is relatively low risk as long as they’re cautious and the trip has revenue potential.
3. Evaluate risk treatment options
The next step is assessing how to treat or mitigate risks. While some hazards are unavoidable, you can minimize others with proper planning.
There are several ways to reduce travel risks:
- Provide your employees with training and business travel safety tips to cover basic risks
- Ensure that your travel procurement personnel work with trusted vendors
- Whenever possible, use accommodations that are part of the Global Secure Accreditation program
- If you can postpone trips to avoid predictable climate risks—such as hurricane season or snowstorms—consider limiting travel to more ideal times
- Plan carefully for travelers’ medical needs, including access to both standard and emergency care
- Train employees on local regulations and customs
- Keep track of active U.S. State Department travel advisories for your employees’ destinations
- Develop trusted relationships with providers in remote locations for services like personal security and local transportation
- When necessary, handle visa applications and government approvals well in advance to minimize potential problems
4. Leverage monitoring and communication platforms
When your employees are traveling, it’s critical to stay in touch on an ongoing basis. While they’ll no doubt be sending plenty of emails, real-time communications apps are a vital component of travel risk management.
A robust travel safety app should have a few key features:
- Threat monitoring: If the risk profile changes during business travel, your employees need to know right away. These risks could range from road closures and national holidays to terrorist attacks and natural disasters.
- Location tracking: To deliver effective risk intelligence, you need to know exactly where your employees are. A safety app should use GPS to identify your employee’s location and deliver location-based safety alerts that are relevant and actionable.
- Two-way communication: Regardless of the situation, you need a way to communicate with your employees. Under ideal conditions, employees should be checking in periodically. But in an emergency, they need a two-way communication platform to call for help and connect immediately with your company’s crisis management resources.
5. Maintain and review records
Travel risk management isn’t a one-time task; it’s a continuous journey. Your company’s internal context evolves as your staff, operations, or external risks change, and your plans need to evolve accordingly.
The key to refining any process is to maintain, review, and act on data. In the context of TRM, this data-driven approach relies on
- Post-travel debriefs: Any time someone from your company travels, collect their feedback on the trip. Specifically, request feedback on their transportation, accommodations, business contacts, and local conditions. The more data you can collect about where your company does business and how your employees get there, the more thoroughly you can vet and begin to optimize the situation.
- Incident reports: In the unfortunate event that an employee faces a security risk or health hazard, collect as many details of the event as possible. First and foremost, if it’s a situation that calls for an immediate response, like an injury or theft, develop an incident report to expedite the process. In the long run, understanding the events and how they could’ve been avoided will improve your company’s risk mitigation strategies.
- Training and education: Using actual data from your company’s travel records is your most targeted training resource. Use it to develop documentation and supplement webinars or other training materials. Develop tabletop exercises to help employees prepare for travel risks and give them the confidence to respond appropriately.
Elevating Your Company’s Travel Risk Management Plans
Ideally, a business traveler’s worst hazard would be indigestion from overpriced airport food. Unfortunately, most trips involve more risks than that. Whether your employees drive to a client two hours away or fly around the world, they’re counting on you to make their travel as safe as possible.
With the ISO 31030 standard, travel risk management has become a more defined and structured process. Leveraging its principles and framework will allow your company to identify, assess, and mitigate the risks your employees face, and get them home safely from their travels.