Bob Quick is a security and risk mitigation expert and executive director at Global Secure Accreditation. He brings four decades of expertise to his role, including 32 years with the British Police Service managing security for significant events including G20 summits and state visits.
Among the devastation wrought by the Covid-19 pandemic is the impact on business travellers’ heightened perception of safety and their organisation’s duty of care to its employees.
When considered alongside outbreaks of civil unrest and the ever-present threat of crime, natural disasters and terrorism, the need for a robust, tested and formalised risk management process – that also gives travellers confidence – has never been more abundantly clear.
There is no better time, then, for the introduction later this year of ISO 31030 by the International Organization for Standardization. The new travel risk management standard is derived from the well‐established ISO 31000 risk management standard, and I’m fortunate to have participated on the UK’s BSI-led ISO working group which has contributed to its development.
What is ISO 31030?
Once released, ISO 31030 will become the new global benchmark for travel risk management to help organisations make the right decisions to support their employees within a framework of good practice guidance developed by a truly global community of experts.
ISO 31030 will cover all aspects of corporate travel including authorisations, planning, policy, traveller assessment, transportation, destination, accommodation and much more. The guidance is written so that it can be applied to a full range of organisational contexts, travel requirements, threat and risk environments or risk appetites.
What we will see with the travel risk management guidance is increasing standardisation as practices and approaches become widely evidenced and accepted as ‘best’ practice.
Of course variety will remain, and policy will to a degree mirror an organisation’s personality. However, employees everywhere can and should expect good standards when it comes to the assessment of risks involved in travel and how that risk is managed.
Some companies that have had a more relaxed attitude to travel may find they need to increase their oversight and control on some aspects if they are going to align with ISO 31030.
ISO 31030 will help travel and travel risk managers develop a streamlined, integrated and effective process to ensure the safety of their travellers. It will help corporates meet their duty of care to travelling employees and ensure preferred suppliers meet appropriate standards. And it will help suppliers ensure they meet those standards and therefore assure their TMC and corporate partners are able to adhere to the guidance.
As ISO 31030 rolls out, service providers will need to objectively demonstrate their security and safety standards are appropriate in the context of the security environment if they are to provide the required assurance to those travel managers adopting ISO 31030 standards.
The ‘self‐certification’ by hotels and other suppliers of their own security and safety standards is no longer considered credible without an evidence-based approach. Independent accreditation is an efficient way to satisfy the due diligence required to be conducted by travel risk managers or their TMC partners.
ISO 31030 is not a legal standard, but it is likely to become seen as the benchmark for standards of travel risk management. Where things go wrong, litigants are likely to seek evidence of adoption of the standards.
Getting ready for ISO 31030
At a time when the business travel industry has been paused and everyone is poised for a restart, some stakeholders could be forgiven for feeling less than enthusiastic about the prospect of new standards.
That said, the reaction we’ve seen so far has been extremely positive because the standard is providing clarity in areas that have been grey for too long.
While ISO 31030 hasn’t been released yet, it’s smart to start getting ready now by:
● Defining ownership. Travel risk can sit across functions and ownership varies between organisations. Defining where it sits in your organisation is a good place to start.
● Integrating risk management activities with wider organisational risk management capabilities. The security, risk management, HR, occupational health, health and safety, procurement and other departments, together with your TMC partner, can all add value to travel risk management.
● Recognising the risk. As a corporation, part of your duty of care to travellers includes doing everything reasonable in your power to keep them safe and secure. In fact, more and more companies have faced litigation for failing to meet their duty of care as expectations rise. If you haven’t fully examined and planned for travel risks, you need to start today.
● Assessing the risks that travel creates. This will look vastly different based on your company’s sector, scale, travel patterns and risk appetite. Regardless, it is important that every organisation has their eyes wide open on what could happen to their travellers during the normal course of travel and as a result of specific security incidents. Be sure to continually reassess as new threats evolve and new opportunities arise.
● Building accreditation or other means of credible assurance of standards into your RFPs, now. By working to incorporate security accreditation into your RFP process and using accredited providers, you’ll enhance traveller safety. Start working on this now so this is fully operational by the time ISO 31030 is published later this year. Look for an accreditation partner that is closely aligned with the specific requirements of ISO 31030 to ensure alignment with the new standards once they’re published.
While Covid‐19 is having a devastating impact on our industry, it does create an opportunity to plan for how we can do things better when travel restarts. Ultimately, ISO 31030 is about keeping travellers healthy and safe once business travel resumes. It’s the most important work any of us in corporate travel can do, regardless of what part of the industry we sit in.