ISO 31000 was specifically developed to help organizations effectively cope with unexpected events while managing risks. Besides mitigating operational risks, ISO 31000 supports increased resilience across all risk management categories, including the most complicated group to manage effectively - digital threats.
The design of the risk framework should be based on business objectives and a risk management policy within an organization’s unique risk context (the contextualization of risks is a recurring theme in ISO 31000). The Framework stage sets the broad risk management context, which is then refined in the Process stage, setting the foundation for more meaningful insights gathered through risk assessments.
This will encourage stakeholder involvement in all stages of the risk management program’s development - which supports the primary objective of the Framework stage in ISO 31000:2018.