Standards & ComplianceBS 8848ISO 21101ISO 31030ISO 31031

Building a Safety Management System: How to Align with BS 8848, ISO 21101, ISO 31030 & ISO 31031

A practical guide for organisations ready to move from ad-hoc safety practices to a structured, standards-aligned Safety Management System

April 202613 min readTRSS Standards & Compliance Team

Every year, organisations that send people overseas—whether corporate travelers, students, volunteers, or expedition teams—face the same question: "Can we prove we did everything reasonably practicable to keep them safe?" A Safety Management System (SMS) turns that question from a liability nightmare into a confident "yes." This guide walks you through what an SMS actually is, why it matters, how it aligns with the key international standards, and the practical steps to build one—whether you're a tour operator, university, NGO, or corporate travel programme.

Why Build a Safety Management System?

An SMS isn't a folder of risk assessments gathering dust. It's a living framework that connects your safety policy, risk processes, competence management, emergency plans, and incident learning into one auditable, continuously improving system.

Legal & Duty of Care Protection

Demonstrates "reasonable practicable steps" in the event of an incident. Courts and coroners increasingly expect documented, systematic safety management—not just good intentions.

Reduced Incidents & Near-Misses

Organisations with structured SMS frameworks report 40–60% fewer serious safety incidents within three years of implementation. Proactive hazard identification catches problems before they become headlines.

Competitive Advantage & Market Access

Increasingly, clients, insurers, and procurement teams require evidence of standards alignment before awarding contracts. An SMS opens doors that ad-hoc safety practices cannot.

Insurance Premium Reductions

Insurers recognise the risk reduction that comes with a structured SMS. Organisations typically see 15–25% reductions in liability and travel insurance premiums after implementation.

Operational Consistency

An SMS ensures safety doesn't depend on one experienced person. It embeds knowledge into processes, checklists, and training—so safety survives staff turnover.

Continuous Improvement Culture

Incident reporting, near-miss analysis, and management review cycles create a learning organisation—one that gets safer with every trip, not just luckier.

The Four Standards You Need to Know

BS 8848, ISO 21101, ISO 31030, and the new ISO 31031:2024 are not competing frameworks—they're complementary layers that together form a complete safety architecture.

BS 8848:2014

Specification for the Provision of Visits, Fieldwork, Expeditions & Adventurous Activities Outside the UK

The UK's gold standard for any organisation sending people overseas on organised trips—schools, universities, charities, gap-year providers, corporate expeditions, and adventure operators.

Appoint a single "venture provider" who takes overall responsibility—including for subcontractors

Give participants informed choice: clear pre-trip information on risks, requirements, and expectations

Conduct systematic risk assessments with documented controls

Ensure leader competence is matched to the specific venture

Maintain robust emergency plans with escalation procedures

Manage third-party providers (local operators, transport, accommodation) as part of your duty of care

ISO 21101:2014

Adventure Tourism — Safety Management Systems — Requirements

The international SMS framework for adventure tourism providers. Think of it as ISO 9001 applied specifically to participant safety—structured, auditable, certifiable.

Define a safety policy with top-management commitment

Identify hazards and assess risks systematically for every activity and location

Implement operational controls: trip planning, participant screening, go/no-go criteria

Ensure staff competence with documented training records

Establish emergency preparedness: plans, drills, coordination with local services

Report and investigate incidents and near-misses; implement corrective actions

Conduct management reviews to drive continuous improvement

ISO 31030:2021

Travel Risk Management — Guidance for Organisations

The dedicated travel risk management standard for any organisation whose people travel—corporate, academic, humanitarian, or governmental. Built on ISO 31000 (enterprise risk management), applied specifically to the travel lifecycle.

Establish a TRM policy approved by top management with defined roles across HR, Security, H&S, Legal, and Travel

Systematically identify threats: health, security, civil unrest, natural hazards, transport, information security

Assess destination risk + itinerary risk + traveller-specific factors; decide: accept, treat, avoid, or transfer

Implement risk treatments: briefings, training, vetted transport/accommodation, medical preparations, security measures

Maintain two-way communication: pre-trip advisories, check-ins, 24/7 emergency contact

Monitor with KPIs, post-trip reviews, after-action reports, and programme audits

ISO 31031:2024

Travel Risk Management — Guidance for Travellers

The newest addition to the ISO travel risk family, published 2024. Shifts the lens from the organisation to the individual traveller—providing practical, personal guidance on recognising and managing risks before, during, and after any trip. Complements ISO 31030 by empowering the people your organisation sends.

