RISK MANAGEMENT INTEGRATION THROUGH ISO 9001:2015, ISO/IEC 27001:2013 AND ISO 22301:2012 STANDARD REQUIREMENTS

Abstract

The main purpose of this paper is to indicate how the organization can deal with risks related to quality, information security and business continuity through the coordination of different risk management methods, and to present the importance of risk management for organizations nowadays. We analyzed the requirements of ISO 9001:2015, ISO/IEC 27001:2013 and ISO 22301:2014 related to risk management. This served to create a base for integrating the requirements of the above - mentioned standards into a simple system that helps organizations to examine and continually treat risks is shown through this paper. Furthermore, a set of useful tools and methods for implementation of integrated risk management, based on the perceived requirements of the standards, will be presented in this paper, along with benefits and threats that may occur during the implementation.