Wat is ISO/IEC 31000? What is ISO/IEC 31000?

ISO 31000 is een internationale norm die richtlijnen biedt voor risicomanagement binnen organisaties. De norm helpt organisaties om risico’s op een gestructureerde en consistente manier te identificeren, analyseren, beoordelen en behandelen. ISO 31000 is geen certificeringsnorm voor organisaties, maar een praktische richtlijn die toepasbaar is op elke sector en elk type organisatie. Het doel is om betere besluitvorming te ondersteunen, onzekerheden te beheersen en prestaties te verbeteren door risico’s effectief te managen. ISO 31000 is an international standard that provides guidelines for risk management within organizations. The standard helps organizations to identify, analyze, assess, and treat risks in a structured and consistent manner. ISO 31000 is not a certification standard for organizations, but a practical guideline that is applicable to any sector and any type of organization. The goal is to support better decision-making, manage uncertainties, and improve performance by effectively managing risks.

Wat zijn de verschillen tussen ISO 31000 en ISO 27005? What are the differences between ISO 31000 and ISO 27005?

ISO 31000 en ISO 27005 verschillen vooral in scope en toepassing. ISO 31000 richt zich op risicomanagement op organisatieniveau (enterprise risk management), is daarom breed toepasbaar ongeacht sector of type risico en biedt algemene principes, frameworks en processen. ISO 27005 richt zich specifiek op informatiebeveiligingsrisico’s, is onderdeel van het Information Security Management System (ISMS) domein, sluit daarmee nauw aan op ISO/IEC 27001 en gaat dieper in op dreigingen, kwetsbaarheden en security controls. Kort gezegd: ISO 31000 = algemeen risicomanagement ISO 27005 = risicomanagement specifiek voor informatiebeveiliging ISO 31000 and ISO 27005 differ mainly in scope and application. ISO 31000 focuses on risk management at the organizational level (enterprise risk management), making it broadly applicable regardless of sector or type of risk, and provides general principles, frameworks, and processes. ISO 27005 specifically addresses information security risks, is part of the Information Security Management System (ISMS) domain, closely aligns with ISO/IEC 27001, and delves deeper into threats, vulnerabilities, and security controls. In short: ISO 31000 = general risk management ISO 27005 = risk management specifically for information security

Is het verstandig om eerst de ISO 31000 training te volgen voordat je de ISO 27005 training volgt? Is it wise to first take the ISO 31000 training before taking the ISO 27005 training?

Ja, in de meeste gevallen is het logisch om eerst de ISO 31000 training te volgen en daarna pas ISO/IEC 27005. Wanneer je puur in de cybersecurity of informatiebeveiliging werkt, dan kan ISO/IEC 27005 direct relevanter zijn. Hetzelfde geldt wanneer je al ervaring hebt met enterprise risk management. Door eerst de ISO 31000 training te volgen, begrijp je: De algemene methodiek van risicomanagement; Governance en besluitvorming rondom risico’s; Frameworks, contextbepaling en risk treatment; Hoe organisaties risico’s integraal benaderen. Daarna is ISO/IEC 27005 makkelijker te plaatsen, omdat die training meer de vertaalslag maakt naar: Informatiebeveiligingsrisico’s; Dreigingen, kwetsbaarheden en impact; Security controls; Risicoanalyse binnen een ISMS. Yes, in most cases it makes sense to first take the ISO 31000 training and then ISO/IEC 27005. If you are purely working in cybersecurity or information security, then ISO/IEC 27005 may be directly more relevant. The same applies if you already have experience with enterprise risk management. By first taking the ISO 31000 training, you will understand: The general methodology of risk management; Governance and decision-making regarding risks; Frameworks, context determination, and risk treatment; How organizations approach risks integrally. After that, ISO/IEC 27005 is easier to place, as that training makes more of the translation to: Information security risks; Threats, vulnerabilities, and impact; Security controls; Risk analysis within an ISMS.

