Everyone talks about it. A few make it. The integration of differentiated and specialized risk management systems in an enterprise-wide risk management, which in turn is integrated into the value chain management of the company. Because risk management is about securing values, whether currently existing or future planned levels.
Thus, the ISO / IEC is 27005 specialized and focused on data in an IT system, while the ISO integrated 31000 and generically the top level is standard for risk management systems.
Not coincidentally, the risk management processes of ISO 31000 and ISO / IEC 27005 are almost identical. Not coincidentally, the two standards follow the same logic and systematics. Integration has not the subtle differences, but the substantial similarities to the subject.
A specialized risk management in accordance with ISO / IEC is 27005 integrate naturally into an enterprise-wide risk management according to ISO 31000th
We show in a seminar of qSkills GmbH in Nuremberg [link to homepage] on 16 17/5/2011 and how to do it:
GRC03: Integration of risk management systems ISO27005/31000
0 comments:
Post a Comment