Integrated Risk Management Process Assessment Model for IT Organizations based on ISO 31000 in an SO Multi-Standards Context

Abstract

[eng] With risk management as a key challenge for most organizations, aligning and improving organisational and business processes is essential. Capability and Maturity Models can contribute to assess and then enable process improvement. With the need to integrate risk management in IT Organizations (IT department/organisation), ISO/IEC 15,504–330xx process assessment approach combined with the latest version of ISO 31,000 for risk management can be the foundations for new process models. An integrated process-based approach with various popular and market demands ISO standards (ISO 9001, ISO 21,500, ISO/IEC 20,000–1 and ISO/IEC 27,001) is proposed in the paper; it explains how the Integrated Risk Management Process Assessment Model for IT Organizations in an ISO multi-standards context is developed with a Design Science research method.