International Standards Organization 31030 travel risk management

World Travel Protection #iso31030 #travelriskmanagement #pear #pearl #businesstravel #businesstravellers #riskmanagement

Presented live on the X Stage 14 September 2022, GSX 2022 Atlanta.

Has your organization prepared you for a return to travel?

Travel is a largely unregulated domain when it comes to risk management. We had a year to receive and review the international standards organization body's first guidance for the travel industry. This standard dramatically redefines the world of travel risk management. ISO 31030: 2021 travel risk management has significant implications for corporate travel approvers, Travel Management Companies (TMC) and anyone involved in planning, delivering, or taking business trips.

Let's clear the air; there is no accreditation as the ISO is not certifiable. But as a standard, it applies across multiple sectors with travelling workers and executives. As a guidance document, it is written in plain language, making it easy to understand, and as we emerge from the pandemic, the last thing we need is more surprises. Travel is a relatively unregulated industry, there is no common travel language, and within an organization, many have no natural 'home' to manage travel policies and approvals.

Your travel risk management (TRM) must be traveller-approved and include an education process, ensuring a comprehension of the tools used to educate, locate, and communicate in a crisis or emergency. TRM policies should address the individual traveller's specific needs and risk understanding and appetite for where they will be going and what type of activities they'll be performing.

Are you ready to travel?

Why is it important?

Business travellers are returning to a changing world, they want to know their organization has their best interests, and in many cases, families want to know their loved ones are safe. There is a misconception that the ISO is asking organizations to make TRM a stand-alone risk policy. The standard states that travel approval policies should align under a singular approval process. This stand-alone policy suggestion should align with existing resiliency and continuity programs. The pandemic elevated travel approval in many businesses and organizations to the C-suite, a clear example of integrating travel into an organization's continuity programs and should catalyse reviewing current travel expectations and systems against the ISO standard 31030 Travel Risk Management sets out.

Business travellers are returning to a changing world.

A travel safety policy needs to be a stand-alone document and integrated with other organization policies to ensure it's part of a robust business continuity program. When an incident impacts travellers, all response plans should work together to support the traveller's safety.

Have you reviewed ISO 31030?

With a return to travel, many businesses, and organizations pre-covid had been acutely aware of medical and security risks associated with travel. The pandemic put everyone's crisis response to the test. What are the lessons learned from the pandemic? Are organizations prepared and better adapted for the next crisis? Whether a global crisis or an incident impacting a singular business traveller or group.

Was your travel risk management policy reviewed and updated during the pandemic?

Has it been collecting dust on a shelf or taking up space on a desktop that may no longer be on a network? Today's business travellers expect more from their employers. What are employers doing to support their travelling workers' health, safety, and security concerns?

Let us reframe this. The ISO presents a practical methodology to support Mature Programmes by clearly identifying gaps. Organizations with robust travel programs aligned to resiliency and continuity best practices can be an external validation of their approach. For Immature Programmes, the ISO provides a neutral approach to identifying opportunities to build frameworks around.

How can I stand here and state this? ISO 31030 is surprisingly readable. It provides a universal vocabulary and framework to explain the value and showcase the importance of a robust TRM process that aligns with an organization's risk management. The key enabler to achieving an organization's meeting of the standard is to map out travel and journey management steps with an emphasis on having travel management policies aligned under a singular travel approvals process.

Will a robust travel risk management policy support the best outcome in protecting your people and reputation?

As we move from pandemic to endemic globally, we have seen how organizations respond, good or bad, with business resiliency programs and tested their risk management programs. Travel is essentially an unregulated domain. The release of this ISO is a first for all aspects of the travel industry. The international standards body dramatically redefines the world of travel risk management, and ISO 31030 has meaningful implications for corporate travel approvers, TMCs and anyone involved in planning, delivering, or taking business trips.

Travel is essentially an unregulated domain.

The good news is that World Travel Protection is ready to help clients and organizations understand and adopt ISO 31030. We can advise of the changes recommended by the guidance and provide implementation support!

What does the ISO 31030 travel risk management guideline mean for travel approvers and organizations travelling workers? The guidance covers risks from data, business continuity and reputation to legal, financial and HR operations.

Our approach at World Travel Protection has been to develop a self-audit tool for our clients' use, and we support them on this journey. We believe clients know their risks and can complete a self-audit with our support as needed.

Why is travel risk management (TRM) essential?

The world has changed; persons travelling on business, whether international or domestic, can face unfamiliar situations with different risk profiles to those of their usual location. Natural disasters, disease outbreaks, as we have witnessed with COVID-19, terrorist attacks, civil conflict, crime, and cyber threats can threaten travellers' safety, security, and health.

The duty of care of organizations frames how to anticipate and assess the potential for events, develop treatments and communicate anticipated risk exposures to their employees.

In the event of an incident, organizations need to be able to activate their duty of care response plan quickly. This plan should include having a current crisis plan with clear triggers and protocols and easy access to medical, security and logistics experts. Many organizations complement their in-house capabilities with external TRM assistance companies.

“The duty of care”

Key focus areas of the ISO 31030 standard!

