Man and two women reviewing tablet in office stairway
ComplianceESGMarch 21, 2019

ISO 31000 Blog Series – How to determine scope, context and criteria

Hello and welcome to the 2nd blog in this blog series of the complete guide through the risk management standard using the bowtie software portfolio.

This week’s blog will be a short one and is focused on the first step of the ISO 31000 – Scope, Context and Criteria.

It should be noted here, that nothing is set in stone. In other words, it is entirely possible and likely that later on in your journey to safety, your scope, context and criteria may shift as you come across new things that you hadn’t yet thought about. As such, the ISO 31000 is more of a feedback loop than one linear line.

Step 1: scope, context and criteria

There is no specific software we recommend to determine the scope, context and criteria. However, we have a very diverse client base and this allows us to spot certain trends across various industries. Below are our anecdotal tips & tricks on how to tackle this first step of the ISO 31000.

Often, we see that people are very tempted to start building bowties haphazardly (no pun intended). They will put in a lot of hours and work, only to find out that they don’t know who the bowtie is actually for (Context issues). This can lead to time troubles later on, slowing down the entire process of communicating safety more effectively (Scope issues). This is often caused by a lack of a clear goal (Criteria issues).

Therefore, before doing anything, ask yourself these questions:

  • What problem do we want to solve?
  • What standards do we want to use?
  • Who are the Bowties for?
  • Which locations will we include?
  • What can we do in the time we have?
  • Which process, techniques will we use?
  • What is our goal?
    • to demonstrate the level of control on risks to a regulatory body?
    • to find areas for improvement?
    • to improve the quality and clarity of risk communication?
  • When have we succeeded?

As an example, a company might ask itself these questions to solve the problem of not complying to the local regulator. As such, the company may want to build 5 bowties specifically focused on the 5 main processes of their locations with the highest incident rates. Their audience are the regulators, who have adequate knowledge of the operations but do not know every little detail. Therefore, the bowties, being on the 5 main processes, should not be too detailed and instead lean a little bit towards a more generic level. Success will be defined by using the bowties to show the regulator that measures are in place to protect the workers and the process as a whole.

Answering these questions before starting your journey to safety will help you focus on the vital aspects and ignore dead ends, possibly saving more lives in the process. In our next blog posts, we will continue this journey and find out how to make the most of the software.

Back To Top