by: VMware Senior Manager, Physical Security EMEA Gian-Rico Luzzi
An endless variety of events—from 9/11 to the pandemic and everything in-between—have heightened the need for corporate travel risk management (TRM) protocols. The reality is there are very few standards available to help companies navigate the myriad of risks business travel and mobility exposes. In the context of business travel, companies struggle to interpret and determine how to reduce the risk to as low a level as reasonably practicable. Many still operate with a siloed approach, and may incorporate:
- A travel manager or department focusing on getting people to and from destinations efficiently and cost effectively
- A security manager or department focusing on executive and/or high-risk travel (as required)
- Human resources (HR) focusing on managing relevant benefits and insurance, especially if travel involves an extended duration
- Other relevant parties unique to the company or situation focusing on their individual areas (such as events teams shipping a tradeshow booth or large demonstrator products)
Yet there may be very little cross-functional interaction—or none at all—and many of the other key internal stakeholders may not even be engaged. This could detrimentally result in strategic, organizational, financial, compliance, and even reputational risk being overlooked.
We do have standards after all
Like so much else in today’s modern society, the answer lies in establishing accepted standards that define what good looks like as British Standards Institute (BSI) standardization expert Russell Price so aptly put it. The solution has come in the form ISO 31030, a global TRM standard I am proud to say I had a hand in developing. This gargantuan task was not a simple undertaking. Begun in 2018, seven iterations of the standard were produced, four formal global consultations were conducted, and 1100 comments from 24 countries were reviewed.
Customized . . . like a well-tailored suit
For the first time ever, ISO 31030 offers organizations comprehensive guidance on how to create a framework or program proportionate to their size, profile, industry, and risk exposure. It is now the internationally accepted benchmark, and will no doubt be used by regulators in the future.
This standard provides terminology that enables a single language and common understanding of obligations for organizations and service providers. It also serves as comprehensive guidance regarding which internal and external stakeholders should be initially involved in setting up the program, and then those that are required to support ongoing operations. Importantly, the standard highlights what functions and services can and can’t be outsourced.
Now that you understand the basics of the TRM standard, check back for future blogs that will dig deep into TRM applied to the real world.
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or [email protected] to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.
