ISO 31000 - Risk management

Risks affecting organizations can have consequences in terms of economic performance and
professional reputation, as well as environmental, safety and societal outcomes. Therefore,
managing risk effectively helps organizations to perform well in an environment full of
uncertainty.

ISO 31000:2009
ISO 31000:2009, Risk management Principles and guidelines, provides principles, framework
and a process for managing risk. It can be used by any organization regardless of its size, activity
or sector. Using ISO 31000 can help organizations increase the likelihood of achieving
objectives, improve the identification of opportunities and threats and effectively allocate and
use resources for risk treatment.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for
internal or external audit programmes. Organizations using it can compare their risk management
practices with an internationally recognised benchmark, providing sound principles for effective
management and corporate governance.

Related Standards
A number of other standards also relate to risk management.

ISO Guide 73:2009, Risk management - Vocabulary complements ISO 31000 by

providing a collection of terms and definitions relating to the management of risk.
ISO/IEC 31010:2009, Risk management Risk assessment techniques focuses on risk
assessment. Risk assessment helps decision makers understand the risks that could affect
the achievement of objectives as well as the adequacy of the controls already in place.
ISO/IEC 31010:2009 focuses on risk assessment concepts, processes and the selection of
risk assessment techniques.

ISO 9000 - Quality management

The ISO 9000 family addresses various aspects of quality management and contains some of
ISOs best known standards. The standards provide guidance and tools for companies and
organizations who want to ensure that their products and services consistently meet customers
requirements, and that quality is consistently improved.
There are many standards in the ISO 9000 family, including:

ISO 9001:2008 - sets out the requirements of a quality management system

ISO 9000:2005 - covers the basic concepts and language
ISO 9004:2009 - focuses on how to make a quality management system more efficient and
effective
ISO 19011 - sets out guidance on internal and external audits of quality management systems.

ISO 9001:2008
ISO 9001:2008 sets out the criteria for a quality management system and is the only standard in
the family that can be certified to (although this is not a requirement). It can be used by any
organization, large or small, regardless of its field of activity. In fact ISO 9001:2008 is
implemented by over one million companies and organizations in over 170 countries.
Quality Management Principles

The standard is based on a number of quality management principles including a strong customer
focus, the motivation and implication of top management, the process approach and continual
improvement. These principles are explained in more detail in the pdf Quality Management
Principles. Using ISO 9001:2008 helps ensure that customers get consistent, good quality
products and services, which in turn brings many business benefits.
Audits

Checking that the system works is a vital part of ISO 9001:2008. An organization must perform
internal audits to check how its quality management system is working. An organization may
decide to invite an independent certification body to verify that it is in conformity to the
standard, but there is no requirement for this. Alternatively, it might invite its clients to audit the
quality system for themselves. Read more about certification to management system standards.

Preview ISO 9001:2008

You can preview the freely available sections of ISO 9001:2008 on ISO's Online Browsing
Platform.
To purchase this standard please visit the ISO Store.

ISO 26000 - Social responsibility

Business and organizations do not operate in a vacuum. Their relationship to the society and
environment in which they operate is a critical factor in their ability to continue to operate
effectively. It is also increasingly being used as a measure of their overall performance.
ISO 26000 provides guidance on how businesses and organizations can operate in a socially
responsible way. This means acting in an ethical and transparent way that contributes to the
health and welfare of society.
ISO and social responsibility

ISO 26000:2010
ISO 26000:2010 provides guidance rather than requirements, so it cannot be certified to unlike
some other well-known ISO standards. Instead, it helps clarify what social responsibility is,
helps businesses and organizations translate principles into effective actions and shares best
practices relating to social responsibility, globally. It is aimed at all types of organizations
regardless of their activity, size or location.
The standard was launched in 2010 following five years of negotiations between many different
stakeholders across the world. Representatives from government, NGOs, industry, consumer
groups and labour organizations around the world were involved in its development, which
means it represents an international consensus.

Preview ISO 26000:2010

You can preview the freely available sections of ISO 26000:2010 on our Online Browsing
Platform. To purchase the standard please visit the ISO Store.

ISO 14000 - Environmental management

The ISO 14000 family addresses various aspects of environmental management. It provides
practical tools for companies and organizations looking to identify and control their
environmental impact and constantly improve their environmental performance. ISO 14001:2004
and ISO 14004:2004 focus on environmental management systems. The other standards in the
family focus on specific environmental aspects such as life cycle analysis, communication and
auditing.
ISO and the environment

ISO 14001:2004
ISO 14001:2004 sets out the criteria for an environmental management system and can be
certified to. It does not state requirements for environmental performance, but maps out a
framework that a company or organization can follow to set up an effective environmental
management system. It can be used by any organization regardless of its activity or sector. Using
ISO 14001:2004 can provide assurance to company management and employees as well as
external stakeholders that environmental impact is being measured and improved.
The benefits of using ISO 14001:2004 can include:

Reduced cost of waste management

Savings in consumption of energy and materials
Lower distribution costs
Improved corporate image among regulators, customers and the public

Preview ISO 14001:2004

You can preview the freely available sections of ISO 14001:2004 on our Online Browsing
Platform. To purchase the standard please visit the ISO Store.

