ISO 31030 - NEW travel risk management guidance for organizations
Travel Risk Management ISO 31030 Affects Corporate Travellers in Hotel, by Stefan Vito Hiller. Sky Touch Global. November 2021
The International Organization for Standardization (ISO) released in September 2021 a new standard for Travel Risk Management (TRM). ISO Standard 31030:2021 is based on standard 31000:2018 Risk Management principles. It was developed to help and guide commercial organizations (corporates), charitable and not-for-profit organizations, governmental organizations, non-governmental organizations, and educational organizations (universities, schools, etc.) to provide better safety & security for travellers within their organization.
Travellers, particularly corporate travellers from overseas, can be exposed to different foreseeable and unforeseeable risks, depending on the destination. The risk can include natural disasters, political conflicts, pandemics, accidents, petty crime, terrorism, kidnapping, cybercrime, limited access to medical support, logistical issues, etc. On the other hand, employers already have a duty of care for the people who work for their organization.
A game-changer or just another compliance piece in the corporate world?
To mitigate avoidable travel risks, organizations are asked to take a new approach in mitigating risks, which requires collecting or using validated information to meet the duty of care requirements. Gathering correct and reliable information can be a challenging task (even for government agencies), which contains a lot of blind spots for the organization because the baseline of what is considered an acceptable level of safety & security is from country to country different, and it can change instantly. Because the entire hotel sector is very diverse and every hotel chain developed its own standards because they have never been any global hotel security standards, each hotel company developed its own risk mitigation strategies. However, this and the Crime Prevention Through Environmental Design concept is different at every hotel property. The quality of each strategy can also vary from hotel to hotel and also from country to country, depending on the local circumstances and capabilities. Because of those differences, there is no formula that can be applied to all hotels, and therefore, individual assessments will be necessary. That is basically the core message of this new framework.
The entire pre-selection process of which hotels are considered safer than others bother Travel Risk Managers the most. It has been tough in the past to identify a hotel and determine if it is compliant with the current travel risk management guidelines, and this happened in the past only on paper.
“Simply put, the processes put in place in the past now need to be reassessed to ensure that business travel does not hide hidden risks that lie beneath the surface.”
Travel Risk Managers are encouraged to review their processes, especially now. Also, COVID safe protocols will need to be verified and cannot be based on a self-assessment and self-audit by the hotel anymore as it is not considered any longer credible.
The same applies to hotel security management, but the good thing is that the standard remains compatible with other external risk management programs. Once travel industry is back in business, it will not be long until organizations are going to also ask hotels if they are certified in ISO 31030:2021. But here is the issue, since COVID, many large companies had to let go of their Travel Risk Manager/s because there weren’t many travel activities. So, it is going to be very interesting how this will actually progress.
The new ISO Standard says explicitly that “Timeliness and accuracy of intelligence, analysis, and advice, including travel warnings, are increasingly important in influencing travel decisions.” What was the expectation for years is now a standard but to its full extent of the already existing broader Risk Management framework 31000. This sets a new baseline for the hospitality industry, which includes accommodation. Time will tell if this standard is really feasible, but it is, in my opinion, a good start and also a new quality in risk management as it puts safety & security in hotels into a new context, and it raises the bar!
To make travel or hotels safer, organizations can apply different risk treatments, which can be downloaded on the ISO website. It suggests that the treatments first of all need to be seen what is within the organization’s capacity and secondly in the context of the threat level. It is also to mention that the new standard does not apply to leisure travellers at the moment and it purely caters to organizations.
While comprehensive controls and risk treatments have already been established at some destinations, safety & security for travellers might be a little slack and less effective elsewhere. The new standard suggests methods of preparing for travel and what should be considered in the future. This forces the hotel industry to take a new approach and help its customers meet their legal requirements. This can be done by getting, for example, audited in 31030:2021, which is applicable for Safety & Security related travel risks.
Regarding COVID, ISO also has the 45005 for COVID Safety, and it is part of ISO 45001 Occupational Health & Safety ISO family. It can help hotel chains to close the gap and be competitive. I think now is the time for corporates but also hotels to familiarize themselves with what will most likely change the way we pick our hotel in the future. It certainly pushes organizations in the responsibility and the need to revisit their entire processes as they have a moral obligation and legal requirement in most countries to protect their employees. They are obliged to protect them from any hazards and threats already. Organizations must advise and provide travellers with adequate medical and emergency response guidance, security, and information security precautions, including instruments to respond to challenges to travel logistics.
It is a new baseline that will significantly affect safety & security in the accommodation sector. However, it also creates an opportunity for the Safety & Security industry to develop solutions that cater to organizations and travellers considering the overall risk appetite and acceptance of risk.