ISO 31030 Travel Risk: How to Build a Compliant Duty of Care Programme for Mobile Workers

ISO 31030 sets the international standard for travel risk management. Here is what the communication requirements mean in practice for organisations with internationally mobile staff.

Published on
July 2, 2026

ISO 31030 arrived in 2021 as the first international standard specifically addressing travel risk management. Before its publication, organisations managing duty of care for internationally mobile staff were working to a patchwork of guidance from industry bodies, legal precedent, and internal policy. ISO 31030 consolidated and formalised what good looks like. For security and HR professionals responsible for staff who travel or are deployed internationally, it is now the benchmark against which any credible programme is assessed.

What Does ISO 31030 Actually Require?

ISO 31030 is structured around a risk management framework adapted from ISO 31000. At its core, it requires organisations to establish context (who travels, where, for what purposes), assess risk (what are the threats in each destination?), treat that risk (what controls are in place?), and monitor and review (is the programme working, and is it current?).

The standard does not prescribe specific technologies or processes in granular detail, which is partly what gives it durability. What it does require, with clarity, is that the communication component of travel risk management is treated as a first-order concern. Organisations must be able to communicate with travellers during emergencies, travellers must know how to seek assistance, and there must be a functioning escalation path that connects the traveller to appropriate support.

This is not a soft requirement. The standard explicitly addresses crisis communication as an element of the overall programme. An organisation that has excellent pre-travel risk briefings but no reliable way to reach a traveller in a crisis has a fundamental gap.

Who Does ISO 31030 Apply To?

The standard applies to any organisation that sends staff, contractors, or volunteers to locations outside their home country. This spans a wide range of organisations: multinationals with permanent international operations, professional services firms sending consultants on short-term assignments, NGOs deploying aid workers to conflict zones, media organisations with roving correspondents, and government agencies with staff posted overseas.

The standard scales. What it expects from an organisation sending five people to a conference in Brussels is materially different from what it expects of an extractive company with 200 field staff in West Africa. The proportionality principle is built in. For any organisation with staff in genuinely high-risk environments, the expectations are substantial.

What Does the Communication Component of ISO 31030 Require in Practice?

Working through the standard's requirements, the communication component of a compliant programme needs to address three phases: before travel, during travel, and during an emergency.

Before travel, staff need to receive relevant threat information for their destination and know how to access support. This is largely a pre-departure process and can be delivered through briefing materials, apps, or training. Generic country briefs don't cut it - risk is inherently dynamic and specific. This is built in, personalised and automated inside AtlasNXT.

During travel, the organisation needs to maintain awareness of where staff are, particularly in higher-risk environments. This does not mean tracking every movement, but it does mean having a mechanism to establish staff location when an incident occurs. Real-time GPS tracking through a platform like AtlasNXT, with staff consent, directly addresses this requirement.

During an emergency, the critical capability is bidirectional: the organisation must be able to reach the traveller, and the traveller must be able to reach the organisation. A one-way broadcast capability is insufficient. Two-way communication, available across multiple channels including SMS and satellite for areas with no mobile data, is the operational standard the ISO framework implies.

How Does Real-Time Location Tracking Integrate with ISO 31030 Compliance?

One of the tensions in ISO 31030 is between the duty of care obligation to know where staff are and the privacy rights of staff who may not want constant surveillance. The standard addresses this by requiring proportionality: tracking should be appropriate to the risk level of the deployment.

For staff in low-risk destinations, passive check-in capability (for example a mechanism to confirm safe arrival or departure) may be sufficient. For staff in high-risk or conflict-affected environments, active GPS tracking with the ability to trigger an alert is closer to the required standard.

AtlasNXT's Real-Time Tracking is built around a privacy-first model that makes this proportionality straightforward to implement. Location data is private by default and only becomes visible with the consent of the individual, which means staff in lower-risk environments are not subject to surveillance they have not agreed to. For staff in higher-risk deployments who have consented, the level of tracking can be configured to the context. The platform is fully GDPR compliant, and staff retain visibility of what is being collected about them. For the security manager, the critical capability is that in the event of an incident, a real-time map shows where every consenting staff member is, and a mass notification can be sent immediately to those in the affected area.

What Are the Consequences of Non-Compliance with ISO 31030?

ISO 31030 is not yet a legal regulation with penalties for non-compliance. However, its status as an international standard means it is increasingly referenced in legal proceedings following incidents involving internationally mobile staff. A court examining whether an employer took reasonable steps to protect a staff member will look at what the recognised standard required and whether the organisation met it.

Beyond litigation, there are commercial and reputational consequences. Insurers providing travel risk coverage are beginning to reference ISO 31030 standards when assessing risk and pricing policies. Clients and partners in high-risk sectors will use it as a procurement question. Talent who understand their rights will ask about it before accepting international assignments.

Of course, the case for building a compliant programme is not primarily about avoiding punishment. It is about creating an infrastructure that genuinely protects people. ISO 31030 exists because international travel carries real risk, and the communication thread that runs through the standard is the one that, in a crisis, makes the difference between a bad situation and a catastrophic one.

AtlasNXT helps organisations build ISO 31030-compliant travel risk communication programmes quickly and without unnecessary complexity. To understand what that looks like in practice, get in touch.