Four years on: How ISO 31030 is shaping travel risk management

Healix has been a long-term partner in travel risk management, helping organisations protect their people wherever they travel. Four years on from when ISO 31030 was published, we’ve teamed up with GSA Global - one of the contributors to the guidance standard - to explore what’s changed, what’s working, and where there’s still room to improve.

Progress worth noting

From GSA's ISO 31030 Readiness Assessments carried out over the past four years, there’s clear evidence that the standard has driven positive change.

• Larger organisations are now investing in dedicated travel risk and security roles - people who combine expertise with a strong sense of care for colleagues.
• Many have recognised the limits of what they can manage internally, partnering with specialist providers like Healix to deliver 24/7 medical and security assistance wherever staff or students travel.
• Over 120 travel risk professionals across EMEA and the Americas now take part in GSA’s quarterly forums, sharing learning and shaping good practice.
• Insurers and brokers are starting to link training support to risk reduction, showing the value of prevention.
• Professionals are learning fast from global disruptions - from extreme weather and war to cyber events affecting travel.

“Since the launch of ISO 31030, awareness around travel risk has surged. There’s still work to do in engaging broader stakeholders, but the momentum is encouraging and signals strong potential for widespread adoption. Organisations are shifting from reactive approaches to proactive, multi-stakeholder strategies and they’re recognising the real value that external specialists bring to the table.”

Where progress has been slower

Despite this momentum, some consistent challenges remain.

GSA’s assessments show that where travel risk sits within corporate security, it tends to be better grounded and more connected to wider risk frameworks. Where it sits within travel or HR functions, coordination can be patchier.

Many travel risk professionals still learn on the job without a structured development path - and some feel isolated within their organisations. At the same time, key departments like HR, legal and procurement often underestimate their stake in travel risk management, seeing it as someone else’s problem.

Accommodation risk continues to be a weak spot. Travellers often choose hotels based on cost, not security, even in medium-risk areas. And while crisis management policies exist, they’re not always supported by clear roles, training or realistic exercises. 

“At GSA, we still see gaps between policy and practice, travel risk management often depends on a few committed individuals rather than being embedded across the organisation.”

Executive engagement is another concern. In many organisations, travel risk slips down the list of priorities until an incident occurs - a reminder that duty of care must be lived, not just written.

Signs of excellence

There are strong examples where leadership, skilled professionals and open communication come together. These organisations build a culture of engagement, where safety is seen as a shared responsibility - not a compliance box to tick.

At Healix, we’ve seen this mindset translate into faster responses, fewer incidents, and more confident travellers. It’s the difference between reacting to problems and anticipating them. 

“Navigating ISO 31030 and successfully integrating it with existing frameworks often brings fresh perspectives that can be used to improve the travel programme. Over time, the organisation - and crucially its travellers - will build their experience and insight on travel risk management.

TRM is always a partnership between people and the processes in place. ISO 31030 cements this building capability, trust, and performance. Good external partners are a key part of the equation as they don’t just implement the standard, they help you build internal competency and a more resilient organisation.”

What’s next for ISO 31030

ISO is now moving parts of the guidance toward a certifiable standard, shifting the conversation from what organisations should do to what they must do. It’s a major step forward for consistency and accountability. Crucially, it enables certification not just for the organisations themselves, but also for the vendors they rely on.

Emerging areas likely to shape future guidance include:

• Information security: with a focus on social engineering and human manipulation.
• The role of drones: both as potential threats and as tools for monitoring.
• New legal duties: such as UK laws linking anti-harassment obligations to business travel.

"Certification could be the catalyst for the next leap in travel risk maturity. ISO 31030 is fast becoming a must-have for employers serious about demonstrating duty of care to their travellers,” says Painter. “It pushes organisations to embed travel risk into their broader resilience strategies unlocking business value while protecting their people.

Looking ahead

Four years on, ISO 31030 has made travel risk management more visible, structured and accountable. Further change is inevitable - and welcome - as threats to organisations evolve. The challenge now is to ensure that new standards stay proportionate, practical, and supported by the right expertise. As both Healix and GSA agree, good travel risk management is not about bureaucracy - it’s about people, preparation and partnership.