Developing an integrated risk management process model for IT settings in an ISO multi-standards context

Auteurs

B. Barafort, A.-L. Mesquida, and A. Mas

Référence

in Software Process Improvement and Capability Determination: 17th International Conference (SPICE 2017), Palma de Mallorca, Spain, October 4–5, 2017, Proceedings, A. Mas, A. Mesquida, R. V. O'Connor, T. Rout, and A. Dorling (Eds.), Springer, pp. 322-336, 2017

Description

With risk management as a key topic for most organizations, aligning and improving organisational and business processes is essential. Capability and Maturity Models can contribute to assess and then enable process improvement. With the need to integrate risk management in IT settings (IT department/organisation), ISO/IEC 15504-330xx process assessment approach combined with ISO 31000 for risk management can be the foundations for new process models. An integrated process-based approach with various market-demanded ISO standards (ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001) is proposed in the paper; it explains how the Integrated Risk Management Process Model for IT settings in an ISO multi-standards context is developed with a Design Science research method.

Lien

doi:10.1007/978-3-319-67383-7_24