To increase your chances of success in the defence industry, there are some important standards, certifications and accreditations (SCAs) you need to consider. 

ISO 9001 Quality Management System accredited certification is usually mandatory for doing business with defence. For some larger suppliers, AS 9100D or IAT 16949 discipline-specific quality certification is required. Many industries like defence, also require integration of other management system standards such as  ISO 14001 Environmental, ISO 27001 1Information Security, and ISO 22301 Business Continuity and Resilience. 

Managing risk is another key priority. You can do this using ISO 31000  guidance along with ISO 28001  Supply Chain Risk and  the Australian Government Information Security Manual (ISM) 

If you currently use the ISO 31000 guidelines, how do you find them? What areas do you find helpful Are there any areas you think need improvement or changes?


ISO 31000:2018 Risk Management - Guidelines input currently being sought

Following an extensive debate about risk that arose during the two-year review and revision of the ISO Annex SL Appendix 2 and Appendix 3, businesses currently have the chance to input to the Risk Management Guidelines and Risk Assessment techniques (ISO 31000:2018 and ISO 31010:2019)  

Input can be submitted via a quick online survey. The purpose of the survey is to gather information about the strengths and weaknesses of ISO 31000 Risk Management - Guidelines and determine where more guidance may be helpful to help strengthen your business, its management systems and support entry and sustaining defence contracts. 

It will also be used to guide the future work of ISO/TC (Technical Committee) 262 for Risk Management with Jason Brown Thales Australia its chairperson.

The ISO 31000 framework in brief

As a refresher, the six areas of the ISO 31000 framework include:

  • Leadership and communication – Aligning with overall objectives, communication, ensuring adequate resources, determining risk appetite
  • Integration – Integration into your business and decision-making processes
  • Design Plan, implement, measure, learn
  • Implementation – Putting the plan into action, e.g. setting objectives, stages
  • Evaluation – Looking at what is and isn’t working
  • Improvement Continually monitoring and improving 

Finally, what in this ISO 31000 framework is working for you and what have you found challenging to implement within your business processes and certified system?

What changed in the Appendices revision?

The Appendices revisions that led to input for ISO 31000 being sought involved the merging of Appendices 2 (guidance for use) and Appendix 3 (terminology guidance).   

One of the key changes is that the High-Level Structure (HLS) is now called the Harmonized Structure (HS). This has the template for the clauses 1 to 10 for ISO management system writers (MSS). Users shouldn’t copy these to document their single or integrated systems.  Defence ISO Basics will explain this ISO MS requirement.

Possible revision of ISO 9001 – Quality Management

A report for the ISO 9001 (Quality Management) World User Survey from 2020/21 has also been released for the possible revision of ISO 9001:2015. It will be an input to the Defence ISO Basics and Defence ISO Advanced sessions.


If you’d like to share your feedback on the ISO 31000 (Risk Management) guidelines, please complete the quick online survey.
The closing date is 26 July 2021.