In April 2026, the American Society of Safety Professionals (ASSP) published ANSI/ASSP Z310.1-2026, the first U.S.-based standard that provides guidelines for assessing and managing risk across an organization. It establishes principles, a framework, and a process to help organizations develop a structured approach to risk management that builds on concepts published in ISO 31000:2019, Risk Management Principles and Guidelines.

The new ANSI/ASSP standard is intended to provide more practical and simplified implementation-focused guidance, while remaining aligned with the global ISO standard.

Key Elements

ASSP’s new guidelines are designed for organizations of any size or sector to apply them across the organization’s lifecycle and to decision-making at all levels. Importantly, the guidelines expand beyond safety and compliance to inform organizational risk management. Specifically, the guidelines include the following key elements:

1. Integrate risk management into the organization’s management systems and operations. Risk management should not be treated as a separate or occasional exercise. It should be fully integrated into an organization’s management system, governance, leadership, strategy, and daily operations to help improve decision-making and create business value
2. Use a structured and consistent approach to risk management. The standard outlines a systematic process to identify, assess, address, monitor, and review risks consistently rather than informally or ad hoc.
3. Customize the approach to the organization’s context. The risk management approach should be tailored to the organization’s size, sector, operating environment, objectives, and specific risk profile rather than applied as a one-size-fits-all model.
4. Support decision-making at all levels. The standard supports and informs strategic, tactical, and operational decisions, not just safety or compliance functions.
5. Engaging stakeholders and being inclusive. Effective risk management should involve relevant internal and external stakeholders to ensure risk information is complete, practical, and actionable.
6. Using timely, clear, and available information. Risk decisions should be based on current and understandable information; however, the guidance recognizes that decisions often must be made under uncertainty when that information is not available.
7. Accounting for human and cultural factors. Organizational culture, behavior, and human factors affect how risks emerge, are perceived, and are controlled.
8. Remaining dynamic and evolving to continually improve. Organizations should anticipate change and monitor new or evolving risks to regularly improve their risk management practices over time.

Aligning with the Standard

ANSI/ASSP Z310.1-2026 is a voluntary guidance standard rather than a regulation. In practice, organizations typically demonstrate alignment by showing that risk management is documented, integrated into decision-making, applied consistently, and reviewed for effectiveness.

Aligning with the new guidelines by taking the following steps will help organizations move from fragmented or reactive risk practices to a more disciplined, organization-wide, decision-focused risk management system:

• Establish a formal risk management policy or framework tied to organizational objectives. Do we have a documented risk management policy, framework, or equivalent guidance approved by leadership?
• Define governance and accountability, including leadership oversight, roles, responsibilities, and escalation paths. Are roles, responsibilities, decision rights, and escalation paths for risk management clearly defined?
• Embed risk review into planning and decision-making such as strategy, projects, operations, procurement, and change management. Is risk management integrated into governance, leadership, strategy, and day-to-day operations rather than treated as a standalone exercise?
• Create a repeatable risk process for identifying, analyzing, evaluating, treating, monitoring, and communicating risks. Do we use a repeatable process to identify risks across strategic, operational, financial, safety, compliance, and other relevant areas?
• Document risk criteria and methods so risk ratings and treatment decisions are consistent. Do we apply defined criteria and methods to analyze likelihood, impact, velocity, uncertainty, or other relevant factors and evaluate priorities consistently? Have we tailored the risk management approach to our size, sector, objectives, regulatory environment, and risk profile?
• Engage relevant stakeholders when identifying and evaluating risks. Are relevant internal and external stakeholders engaged when identifying, assessing, and responding to risks?
• Use reliable data and review it regularly so decisions reflect current conditions. Is risk information used to support strategic, tactical, and operational decisions at all levels? Do risk decisions rely on timely, clear, and available information, and is that information reviewed regularly?
• Address culture and human factors in how risks are communicated, accepted, and controlled.  Do we consider human behavior, organizational culture, incentives, competence, and communication when assessing and managing risks?
• Monitor performance and continually improve through periodic reviews, lessons learned, and updates to controls and processes. Do we monitor internal and external changes and emerging risks and update assessments when conditions change? Do we routinely monitor risk indicators, review control effectiveness, and reassess significant risks? Do we use lessons learned, audits, incidents, and reviews to improve the risk management framework and process over time?

KTL’s team includes experienced risk assessors, risk managers, and safety professionals, who regularly apply the concepts included in the new guidance to help organizations effectively understand and manage their safety and organizational risks. If you need assistance interpreting and applying the ASSP/ANZI Z310.1-2026 standard, please contact KTL.

***
Note: The complete ASSP/ANSI Z310.1-2026 standard can be purchased in the ASSP Store.