ISO 50001 - Energy management

Using energy efficiently helps organizations save money as well as helping to conserve resources
and tackle climate change. ISO 50001 supports organizations in all sectors to use energy more
efficiently, through the development of an energy management system (EnMS).
ISO and energy management

ISO 50001:2011 Energy Management System

ISO 50001 is based on the management system model of continual improvement also used for
other well-known standards such as ISO 9001 or ISO 14001. This makes it easier for
organizations to integrate energy management into their overall efforts to improve quality and
environmental management.
ISO 50001:2011 provides a framework of requirements for organizations to:

Develop a policy for more efficient use of energy

Fix targets and objectives to meet the policy
Use data to better understand and make decisions about energy use
Measure the results
Review how well the policy works, and
Continually improve energy management.

Preview ISO 50001:2011

You can preview the freely available sections of ISO 50001:2011 on our Online Browsing
Platform. To purchase the standard please visit the ISO Store.

Certification to ISO 50001

Like other ISO management system standards, certification to ISO 50001 is possible but not
obligatory. Some organizations decide to implement the standard solely for the benefits it
provides. Others decide to get certified to it, to show external parties they have implemented an
energy management system. ISO does not perform certification.
Read more about certification to ISOs management system standards.

Country Codes - ISO 3166

What is ISO 3166?
ISO 3166 is the International Standard for country codes and codes for their subdivisions. The
purpose of ISO 3166 is to establish internationally recognised codes for the representation of
names of countries, territories or areas of geographical interest, and their subdivisions. However,
ISO 3166 does not establish the names of countries, only the codes that represent them.
The country names in ISO 3166 come from United Nations sources. New names and codes are
added automatically when the United Nations publishes new names in either the Terminology
Bulletin Country Names or in the Country and Region Codes for Statistical Use maintained by
the United Nations Statistics Divisions. Names for subdivisions are taken from relevant official
national information sources.
ISO 3166 was first published in 1974 as a single standard to establish the country codes. It was
expanded into three parts in 1997 to include the codes for subdivisions and the codes for names
of countries that are no longer in use. Of the three parts, Part 1, ISO 3166-1 is generally used the
most often.

Who uses ISO 3166-1?

ISO 3166-1 has become one of the worlds most well known and widely used standards for
coding country names. Using a code of letters and/or numbers to represent a country name can
help save time and energy, and reduce the rate of error.
The country codes found in ISO 3166-1 are used by many organizations, businesses and
governments. For example all national postal organizations throughout the world exchange
international mail in containers bearing its country code for identification. In machine readable
passports, the codes from ISO 3166-1 are used to determine the nationality of the user. In
addition, internet domain name systems use the codes to define top level domain names such as
'fr' for France, 'au' for Australia and 'br' for Brazil.

How to use ISO 3166-1?

ISO 3166-1:2006, Codes for the representation of names of countries and their subdivisions
Part 1: Country codes is the most recent version of the standard.
Within the standard, names of countries are represented by a two-letter code (alpha-2) which is
recommended as the general purpose code, a three-letter code (alpha-3) which is more closely
related to the country name, and a three digit numeric code (numeric-3 - developed and assigned
by the UN Statistics Division) which can be useful when codes need to be understood in
countries that do not use Latin scripts.

ISO provides the alpha-2 country codes for free. The full standard containing the alpha-2, alpha3 and numeric-3 codes as well as details of the administrative language can be purchased. (See
table at top right - Resources for ISO 3166-1:2006.)

Resources for ISO 3166-1:2006

ISO ISO 3166-1 decoding table
The decoding table clearly illustrates the 676 code elements and the countries they have been
assigned to.
View the ISO 3166-1 decoding table
HTML, Text and XML versions
ISO makes the list of alpha-2 country codes available for internal use and non-commercial
purposes free of charge. Three formats are available:
Text
HTML
XML
Purchasing the full ISO 3166-1:2006
A database containing the alpha-2, alpha-3 and numeric-3 codes as well as details of the
administrative language can be purchased from the ISO store. In addition the standard can be
purchased in paper or pdf format.
ISO Focus+ article about ISO 3166
More information about the uses of ISO 3166 can be found in this ISO Focus+ article
Quick Links
Track updates to ISO 3166
Read more about ISO 3166-2
Read more about ISO 3166-3
Read more about how ISO 3166 is maintained

ISO 3166-2:2007
ISO 3166-2:2007 establishes codes for the names of the principal subdivisions (e.g provinces or
states) of all countries coded in ISO 3166-1. This code is based on the two-letter code element
from ISO 3166-1 followed by a separator and up to three alphanumeric characters. The
characters after the separator cannot be used on their own to denote a subdivision, they must be
preceded by the alpha-2 country code.

