Certification by the Global Risk Foundation is a recognition of the level of risk management capability your organisation has attained. It demonstrates the strengths of your risk management framework and the degree of integration of risk management into your business activities.

Requirements for Certification

To obtain a certificate from the Global Risk Foundation, you must have participated in an evaluation conducted by us or by one of our approved providers. The evaluation process and scoring must have been approved by us.

Evaluation is usually conducted against an internationally-recognised standard, such as:

  • International Organization for Standardization, ISO 31000 Risk management - Principles and guidance, or an equivalent national standard issued by a National Standards Organisation
  • Committee of Sponsoring Organizations (COSO) Enterprise Risk Management Framework.

We rely on our providers, the people who undertake the evaluation, to attest to your capabilities. We generally require them to send us a copy of their evaluation report, describing the approach they have taken, what they found and what they concluded.


Naturally, we hold information about your evaluation very securely:

  • We only maintain a copy of evaluation material for as long as we need to assess the evaluation process, after which we destroy all physical and electronic copies
  • We will maintain its security at a level no less stringent than we apply to our own confidential and commercially-sensitive information
  • We will send you a non-disclosure agreement before we examine any documents, and we are happy to sign any specific additional non-disclosure agreement you may require.

Get started