IEC 31010
Risk Assessment Techniques ISO companion
IEC 31010:2019 · 41 catalogued techniques · Selection guidance for ISO 31000

IEC 31010 is the international standard that catalogues, compares and gives selection guidance for risk-assessment techniques. It is the operational companion to ISO 31000: where ISO 31000 specifies the principles, framework and process, IEC 31010 supplies the toolbox and explains, for each of more than forty techniques, when it is applicable, what data it requires, what kinds of output it produces, and what its strengths and limitations are.

Overview of the standard

IEC 31010 began as a 2009 dual-logo IEC/ISO standard accompanying the first edition of ISO 31000. The 2019 second edition substantially expanded the catalogue to 41 techniques and reorganised them around the steps of the ISO 31000 risk-management process: scope, context and criteria; risk identification; risk analysis (consequences, likelihood, controls); and risk evaluation. Annex B gives a one- to three-page profile of every technique. Annex A gives a multi-criteria selection matrix that maps techniques against process step, level of expertise required, time and resource intensity, and the kind of output produced.

The standard is deliberately method-neutral. Brainstorming, structured what-if (SWIFT), checklists, FMEA, HAZOP, scenario analysis, bow-tie, fault-tree analysis, event-tree analysis, layer-of-protection analysis, Bayesian networks, Monte-Carlo simulation, human-reliability analysis (HRA), business-impact analysis, root-cause analysis and reliability-centred maintenance all sit alongside one another. The accompanying ISO Guide 73 fixes the vocabulary so that organisations using different techniques can still talk to one another. IEC 31010 is normatively referenced by ISO 31000 itself and by industry-specific risk standards including ICAO Doc 9859, ISO 14971 (medical devices) and ISO/SAE 21434 (automotive cybersecurity).

IEC 31010 — selecting techniques across the ISO 31000 process Scope, context & criteria • Stakeholder analysis • PESTLE / SWOT • Impact criteria • Survey / questionnaire • Brainstorm framing Identification of risk • Brainstorming • Checklists • SWIFT · Delphi • HAZOP · HAZID • Scenario analysis • Cindynic approach Analysis consequences · likelihood • FMEA / FMECA • Fault & event trees • Bow-tie · LOPA • Bayesian networks • Monte-Carlo • HRA · CREAM · THERP Evaluation & treatment selection • Risk indices & matrices • Cost / benefit (CBA) • ALARP demonstration • Multi-criteria (MCDA) • Game theory · F-N curves • As-low-as-reasonably practicable judgement
Figure 1. IEC 31010 organises 41 techniques against the four assessment activities of the ISO 31000 process; Annex A's selection matrix maps each technique against context, data, expertise and output type.

When to use it

Typical applications

  • Selecting a fit-for-purpose technique for a given problem
  • Building a corporate risk-assessment toolkit and training curriculum
  • Justifying technique choice to auditors and regulators
  • Standardising vocabulary across departments and contractors
  • Mixing qualitative, semi-quantitative and quantitative methods

Aviation relevance

  • Referenced by ICAO Doc 9859 for SMS risk-management techniques
  • Underpins EASA and FAA SMS risk-assessment guidance material
  • Supports HAZOP, FMEA, FTA and bow-tie use in aerodrome and ANSP studies
  • Provides Bayesian and Monte-Carlo guidance for FDM analytics
  • Used alongside ARP 4761 in safety-assessment workstreams

Benefits

One-stop reference

Forty-one techniques described in a common template — scope, inputs, process, outputs, strengths and limitations — make comparison and combination explicit rather than tacit.

Selection discipline

Annex A's selection matrix forces analysts to justify technique choice against process step, data availability and resourcing, reducing default reliance on whichever method the team knows best.

Common vocabulary

Aligned with ISO Guide 73, IEC 31010 lets engineers, managers and regulators talk about likelihood, consequence, control and uncertainty without method-specific jargon getting in the way.

Sector-neutral

Designed to plug into industry-specific standards (ICAO 9859, ISO 14971, ISO/SAE 21434) so a single corporate risk method survives expansion across regulated domains.

Limitations

Breadth without depth

Each technique gets only a few pages; practitioners still need the primary literature (e.g. IEC 60812 for FMEA, IEC 61025 for FTA) to apply a method correctly.

Selection is judgement

The Annex A matrix is helpful but not algorithmic; choosing the wrong technique remains a real risk, especially for analysts trained in only one method family.

Process-step framing

The four-column structure can mask the iterative reality of risk assessment, where analysis often sends the team back to re-scope or re-identify, rather than progressing linearly.

Quantitative-method caveats

For Bayesian, Monte-Carlo and HRA techniques the standard's coverage is summary-level; misuse risk is high without specialist support, particularly for safety-critical decisions.

In short

IEC 31010 is the operational toolbox for ISO 31000: 41 risk-assessment techniques described in a common format, with selection guidance that helps analysts pick a method fit for the question rather than the habit.

References (APA 7)

International Electrotechnical Commission. (2019). Risk management — Risk assessment techniques (IEC 31010:2019). IEC.

International Organization for Standardization. (2018). Risk management — Guidelines (ISO 31000:2018). ISO.

International Organization for Standardization. (2009). Risk management — Vocabulary (ISO Guide 73:2009). ISO.

International Civil Aviation Organization. (2018). Safety management manual (Doc 9859, 4th ed.). ICAO.

Society of Automotive Engineers. (2010). Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment (ARP 4761A). SAE International.

Further reading

Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research, 253(1), 1–13.

Rausand, M., & Haugen, S. (2020). Risk assessment: Theory, methods, and applications (2nd ed.). Wiley.

Center for Chemical Process Safety. (2008). Guidelines for hazard evaluation procedures (3rd ed.). Wiley.

HSE. (2001). Reducing risks, protecting people (R2P2). UK Health and Safety Executive.