Skip to main content
Top

Hint

Swipe to navigate through the chapters of this book

2017 | Supplement | Chapter

Developing an Integrated Risk Management Process Model for IT Settings in an ISO Multi-standards Context

Authors : Béatrix Barafort, Antoni-Lluís Mesquida, Antònia Mas

Published in: Software Process Improvement and Capability Determination

Publisher: Springer International Publishing

share
SHARE

Abstract

With risk management as a key topic for most organizations, aligning and improving organisational and business processes is essential. Capability and Maturity Models can contribute to assess and then enable process improvement. With the need to integrate risk management in IT settings (IT department/organisation), ISO/IEC 15504-330xx process assessment approach combined with ISO 31000 for risk management can be the foundations for new process models. An integrated process-based approach with various market-demanded ISO standards (ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001) is proposed in the paper; it explains how the Integrated Risk Management Process Model for IT settings in an ISO multi-standards context is developed with a Design Science research method.
Literature
1.
go back to reference ISO/IEC ISO/IEC 15504: Information technology – Process assessment, Parts 1-10. International Organization for Standardization, Geneva (2003, 2012) ISO/IEC ISO/IEC 15504: Information technology – Process assessment, Parts 1-10. International Organization for Standardization, Geneva (2003, 2012)
2.
go back to reference ISO/IEC 330xx: Information Technology - Process assessment. International Organization for Standardization, Geneva (2013, 2017) ISO/IEC 330xx: Information Technology - Process assessment. International Organization for Standardization, Geneva (2013, 2017)
3.
go back to reference ISO/IEC 15504-5: Information Technology – Process assessment – An exemplar software life cycle process assessment model. International Organization for Standardization, Geneva (2012) ISO/IEC 15504-5: Information Technology – Process assessment – An exemplar software life cycle process assessment model. International Organization for Standardization, Geneva (2012)
4.
go back to reference ISO/IEC 15504-8: Information Technology – Process assessment – An exemplar process assessment model for IT service management. International Organization for Standardization, Geneva (2012) ISO/IEC 15504-8: Information Technology – Process assessment – An exemplar process assessment model for IT service management. International Organization for Standardization, Geneva (2012)
5.
go back to reference ISO/IEC 33072: TS Information Technology – Process Assessment – Process capability assessment model for information security management. International Organization for Standardization, Geneva (2016) ISO/IEC 33072: TS Information Technology – Process Assessment – Process capability assessment model for information security management. International Organization for Standardization, Geneva (2016)
8.
go back to reference Lepmets, M., McCaffery, F., Clarke, P.: Development and benefits of MDevSPICE ®, the medical device software process assessment framework. J. Softw. Evol. Process 28(9), 800–816 (2016) Lepmets, M., McCaffery, F., Clarke, P.: Development and benefits of MDevSPICE ®, the medical device software process assessment framework. J. Softw. Evol. Process 28(9), 800–816 (2016)
9.
go back to reference ISO/IEC 27001: Information technology – Security techniques – Information security management systems – Requirements. International Organization for Standardization, Geneva (2013) ISO/IEC 27001: Information technology – Security techniques – Information security management systems – Requirements. International Organization for Standardization, Geneva (2013)
10.
go back to reference ISO/IEC 20000-1: Information Technology – Service management – Part 1: Service management system requirements. International Organization for Standardization, Geneva (2011) ISO/IEC 20000-1: Information Technology – Service management – Part 1: Service management system requirements. International Organization for Standardization, Geneva (2011)
11.
go back to reference ISO 9001: Quality management systems – Requirements. International Organization for Standardization, Geneva (2015) ISO 9001: Quality management systems – Requirements. International Organization for Standardization, Geneva (2015)
12.
go back to reference ISO/IEC ISO 21500: Guidance on project management. International Organization for Standardization, Geneva (2012) ISO/IEC ISO 21500: Guidance on project management. International Organization for Standardization, Geneva (2012)
13.
