ISO 31000‐based integrated risk management process assessment model for IT organizations

Abstract

[eng] Governance, Risk management, and Compliance activities are key challenges faced by organizations. Process Models and Capability Process Assessments are governance instruments that can help organization in assessing and improving their processes. Several ISO standards propose process models for Management System Standards based on ISO 9001, ISO/IEC 20000‐1, and ISO/IEC 27001, and for project management with ISO 21500. The ISO 31000 standard provides guidance for Risk management with a process approach and systemic perspective. This paper presents an ISO 31000‐based Integrated Risk Management Process Assessment Model (PAM) for IT organizations enabling to integrate on an easy way several ISO process‐oriented standards which are often targeted by IT organizations. This PAM integrates risk management dimensions with ISO 9001, ISO 21500, ISO/IEC 20000‐1, and ISO/IEC 27001. It offers a centralized and integrated risk management approach which provides the basis to improve, coordinate, and interoperate risk management activities.