Understand your own risk profile: health conditions, experience level, cultural awareness, digital footprint

Research destination-specific threats: geopolitical, health, climate, infrastructure, legal systems

Prepare personal risk treatments: travel insurance, vaccinations, emergency contacts, secure communications

Maintain situational awareness during travel: monitor advisories, adjust plans dynamically

Report incidents and near-misses to your organisation; contribute to post-trip reviews

Understand your responsibilities under your employer’s TRM policy and duty-of-care framework

How They Fit Together

Think of it as concentric circles. ISO 31030 is the broadest—it covers all organisational travel risk management. ISO 31031:2024 sits alongside it, flipping the perspective to the individual traveller. ISO 21101 narrows the focus to adventure-specific activities with a certifiable SMS. BS 8848 adds the UK duty-of-care lens for overseas ventures. A well-built SMS can satisfy all four simultaneously, with ISO 31031 ensuring your travellers are active participants in managing their own safety.

Requirement Area	BS 8848	ISO 21101	ISO 31030	ISO 31031
Safety Policy & Leadership	✓	✓	✓	—
Risk Assessment	✓	✓	✓	✓
Competence Management	✓	✓	✓	✓
Emergency Planning	✓	✓	✓	✓
Third-Party/Supplier Management	✓	✓	✓	—
Incident Reporting & Learning	✓	✓	✓	✓
Participant/Traveller Information	✓	via 21103	✓	✓
Pre-Trip Health & Medical	✓	✓	✓	✓
TRM Programme Governance	—	—	✓	—
Certifiable SMS	—	✓	—	—
Personal Risk Ownership	—	—	—	✓

7 Steps to Build Your SMS

A practical roadmap from gap analysis to certification-ready operations

Gap Analysis & Scope Definition

Audit your current safety practices against BS 8848, ISO 21101, and ISO 31030 requirements. Identify what you already do well, what's missing, and what needs strengthening. Define the scope: which activities, destinations, traveller types, and organisational functions are covered.

Gap analysis reportSMS scope documentPriority action plan

Safety Policy & Leadership Commitment

Draft a safety policy signed by top management. Define roles and responsibilities—who owns risk assessment, who manages emergencies, who conducts reviews. Without visible leadership commitment, an SMS becomes a paper exercise.

Signed safety policyRoles & responsibilities matrixSafety committee terms of reference

Risk Assessment Framework

Build a systematic risk assessment process that covers destination risk, activity risk, and traveller-specific factors. Create risk registers, define risk appetite, and establish go/no-go criteria. This is the engine of your SMS.

Risk assessment methodologyRisk register templateGo/no-go decision matrix

Operational Controls & Procedures

Document the controls that reduce risk to an acceptable level: trip planning checklists, participant screening, equipment checks, supplier vetting, accommodation standards, transport safety criteria. Make them practical—if staff won't use them, they don't exist.

Standard operating procedures (SOPs)Supplier audit checklistsParticipant information packs

Competence & Training Programme

Map competence requirements to roles. Leaders, guides, drivers, and support staff each need specific skills verified and documented. Build a training matrix that covers technical skills, first aid, emergency response, and cultural awareness.

Competence frameworkTraining matrixCertification tracking system

Emergency Preparedness & Response

Develop emergency response plans for every foreseeable scenario—medical evacuation, natural disaster, security incident, missing person. Test them with desktop exercises and field drills. Establish 24/7 emergency contact capability.

Emergency response plansCrisis communication templatesDrill schedule & records

Monitoring, Review & Continuous Improvement

Establish incident and near-miss reporting. Conduct post-trip reviews and annual management reviews. Track KPIs (incident rates, training completion, audit scores). This is what turns a static system into a living one.

Incident reporting systemKPI dashboardManagement review schedule

Who Needs an SMS?

If your organisation sends people to places—and has a duty of care to bring them back safely—you need a structured SMS. The specifics vary by sector:

Tour Operators & DMCs

BS 8848 + ISO 21101 alignment demonstrates duty of care and opens access to school/university group markets that require evidence of standards compliance.

Schools & Universities

BS 8848 is the expected standard for educational overseas trips. An SMS protects the institution, the staff, and—most importantly—the students.

Corporate Travel Programmes

ISO 31030 provides the framework. An SMS demonstrates compliance with employer duty-of-care obligations under health & safety legislation.

NGOs & Humanitarian Organisations

Field teams operate in high-risk environments. An SMS aligned with ISO 31030 and BS 8848 provides the governance framework that donors and insurers expect.

Adventure Activity Providers

ISO 21101 certification is increasingly a market differentiator. Clients—especially institutional ones—check for it.

Event & MICE Organisers

Large-scale events with international attendees carry travel risk. An SMS ensures duty of care extends beyond the venue.

A Safety Management System is not a bureaucratic burden—it's the single most effective thing you can do to protect your people, your organisation, and your reputation. The standards are there. The frameworks exist. The question is whether your organisation is willing to move from reactive safety management to proactive, documented, continuously improving risk governance. The ones that do will be the ones that thrive—not just survive—in an increasingly risk-aware market.

Start Your SMS Build Explore Our Full Standards Guide