Skip to main content
SpringerLink
Log in

How to Integrate Risk Management in IT Settings Within Management Systems? Comparison and Integration Perspectives from ISO Standards

  • Conference paper
  • First Online:
Software Process Improvement and Capability Determination (SPICE 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 609))

Abstract

With the omnipresence of IT in any business, risk management is a critical and central activity. IT companies or IT department in companies may seek certification against one or several management system standard(s). Then risk management have to be tackled in the context of the domain targeted by each management system. This paper is investigating how risk management could be integrated from several ISO standards that are relevant for IT settings: quality management, project management, IT service management and information security management. Based on the reference standard ISO 31000 dedicated to risk management, a comparison is performed in order to identify risk management related activities in the ISO high level structure for management system standards, ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001, and to elicit integration vectors. The paper concludes on future works aiming at proposing a process reference and assessment model for integrating risk management activities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. ISO/IEC 27001: Information technology – Security techniques – Information security management systems – Requirements. International Organization for Standardization, Geneva (2013)

    Google Scholar 

  2. ISO/IEC 20000-1: Information Technology — Service management — Part 1: Service management system requirements. International Organization for Standardization, Geneva (2011)

    Google Scholar 

  3. ISO 9001: Quality management systems – Requirements. International Organization for Standardization, Geneva (2015)

    Google Scholar 

  4. ISO 31000: Risk management – Principles and guidelines. International Organization for Standardization, Geneva (2009)

    Google Scholar 

  5. Casadesús, M., Karapetrovic, S., Heras, I.: Synergies in standardized management systems: Some empirical evidence. TQM J. 23(1), 73–86 (2011). Emerald Insight

    Article  Google Scholar 

  6. Simon, A., Karapetrovic, S., Casadesús, M.: Difficulties and benefits of integrated management systems. Ind. Manage. Data Syst. 112(5), 828–846 (2012). Emerald Insight

    Article  Google Scholar 

  7. ISO Survey (2014). http://www.iso.org/iso/iso-survey

  8. Mesquida, A.L., Mas, A.: Integrating IT service management requirements into the organizational management system. Comput. Stand. Interfaces 37, 80–91 (2015). Elsevier

    Article  Google Scholar 

  9. Mesquida, A.L., Mas, A., Amengual, E., Cabestrero, I.: Sistema de gestión integrado según las normas ISO 9001, ISO/IEC 20000 e ISO/IEC 27001. Rev. Esp. Innovación Calidad e Ing. del Softw. 6(3), 25–34 (2010). ATI

    Google Scholar 

  10. Mesquida, A., Mas, A., San Feliu, T., Arcilla, M.: MIN-ITs: a framework for the integration of IT management standards in mature environments. Int. J. Software Eng. Knowl. Eng. 24(06), 887–908 (2014). World Scientific

    Article  Google Scholar 

  11. CMMI for Development, Acquisition & Services, version 1.3. Carnegie Mellon University, Software Engineering Institute (2010)

    Google Scholar 

  12. ISO/IEC 15504-2: Information Technology — Process assessment — Performing an assessment. International Organization for Standardization, Geneva (2003)

    Google Scholar 

  13. ISO/IEC TS 15504-8: Information Technology — Process assessment — An exemplar process assessment model for IT service management. International Organization for Standardization, Geneva (2012)

    Google Scholar 

  14. ISO/IEC 33072: TS Information Technology — Process Assessment — Process capability assessment model for information security management. International Organization for Standardization, Geneva (to be published)

    Google Scholar 

  15. Domingues, P., Sampaio, P., Arezes, P.M.: Integrated management systems assessment: a maturity model proposal. J. Cleaner Prod. (2016). doi:10.1016/j.jclepro.2016.02.103

    Google Scholar 

  16. ISO/IEC Directives, Part1. Annex SL. International Organization for Standardization, Geneva (2014)

    Google Scholar 

  17. Cortina, S., Mayer, N., Renault, A., Barafort, B.: Towards a process assessment model for management system standards. In: Mitasiunas, A., Rout, T., O’Connor, R.V., Dorling, A. (eds.) SPICE 2014. CCIS, vol. 477, pp. 36–47. Springer, Heidelberg (2014)

    Google Scholar 

  18. ISO/IEC 27005: Information technology– Security techniques – Information security risk management – Requirements. International Organization for Standardization, Geneva (2011)

    Google Scholar 

  19. ISO 21500: Guidance on project management. International Organization for Standardization, Geneva (2012)

    Google Scholar 

  20. Mesquida, A.-L., Mas, A., Lepmets, M., Renault, A.: Development of the project management SPICE (PMSPICE) framework. In: Mitasiunas, A., Rout, T., O’Connor, R.V., Dorling, A. (eds.) SPICE 2014. CCIS, vol. 477, pp. 60–71. Springer, Heidelberg (2014)

    Google Scholar 

  21. Mesquida, A.-L., Mas, A., Barafort, B.: The project management SPICE (PMSPICE) process reference model: towards a process assessment model. In: O’Connor, R.V., et al. (eds.) EuroSPI 2015. CCIS, vol. 543, pp. 193–205. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24647-5_16

    Chapter  Google Scholar 

  22. The Cabinet Office. ITIL Lifecycle Publication Suite. The Stationery Office Edition (2011)

    Google Scholar 

  23. Cots, S., Casadesús, M.: Exploring the service management standard ISO 20000. Total Qual. Manage. Bus. Excellence 26(5-6), 515–533 (2015). Taylor Francis Online

    Article  Google Scholar 

  24. ISO/IEC 33004: Information Technology - Process assessment - Requirements for process reference, process assessment and maturity models. International Organization for Standardization, Geneva (2015)

    Google Scholar 

Download references

Acknowledgments

This work has been partially supported by the Spanish Ministry of Science and Technology with ERDF funds under grants TIN2013-46928-C3-2-R.

Author information

Authors and Affiliations

  1. Luxembourg Institute of Science and Technology, 5 Avenue des Hauts-Fourneaux, 4362, Esch-sur-Alzette, Luxembourg

    Béatrix Barafort

  2. Department of Mathematics and Computer Science, University of the Balearic Islands, Cra. de Valldemossa, Km 7.5, Palma de Mallorca, Spain

    Antoni-Lluís Mesquida & Antònia Mas

Authors
  1. Béatrix Barafort
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antoni-Lluís Mesquida
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antònia Mas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Béatrix Barafort .

Editor information

Editors and Affiliations

  1. Lero Irish Software Research Centre, Dublin City University Lero Irish Software Research Centre, Dublin, Ireland

    Paul M. Clarke

  2. Dublin City University , Dublin 9, Ireland

    Rory V. O'Connor

  3. Software Quality Institue, Griffith University Software Quality Institue, Brisbane, Queensland, Australia

    Terry Rout

  4. Impronova AB , Drabergsvagen, Lindome, Sweden

    Alec Dorling

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Barafort, B., Mesquida, AL., Mas, A. (2016). How to Integrate Risk Management in IT Settings Within Management Systems? Comparison and Integration Perspectives from ISO Standards. In: Clarke, P., O'Connor, R., Rout, T., Dorling, A. (eds) Software Process Improvement and Capability Determination. SPICE 2016. Communications in Computer and Information Science, vol 609. Springer, Cham. https://doi.org/10.1007/978-3-319-38980-6_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-38980-6_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-38979-0

  • Online ISBN: 978-3-319-38980-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation