Premium
ISO 31000‐based integrated risk management process assessment model for IT organizations
Author(s) -
Barafort Béatrix,
Mesquida AntoniLluís,
Mas Antònia
Publication year - 2019
Publication title -
journal of software: evolution and process
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.371
H-Index - 29
eISSN - 2047-7481
pISSN - 2047-7473
DOI - 10.1002/smr.1984
Subject(s) - risk management , process management , itil security management , information security management system , process (computing) , information technology infrastructure library , interoperability , risk analysis (engineering) , business , computer science , information technology , information security , computer security , cloud computing , security information and event management , finance , security service , network security policy , cloud computing security , operating system
Abstract Governance, Risk management, and Compliance activities are key challenges faced by organizations. Process Models and Capability Process Assessments are governance instruments that can help organization in assessing and improving their processes. Several ISO standards propose process models for Management System Standards based on ISO 9001, ISO/IEC 20000‐1, and ISO/IEC 27001, and for project management with ISO 21500. The ISO 31000 standard provides guidance for Risk management with a process approach and systemic perspective. This paper presents an ISO 31000‐based Integrated Risk Management Process Assessment Model (PAM) for IT organizations enabling to integrate on an easy way several ISO process‐oriented standards which are often targeted by IT organizations. This PAM integrates risk management dimensions with ISO 9001, ISO 21500, ISO/IEC 20000‐1, and ISO/IEC 27001. It offers a centralized and integrated risk management approach which provides the basis to improve, coordinate, and interoperate risk management activities.