For example ID-RI is the Riau province of Indonesia and NG-RI is the Rivers province in
Nigeria.
The codes denoting the subdivision are usually obtained from national sources and stem from
coding systems already in place in the country.

How to purchase ISO 3166-2:2007

ISO 3166-2:2007 is available as a database in the ISO store. In addition, the standard can be
purchased in paper or pdf format.

Updates for ISO 3166

ISO 3166-2:2007 is constantly being updated. Read more about how to track these updates.

ISO 3166-3:1999
ISO 3166-3:1999 establishes codes for country names which have been deleted from ISO 3166-1
since its first publication in 1974. The code elements for formerly used country names have a
length of four alphabetical characters (alpha-4 code) and their structure depends on the reason
why the country name has been removed from ISO 3166-1.
Country names might be removed from ISO 3166-1 for various reasons

A country might change a significant part of its name, for example Burma (BU) was changed to
Myanmar (MM) in 1989. The code element for the formerly used country name is therefore
BUMM.
A country may divide into two or more new ones, for example Czechoslovakia was divided into
Czech Republic and Slovakia in 1993. The code element for the formerly used country name
Czechoslovakia is CSHH, HH meaning that no single successor country exists.
Two or more countries may merge for example Democratic Yemen (YD) and Yemen Arab
Republic (YE) merged into the Republic of Yemen (YE) in 1990. The code element used for the
formerly used country name Democratic Yemen is YDYE.

How to purchase ISO 3166-3:1999

ISO 3166-3:1999 can be purchased from the ISO store in pdf or paper format.

Updates to ISO 3166

ISO 3166-3: 1999 is often updated. Read more about how to track these updates.

How ISO 3166 is maintained

All three parts of ISO 3166 are maintained by a maintenance agency (ISO 3166/MA).The
composition of the ISO 3166/MA reflects the two stakeholder groups which were primarily
involved in the development of ISO 3166 in the early 1970s: national standards organizations,
members of ISO, and United Nations agencies.
Of the ten experts with voting rights on the ISO 3166/MA five are representatives of the
following national standards organizations:

Association franaise de normalisation AFNOR (France)

American National Standards Institute ANSI (United States)
British Standards Institution BSI (United Kingdom)
Deutsches Institut fr Normung DIN (Germany)
Swedish Standards Institute SIS (Sweden)

The other five are representatives of major UN or other international organizations who are all
users of ISO 3166-1:

International Atomic Energy Agency (IAEA)

International Telecommunication Union (ITU)
Internet Corporation for Assigned Names and Numbers (ICANN)
Universal Postal Union (UPU)
United Nations Economic Commission for Europe (UNECE)

The ISO 3166/MA has further associated members who do not participate in the votes but who through their expertise - have significant influence on the decision taking procedure in the
maintenance agency. The members can be contacted through the secretariat of the ISO
3166/MA.

Currency codes - ISO 4217

What is ISO 4217?
ISO 4217 is the International Standard for currency codes. The most recent edition is ISO
4217:2008.
The purpose of ISO 4217:2008 is to establish internationally recognised codes for the
representation of currencies. Currencies can be represented in the code in two ways: a three-letter
alphabetic code and a three-digit numeric code.

Alphabetic code
The alphabetic code is based on another ISO standard, ISO 3166, which lists the codes for
country names. The first two letters of the ISO 4217 three-letter code are the same as the code
for the country name, and where possible the third letter corresponds to the first letter of the
currency name.
For example:

The US dollar is represented as USD - the US coming from the ISO 3166 country code and the D
for dollar.
The Swiss franc is represented by CHF - the CH being the code for Switzerland in the ISO 3166
code and F for franc.

Numeric code
The three-digit numeric code is useful when currency codes need to be understood in countries
that do not use Latin scripts and for computerised systems. Where possible the 3 digit numeric
code is the same as the numeric country code.
For currencies having minor units, ISO 4217:2008 also shows the relationship between the minor
unit and the currency itself (i.e. whether it divides into 100 or 1000).
ISO 4217:2008 also describes historical codes in table A.3 as well as the codes representing
certain funds in table A.2.

Maintaining ISO 4217

Periodically, amendments must be made to ISO 4217:2008 and these are managed by the
Secretariat of the Maintenance Agency, in this case the SIX Interbank Clearing Ltd on behalf of
the Swiss Association for Standardization, SNV.
More details on how to contact SIX Interbank Clearing Ltd can be found in the list of
Maintenance Agencies.