Travel Risk Management & ISO-31030

What is Travel Risk Management?

IATA reported in May 2022 that post-pandemic international business travel was at 64% of pre-pandemic levels¹. However, there has been a fundamental shift in corporate and executive attitudes towards travel that may not see travel return to pre-pandemic levels within 2022-23.
The drivers for this shift are attributed to:

• Commitment to ESG sustainability goals
• Cost-control and scrutiny of travel vs virtual engagements
• Mitigation of continued pandemic risks driven by COVID-19 variant waves.
  

Despite this landscape, the very real risks facing post-pandemic travellers have not diminished and all organisations have a ‘duty of care’ responsibility to implement an effective travel risk-management (TRM) program. Within the context of travel, a company’s
‘duty of care’ is defined as the legal and ethical obligation to research, plan, and implement a strategy to mitigate the foreseeable risks involved with business travel.

Adopting this ‘duty of care’ model enables organisations to avoid second-order impacts, such as costs associated with interrupted travel, employee harm and reputational damage. The standard, (legacy), TRM model for many organisations combines an internal travel-approval & expenses function with an external travel management company, (TMC), with travel exposure underwritten by a
business travel accident, (BTA), insurance policy that has designated security & medical partners for incident management.

Although adequate, this model typically has significant internal process and capacity gaps around risk-evaluation, risk-treatment and incident response. Many organisations do not fully leverage the tools & benefits of their insurance program, or engage properly with their security & medical response partners.

ISO-31030

At the end of 2021 a new TRM standard, ISO-31030, was launched after many years of development. The standard has established a benchmark structure against which organisations can now develop, implement and evaluate their own ‘best-practice’ TRM process.

The ISO-31030 is built around four streams of TRM process development that place the traveller at the heart of the process; before, during and after travel. Although not yet an accredited standard, ISO-31030 provides a structured best-practice TRM roadmap for
organisations.

Many, if not all, organisations can benefit from a gap-analysis of their current TRM model against the ISO31030 Standard in order to consolidate their internal capacity to risk-assess, approve, mitigate, track and monitor business travellers as well as maximising the tools & benefits of their insurance program. This helps enable better coordination and reach with the designated security and medical partners.

It is also important to properly evaluate an organisation’s BTA insurance program relative to the actual ‘real-world’ exposure to operational risks, (natural-catastrophe, political violence and terrorism, civil-disorder, cyber and kidnap/extorsion – as well as the underlying security and medical risks). Organisations that have exposure to hostile and frontier risk environments will require an insurance program that can accommodate this elevated risk exposure and provide effective claims management as well as incident triage with the designated security & medical partners.

Finally, it should be noted that all of the risk factors above, (cyber, medical, security), can trigger in low, medium and high threat environments. Effective TRM is not restricted to high-threat travel and the implementation of ISO-31030, aligned with an appropriate insurance

---

---

1. https://www.iata.org/en/iata-repository/publications/economic-reports/air-passenger-monthly-analysis—may-2022/ ↩︎