ISO 31000 - Lead Risk Manager Training (PECB)

5 days Classroom Engels

Sharpest price in just 2 steps

Requesting more information and/or the current price of this training is easy. We take into account any ongoing promotions, subsidies, or relationship discounts.

Why ISO 31000 - Lead Risk Manager Training (PECB) at TSTC?

TSTC is Platinum Partner of the Year 2025.
TSTC has been providing PECB training for over 15 years.
Learn from highly experienced Dutch-speaking experts who are able to incorporate the current Dutch situation into the training sessions.
In addition to the digital content via myPECB, you will also receive a lesson plan with all the slides.
In addition to the digital content via myPECB, you will also receive a lesson plan containing all the printed slides.

Training Summary

Vendor:

PECB
Training Language:

Engels
Duration:

5 days
Category:

Information Security (Tactical & Strategic)

Compliance & (IT) Risk

Description

The ISO 31000 Lead Risk Manager training course helps participants develop their competences to support an organization create and protect value by managing risks, making decisions, and improving performance using the ISO 31000 guidelines. It provides information regarding the core elements and the effective implementation of a risk management framework, the application of the risk management process, and the actions necessary for the successful integration of these elements to meet organizational objectives. Furthermore, it provides guidance on the selection and application of techniques for assessing risks in a wide range of situations.

Certification

Upon completion of the training course, participants can sit for the exam and apply to obtain the “PECB Certified ISO 31000 Lead Risk Manager” credential. The credential demonstrates that the participant possesses the theoretical and practical knowledge and professional capabilities to support and lead risk management processes based on ISO 31000 guidelines and best practices in this field.

Training Requirements

Managers of consultants die betrokken zijn bij, of verantwoordelijk zijn voor, de implementatie van een risicomanagementprogramma binnen een organisatie
Projectmanagers, consultants of expert adviseurs die zich willen verdiepen in het implementeren van een risicomanagementframework en -proces
Personen die verantwoordelijk zijn voor risicomanagementprocessen
Iedereen die interesse heeft in risicomanagement

Materials

1 jaar toegang tot PECB portaal met daarin o.a. een digitale versie van de slides, praktische voorbeelden, oefeningen en quizzen
Een map met daarin de afgedrukte slides. Handig om aantekeningen bij te maken
Een proefexamen
Het ISO 31000 Lead Risk Manager examen van PECB
Eén eventueel benodigd herexamen

Training Content

Dag 1 - Introductie tot ISO 31000 en risicomanagement

Doelstellingen en opbouw van de training

Relevante standaarden en wet- en regelgeving

Basisprincipes van risicomanagement

De principes, het framework en het proces van ISO 31000

Leiderschap en betrokkenheid binnen risicomanagement

Dag 2 - Opzetten van het risicomanagementframework en starten van het risicomanagementproces

Het risicomanagementframework

Scope, context en criteria van het risicomanagementproces

Risico-identificatie

Dag 3 - Risicoanalyse, risicobeoordeling en risicobehandeling volgens ISO 31000

Risicoanalyse

Risicobeoordeling

Risicobehandeling

Dag 4 - Registratie, rapportage, monitoring en communicatie volgens ISO 31000

Vastleggen en rapporteren van risico’s

Monitoring en evaluatie

Communicatie en consultatie

Dag 5 - Certificeringsexamen

Description

Certification

Training Requirements

Managers of consultants die betrokken zijn bij, of verantwoordelijk zijn voor, de implementatie van een risicomanagementprogramma binnen een organisatie
Projectmanagers, consultants of expert adviseurs die zich willen verdiepen in het implementeren van een risicomanagementframework en -proces
Personen die verantwoordelijk zijn voor risicomanagementprocessen
Iedereen die interesse heeft in risicomanagement

Materials

1 jaar toegang tot PECB portaal met daarin o.a. een digitale versie van de slides, praktische voorbeelden, oefeningen en quizzen
Een map met daarin de afgedrukte slides. Handig om aantekeningen bij te maken
Een proefexamen
Het ISO 31000 Lead Risk Manager examen van PECB
Eén eventueel benodigd herexamen

