The Post-Pandemic Return of Travel
Now that hundreds of millions have been vaccinated, people are beginning to travel again. In the United States, TSA checkpoint travel numbers are increasing although not up to pre-COVID levels. On May 15, 2021, the TSA reported 1,453,267 travelers compared to 193,340 travelers on the same date in 2020. There were 2,091,116 travelers on the same date in 2019. The International Air Transport Association (IATA)’s latest forecast expects air travel to return to 2019 levels by 2024. The return of international travel will depend on the worldwide availability of effective COVID-19 vaccinations.
Travel Risk Management and Duty of Care
Organizations have a so-called “Duty of Care” obligation to their employees. Duty of Care is an organization’s moral and legal obligation to care for employees while they are conducting business. Duty of Care for travel means ensuring the safety of traveling employees. Travel risk management is how organizations fulfill their Duty of Care responsibilities.
Even before the pandemic there was a growing perception that travel risk had increased. Seventy-nine percent of risk professionals surveyed by International SOS say risk for business travelers will rise in 2021.
Travel risk management programs are more important than ever. It will be key to giving travelers reassurance that there is dedicated care available for them in an emergency.
ISO 31000 – Risk Management Standard
The International Standards Organization (ISO) is a global network made up of the national standards bodies from 164 countries around the world. The American National Standards Institute (ANSI) is the U.S. member of ISO. In 2011, Technical Committee 262 (TC 262) was created to manage all standards related to risk management. Sixty-one countries are members of TC 262 and another 21 are observers.
ISO 31000 – Risk Management provides a framework and guidelines for effective risk management. All other risk management standards must comply with ISO 31000. The standard is quite broad. It does not provide detailed instructions or requirements on how to manage specific risks, nor any advice related to a specific application domain. It creates a generic approach to risk management that can be applied to different types of risks and used by any organization regardless of its size, activity, or sector. ISO 31000 can be customized to any organization and its context.
ISO/TC 262 has published six standards, although one of the six is a new version of a previously issued standard. Another three standards are in the proposal or development stage including ISO 31030.
ISO 31030 – Travel Risk Management Standard
ISO 31030 – Travel Risk Management – Guidance for Organizations is a global standard created to provide guidance on how to manage risks associated with traveling. The standard uses the terminology, principles, and framework provided by ISO 31000 – Risk Management.
The standard provides guidance to organizations on how to manage the risks related to personnel travel on behalf of the organization. The guidance can be used to create a travel risk management program or strengthen an existing program.
ISO 31030 provides a structured approach to the development, implementation, evaluation, and review of policy, program development, threat and hazard identification, risk assessment, and prevention and mitigation strategies.
The guidelines can be used by any organization, regardless of type or size. It includes but is not limited to commercial, charitable, non-profit, governmental, non-governmental, and educational organizations. Tourism and leisure travel are not covered by this standard.
Managing Travel Risk
The primary purpose of a travel risk management program is to ensure that the personnel can perform their duties safely and securely while traveling.
An organization’s top management has the ultimate responsibility for protecting employees, volunteers, and students from travel risk. The travel risk management program should be endorsed by the organization’s top management and be incorporated into its overall risk management strategy. Organizations should appoint a competent person to be responsible for the travel risk management program.
The roles and responsibilities of internal and external participants should be laid out in the program for both routine and emergency travel situations. The organization must have a crisis management team with the necessary resources, guidance, and authorization to act when necessary. Records must be kept showing the decisions made and actions taken.
Risk Identification and Assessment
Travel risk management should include an identification process which finds, recognizes, and describes risks that could impact an organization’s ability to achieve its travel objectives. Management can then assess the risk associated with planned travel so organizations can make informed decisions about the travel. The risk assessment should allow the organization to identify the risks to the traveler, the likelihood of the risks occurring, and actions that can mitigate the risks.
An important element of a risk assessment is for the organization to determine its comfort level with the degree of risk.
Accurate and up-to-date information is essential to identify risks. A key step in risk assessment is the collection and analysis of pertinent information and intelligence whether gathered by in-house resources, third-party providers, or government resources. Organizations can choose to contract external travel security experts to perform the risk identification and assessment.
The assessment may support continuing the travel as planned, a decision to take additional steps to reduce risk, or to cancel the travel. Assessments need to include security, safety, and health threats.
Risk Avoidance, Risk Reduction, and Risk Sharing
Based on the risk assessment, an organization can take steps to address the risks to travelers before, during, and after travel. This includes a wide range of options that will make the risk less likely to occur, reduce the severity of a risk, or reduce its frequency.
One way to manage risk is through risk avoidance. This means eliminating the activity that carries the risk. This could mean cancelling the trip or postponing it to a time when the risk is lower. Another way to manage risk is with risk reduction. This means changing some aspect of the travel to reduce the likelihood and severity of the risks.
One other way to manage risk is through risk sharing. Third-party commercial resources can provide travel insurance that covers medical emergencies and evacuation because of increased security threats. This can ensure in advance that appropriate assistance is available to deal with any security, safety, and health emergencies that may occur.
Incident Management
Organizations should have a written incident response plan to manage emergencies. The plan should describe the authorities and responsibilities of key personnel and establish an incident management team for emergencies.
A key part of the plan is procedures for communication between travelers and organizations during a safety, security, or health emergency. This involves a designated emergency contact point available 24/7 from anywhere in the world. Traveler tracking is also an important part of an incident response plan. Knowing the location of traveling personnel is essential to be able to assist them and to warn them of any new threats and hazards.
An organization should plan for the potential need to evacuate its traveling personnel. This could occur because of a medical or security related incident, injury, political instability, or a natural or environmental disaster. Evacuation could be to a safe location within the country or to another country.
Organizations should have a process to continuously evaluate the effectiveness of their travel risk management program. The evaluation should identify strengths and weaknesses in the program to guide later refinements and improvements to the program.
Current Status of ISO 31030
The Technical Committee ISO/TC 262 is reviewing comments on the Draft International Standard (DIS) version. That will be followed by the drafting of the Final Draft International Standard (FDIS) version, the last step before publication. The publication of the ISO 31030 standard on Travel Risk Management is expected in September or October, 2021.
Early Adoption by Organizations
Several organizations are already preparing for the new standard.
Check My Travel Risk is a website created to serve as a tool for organizations to check their travel risk management program and execution against the ISO 31030 standard. This site provides guidance to organizations on how to manage employees’ travel risks. It can be used by any organization, regardless of origin, industry, or size. The technology company, Safeture, and the insurance company, Aon, jointly created this website to promote the new ISO standard. The website is a free resource for any organization to use as part of their travel risk program.
Global Secure Accreditation (GSA) maintains an independent global standard for hotel security. It offers a security and safety accreditation based on the new ISO standard. GSA has developed several resources to address the new standard to support personnel managing and participating in business travel within their organization or for other organizations. GSA has developed travel risk management training and audits based on the upcoming standard. Completing the ISO 31030 audit provides an organization with an independent verification that their travel risk management program meets international standards. Organizations can demonstrate that they are adhering to the guidelines in the standard. GSA founder Bob Quick is a member of the ISO 31030 Working Group.
Pyramid Temi Group (PTG) is an Italian travel risk management company that provides travel security for organizations worldwide. They offer an ISO 31030 Readiness Assessment Checklist. Roger Warwick, the CEO, is a founding member of the ISO Technical Committee for the development of the standard.
Remote Risk International Limited (R2Ri) provides travel security training, support, and services for businesses and non-profit organizations that operate in remote areas. Members of the company have participated in the drafting committee for leading safety standards including ISO 31030.
Effect on Travel by Organizations
Once released, ISO 31030 will become the new global standard for travel risk management for organizations. It is not a legal standard, but it will be seen as the benchmark for best practices. When something goes wrong, a key question will be whether an organization adopted and followed the standard.
Organizations will not be able to get certified against ISO 31030, however it could be converted into a certifiable standard in the future. For now, it will serve as the gold standard for organizational competence in travel risk management.
Importance of Standards in the Post-Pandemic World
In the post-COVID-19 world, travel risk management will be more important than ever. The safety concerns of traveling employees have increased, and the employer’s Duty of Care responsibility is higher than before the pandemic.
The new standard will be especially helpful in promoting a return to travel. Traveling personnel will feel safer knowing there are processes in place to reduce risk and provide support if necessary.
The introduction of a Travel Risk Management standard is long overdue. It will play an important role in strengthening travel risk management guidance. ISO 31030 will evolve over time, but the release later this year will be a major advancement for travel safety and security.
UPDATE: Even as we are waiting for the official release of ISO 31030, the U.S. and Canada jointly submitted a New Item Work Proposal (NP) to ISO to create a new standard. The proposed standard, Managing Risk for Youth and School Trips, would provide specific guidance for youths on both domestic and international travel.