Why does running board risk and operational risk in one place matter?
When the board's risk register and the staffroom's hazard assessments live in different tools, they drift. The board signs off a position that the ground level has already moved past.
- Board signs off a position the ground level has moved past.
- Operational hazards never roll up to strategic risk.
- Two tools means two truths at review time.
ISO 31000 structure
What is ISO 31000 risk software for schools?
It is risk management software whose structure follows ISO 31000, the international standard for risk management: a consistent way to identify, assess, treat, monitor and report risk. For schools it should cover both governance-level risk the board owns and operational hazards staff manage, in one coherent framework.
Same place, both layers
Board reporting and operational hazard assessment share one data set.
Clear accountabilities
Every risk and control has a named owner.
ISO 31000-aligned
Identify, analyse, evaluate, treat, monitor, report.
A Structured Risk Management Framework for Independent Schools
Built for clear ownership, board visibility and consistent risk language
EthosOne provides a pre-built framework for identification, analysis and evaluation so schools can govern risk consistently without building methodology from scratch.
01
Company-wide categories
Rating scales and appetite settings are pre-configured and cascade across campuses, so risk scoring stays consistent across teams.
02
Risk identification
Capture and categorise risks in one workflow, assign to the right register, and maintain clean governance context from day one.
03
Risk analysis
Rate likelihood and consequence before controls, then document active controls to establish an inherent risk profile the board can trust.
04
Risk evaluation
Evaluate residual risk and define treatments required to align risks with appetite thresholds, making oversight continuous instead of annual.
How is EthosOne different from CompliSpace for risk?
CompliSpace splits these layers: board-level reporting tends to land in DIY Power BI dashboards while operational risk runs through build-your-own forms. EthosOne keeps board reporting and operational hazard assessment in the same ISO 31000-aligned workspace with owners on each item.
| Layer | CompliSpace | EthosOne |
|---|---|---|
| Board risk reporting | DIY Power BI dashboards | Live roll-up in platform |
| Operational hazard assessment | Build-your-own forms | Same ISO 31000 workspace |
| Shared data set | Often disconnected | One register, two views |
| Named owners | Varies by module | Built-in per risk and control |
Operational Risk Assessments for Schools
Assess events and activities with structured controls and traceable follow-through
Designed for high-impact scenarios including camps and excursions, with risk outputs ready for leadership review and board assurance.
01
Operational assessments
Run point-in-time risk assessments for activities, events and scenarios with clear controls and mitigation actions that are immediately board-usable.
02
Bow-tie reports
Generate structured bow-tie visualisations that present threats, controls and consequences in a format leadership and boards can discuss confidently.
03
Reusable templates
Standardise recurring assessments for camps, excursions and major events to reduce setup time and improve consistency across teams.
04
Record retention
Maintain complete risk history including controls, revisions and updates to support continuity, audit-readiness and governance evidence.
Common questions
Is EthosOne's risk module ISO 31000 certified?
EthosOne's risk approach is aligned to ISO 31000, the recognised structure for risk management. ISO 31000 is a framework, not a certification scheme for software.
Can the board and operational staff use the same risk data?
Yes. Board reporting and operational hazard assessment run on one shared set of risks and controls, each with a named owner.
Does it handle operational hazard assessment, not just strategic risk?
Yes. Both sit in the same place, which is what separates EthosOne from tools that only do board reporting or only do operational forms.
How does this connect to compliance and policy?
Risk, compliance and policy share the same workspace in EthosOne, so a control, the obligation behind it and the policy that documents it stay connected.