Training Content

Dag 1 - Introductie tot ISO 31000 en risicomanagement

Doelstellingen en opbouw van de training

Relevante standaarden en wet- en regelgeving

Basisprincipes van risicomanagement

De principes, het framework en het proces van ISO 31000

Leiderschap en betrokkenheid binnen risicomanagement

Dag 2 - Opzetten van het risicomanagementframework en starten van het risicomanagementproces

Het risicomanagementframework

Scope, context en criteria van het risicomanagementproces

Risico-identificatie

Dag 3 - Risicoanalyse, risicobeoordeling en risicobehandeling volgens ISO 31000

Risicoanalyse

Risicobeoordeling

Risicobehandeling

Dag 4 - Registratie, rapportage, monitoring en communicatie volgens ISO 31000

Vastleggen en rapporteren van risico’s

Monitoring en evaluatie

Communicatie en consultatie

Dag 5 - Certificeringsexamen

I am taking this next step in my lifelong learning journey.

What Can I Learn After The ISO 31000 - Lead Risk Manager Training (PECB)?

Begrijp de concepten, benaderingen, methoden en technieken van risicobeheer.
Learn how to establish a risk recording and reporting process and an effective risk communication plan.

Learn how to interpret the ISO 31000 principles and framework in the context of an organization.

Learn how to apply the ISO 31000 risk management process in an organization.

Schedules

This training is scheduled as follows in the coming period. Missing a date? Feel free to contact us.

Date: 18 - 22 januari 2027

Location: TSTC - Klassikaal & Live Online

Request current price

Date: In overleg

Location: —

Request current price

Learning paths

This training can also be taken as part of the below learning path(s). If you want to follow multiple titles from a learning path, please contact our advisors for a suitable bundle offer.

Expert

Intermediate

Fundamentals

IT (Security) Risk Manager

Expert

CCISO training - Certified Chief Information Security Officer

Masterclass Governance, Risk & Compliance (GRC)

AAIR training - Advanced in AI Risk

Intermediate

CISSP training - Certified Information Systems Security Professional

CRISC training - Certified in Risk and Information Systems Control

ISO 27005:2022 - Certified Risk Manager (PECB)

Fundamentals

ISO 27001 Foundation Training (PECB)

ISO 31000 - Lead Risk Manager Training (PECB)

Frequently Asked Questions

ISO 31000 is an international standard that provides guidelines for risk management within organizations. The standard helps organizations to identify, analyze, assess, and treat risks in a structured and consistent manner. ISO 31000 is not a certification standard for organizations, but a practical guideline that is applicable to any sector and any type of organization. The goal is to support better decision-making, manage uncertainties, and improve performance by effectively managing risks.

ISO 31000 and ISO 27005 differ mainly in scope and application. ISO 31000 focuses on risk management at the organizational level (enterprise risk management), making it broadly applicable regardless of sector or type of risk, and provides general principles, frameworks, and processes. ISO 27005 specifically addresses information security risks, is part of the Information Security Management System (ISMS) domain, closely aligns with ISO/IEC 27001, and delves deeper into threats, vulnerabilities, and security controls. In short: ISO 31000 = general risk management ISO 27005 = risk management specifically for information security

Yes, in most cases it makes sense to first take the ISO 31000 training and then ISO/IEC 27005. If you are purely working in cybersecurity or information security, then ISO/IEC 27005 may be directly more relevant. The same applies if you already have experience with enterprise risk management. By first taking the ISO 31000 training, you will understand: The general methodology of risk management; Governance and decision-making regarding risks; Frameworks, context determination, and risk treatment; How organizations approach risks integrally. After that, ISO/IEC 27005 is easier to place, as that training makes more of the translation to: Information security risks; Threats, vulnerabilities, and impact; Security controls; Risk analysis within an ISMS.

I am taking this next step in my lifelong learning journey.

Why experienced professionals choose TSTC for their studies

Train smarter, not harder. TSTC's unique approach guarantees the effective acquisition of skills and the greatest chance of success.

Learn more about TSTC