go back to reference Barafort, B., Mesquida, A.L., Mas, A.: Integrating risk management in IT settings from ISO standards and management systems perspectives. Comput. Stand. Interfaces (2016) Barafort, B., Mesquida, A.L., Mas, A.: Integrating risk management in IT settings from ISO standards and management systems perspectives. Comput. Stand. Interfaces (2016)
14.
go back to reference Barafort, B., Mesquida, A.L., Mas, A.: How to elicit Processes for an ISO-based Integrated Risk Management Process Reference Model in IT Settings? In: To be published in Proceedings of the 24th European System & Software Process Improvement and Innovation Conference 2017, Ostrava (2017) Barafort, B., Mesquida, A.L., Mas, A.: How to elicit Processes for an ISO-based Integrated Risk Management Process Reference Model in IT Settings? In: To be published in Proceedings of the 24th European System & Software Process Improvement and Innovation Conference 2017, Ostrava (2017)
15.
go back to reference ISO 31000: Risk management – Principles and guidelines (2009) ISO 31000: Risk management – Principles and guidelines (2009)
16.
go back to reference Barafort, B., Renault, A., Picard, M., Cortina, S.: A transformation process for building PRMs and PAMs based on a Collection of Requirements – Example with ISO/IEC 20000. In: 8th International SPICE 2008 Conference, Nuremberg (2008) Barafort, B., Renault, A., Picard, M., Cortina, S.: A transformation process for building PRMs and PAMs based on a Collection of Requirements – Example with ISO/IEC 20000. In: 8th International SPICE 2008 Conference, Nuremberg (2008)
17.
go back to reference Peffers, K., Tuunanen, T., Rothenberger, M., Chatterjee, S.: A design science research methodology for information systems research. J. Manage. Inf. Syst. 24(3) (2008) Peffers, K., Tuunanen, T., Rothenberger, M., Chatterjee, S.: A design science research methodology for information systems research. J. Manage. Inf. Syst. 24(3) (2008)
18.
go back to reference Buglione, L., Abran, A., von Wangenheim, C.G., McCaffery, F., Hauck, J.C.R.: Risk management: achieving higher maturity & capability levels through the LEGO approach. In: 2016 Joint Conference of the International Workshop on Software Measurement and the International Conference on Software Process and Product Measurement (IWSM-MENSURA), pp. 131–138. IEEE, October 2016 Buglione, L., Abran, A., von Wangenheim, C.G., McCaffery, F., Hauck, J.C.R.: Risk management: achieving higher maturity & capability levels through the LEGO approach. In: 2016 Joint Conference of the International Workshop on Software Measurement and the International Conference on Software Process and Product Measurement (IWSM-MENSURA), pp. 131–138. IEEE, October 2016
19.
go back to reference ISO, Economic benefits of standards – International case studies. ISBN 978-92-10556-7 ISO, Economic benefits of standards – International case studies. ISBN 978-92-10556-7
21.
go back to reference MacMahon, S.T., McCaffery, F., Keenan, F.: The MedITNet assessment framework: development and validation of a framework for improving risk management of medical IT networks. J. Softw. Evol. Process 28(9), 817–834 (2016) CrossRef MacMahon, S.T., McCaffery, F., Keenan, F.: The MedITNet assessment framework: development and validation of a framework for improving risk management of medical IT networks. J. Softw. Evol. Process 28(9), 817–834 (2016) CrossRef
22.
go back to reference ISO/IEC 27005: Information technology – Security techniques – Information security risk management – Requirements. International Organization for Standardization, Geneva (2011) ISO/IEC 27005: Information technology – Security techniques – Information security risk management – Requirements. International Organization for Standardization, Geneva (2011)
23.
go back to reference Denning, P.J.: A new social contract for research. Commun. ACM 40(2), 132–134 (1997) CrossRef Denning, P.J.: A new social contract for research. Commun. ACM 40(2), 132–134 (1997) CrossRef
24.
go back to reference March, S., Smith, G.: Design and natural science research on information technology. Decis. Support Syst. 15(4), 251–266 (1995) CrossRef March, S., Smith, G.: Design and natural science research on information technology. Decis. Support Syst. 15(4), 251–266 (1995) CrossRef
25.
go back to reference ISO/IEC TR 24774: Software and systems engineering – Life cycle management – Guidelines for process description. International Organization for Standardization, Geneva (2010) ISO/IEC TR 24774: Software and systems engineering – Life cycle management – Guidelines for process description. International Organization for Standardization, Geneva (2010)
Metadata
Title
Developing an Integrated Risk Management Process Model for IT Settings in an ISO Multi-standards Context
Authors
Béatrix Barafort
Antoni-Lluís Mesquida
Antònia Mas
Copyright Year
2017
DOI
https://doi.org/10.1007/978-3-319-67383-7_24

Premium Partner