ISO 31022 – Risk Management-Guidelines for the Management of Legal Risk

Why ISO 31022?

Currently, all kinds of organizations including corporations and NGOs are facing increasingly challenging legal risks, including that the regulatory and legislative requirements for organizations in many countries are becoming more stringent and commercial contracting is become more complex. With the trend for economic globalization, the range of competition is moving from domestic market to international market. This results in a complex operating environment which exposes organizations to a wider variety of legal risks than those that  would arise from the usual daily operations and decision-making processes. When organizations manage their legal risks, they should want to be in a position more than just meeting their legal and contractual requirements, they should want to create value for their stakeholders. 

The purpose of this new standard ISO 31022 is to guide organizations in the management of legal risk in relation to all their operations and activities. It aims to help organizations meet the legal and regulatory requirements, manage contractual risk, enhance the organization’s strategic decision-making and improve the organization’s capability of handling complex legal environments. Organizations can use this standard to implement legal risk management process and establish a proper legal risk management framework tailored to their unique situation and needs.

Effective management of legal risks

Effective management of legal risk and the resulting control environment are central to corporate governance. Given that much of the law that has been created in direct response to corporate collapses and scandals, effective management of legal management is important. However, it should be noted that the management of legal risk is much more than just compliance.

It is widely understood that to be truly effective, the management of legal risk must become an integral part of the overall risk management, the culture of the organization and everyday business practices.

A new member of ISO 31000 family

ISO 31022 is a new member of the ISO 31000 family. While ISO 31000 provides generic principles and guidelines for all risks faced by organizations, ISO 31022 targets a specific category of risk. While all risks need to be managed effectively for the sustainable development of organizations, the legal risks faced by the organizations present unique challenges to the organizations. ISO 31022 adopts the principles of ISO 31000 and implements the risk management framework and the process of ISO 31000 according to the needs of the management of legal risks. ISO 31022 is developed to have the same structure as ISO 31000, with the main contents including the principles, the framework and the process for the easy reading alongside of ISO 31000.     

The standard published in May 2020. 


ISO/TC 262 working group 5 developed this standard with the support from 21 countries: Australia, Argentina, China,Canada, Colombia, Finland, France, Germany, India, Indonesia , Ireland, Japan, Jordan, Malaysia, Mexico, Panama, Portugal , Singapore, South Africa, Switzerland , United Kingdom, Uruguay , liaisons: ASIS,TC 251,ISO/TC 309,TC 46/SC11. 









Xiaohong Gao acted as the convenor from SAC.



Sam De Silva acted as the co-convenor from BSI.