The primary objective of ISO 31030 is to use a common language across multiple sectors involved in travel and promote a culture where travel-related risk is understood. Encourages organizations to resource adequately and manage the risk as part of a broader effective resiliency practice.

The ISO supports organizations in understanding the roles involved in travel risk management. The guidance highlights that everyone in an organization has a "duty of responsibility" to play, from senior management to travelling workers. It sets a framework for organizations to demonstrate ownership, be accountable for travel risk management, and support frameworks and tools for employees to make themselves aware of an organization's policies and adhere to processes.

"Duty of responsibility"

Travel risk assessments

Organizations should undertake assessments with persons who understand risk management, resiliency, and continuity. They should understand the implications of travel risk and who can assign a quantitative or qualitative measure of risk acceptability in their reporting resulting. This process supports informed decisions about risk treatment options.

Pre-planning and risk monitoring

Businesses may use a technological platform to triage trips, for example, triggering an automated authorization for low-risk travel while flagging other travels for closer scrutiny. The pandemic demonstrated the impact of globally disruptive events and revealed the criticality of pre-planning and risk monitoring. But these examples all rely on an organization's booking process with a clear outline of the booking channels utilized for all travel, transport, and accommodation forms. Travel risk is highly dependent on understanding these risk exposures.

Identifying, recognizing, and mitigating risk is crucial to safe travel. Organizations should educate their travellers before departure, so they know how their personal profile factors into destination-specific risks. Travellers should also have access to real-time alerts that can notify them of any potential travel disruptors nearby.

Location Management

Arrangements for traveller location management are critical. Knowing the location of personnel is a crucial enabler to risk management. However, being able to communicate threats and hazards is paramount during and after an incident.

It's hard to support a traveller if you don't know where they are. Having access to the traveller's itinerary is the first step. Thanks to modern technology, travellers can also share their current location. Applications create seamless capture of last-minute changes to the plan and fill in the blanks between what the itinerary shows and where the person is at any time.?

Hard to support a traveller if you don't know where they are

Travel risk management dashboards

It is recommended for travel risk management (TRM) intelligence to utilize a dashboard to assist risk assessment and reporting of metrics. Travel risk management, like organizations, depends on the size and complexity of organizations. We see clients utilizing dashboards with powered small ad hoc databases to outsourced subject matter TRM experts. In concert with dashboards, the ISO 31030 guidance conforms to ISO 31000 Risk Management and recommends using heat maps for quick, helpful and visual projection of the potentiality of risk likelihood for organizational risk to leaders.

Communicating with the traveller, primarily if an incident occurs, must be simple and easy. Organizations can use travel risk management platforms to quickly assess impacts on their travellers after an incident occurs and reach out via two-way communication systems. Travellers can use travel risk apps, such as Travel Assist by World Travel Protection, to activate an emergency crisis call that immediately connects them to our assistance experts.

Communicating must be simple

and easy

Why is ISO 31030 good news for travel approvers?

When we reflect on organizations' pre-pandemic business continuity and resiliency programs, they did not include travel approval in many cases. ISO 31030 promotes adopting a singular policy approach to TRM under the broader context of People, Environment, Assets, Reputation and Livelihoods (PEARL). The travel approvals process should be stand-alone, but I recommend integrating TRM into an organization's resiliency and continuity activities and the approval streams aligned to these activities.

As we prepare to shift from pandemic to endemic, the ISO reinforces travel's importance and potential impacts on organizations. It highlights the reality of giving travel approvers the resources needed. The pandemic exposed the truths of challenges and reflected on approvals escalated to the C-Suite. In the future, as travel approval finds a new home, organizations need to give approvers the resources and delegation to do their jobs more effectively. Adhering to this approach aligns travel within the organization's risk management programs, creating a more linear system for managing controls and potentially lowering risk exposures and insurance requirements.

What should travel approvers do next?

Organizations need to familiarise themselves with the critical elements of guidance. The pandemic has created a window of opportunity for travel approvers to streamline travel programs, reduce redundancy and create value in travel programs by ensuring a higher degree of safety for travelling workers and executives whilst better understanding and integrating with their TMCs.

Early adopters of the ISO

The pandemic opened the space to discuss the risks associated with travel, and early adopters of the ISO are seeing the benefits of achieving the standard.

What is the value of achieving the Standard?

For those who are still questioning the value of the ISO 31030. Can they reflect on their existing travel ecosystem and understand the risks they and their workers face and potential impacts on the duty of care? Are they prepared to address gaps and exposures that can affect the organization's understanding and controls for PEARL involved in the travel process and how their travelling workers have a duty of responsibility?

The world has changed!

Has your approach to Travel Risk Management?

Frank Harrison, Regional Security Director Americas for World Travel Protection, has a Graduate Degree in Human Security and Peacebuilding and a diverse background in emergency, operations, and security risk-management planning. His work in public security and safety, as well as consulting for the extractive resource sector, has taken him across the globe for 20 years, often to hostile and austere locations such as West Africa, the Middle East, Papua New Guinea, and the Arctic. Since starting his role as Security Director at WTP, Frank has focused on delivering security tools to front-line assistance team members, and he has also developed his role to support travelers who may experience a complex crisis event.