Integracija menadžmenta rizika kroz zahteve standarda ISO 9001:2015, ISO/IES 27001:2013 i ISO 22301:2012

Abstract

Svrha ovog rada je da sagleda na koji se način organizacije mogu baviti rizicima u vezi sa kvalitetom, bezbednošću informacija i kontinuitetom poslovanja kroz koordinaciju različitih metoda za menadžment rizika, kao i da predstavi značaj koji menadžment rizika ima na današnje poslovanje. Rad će analizirati zahteve standarda ISO 9001:2015, ISO/IEC 27001:2013 i ISO 22301:2014 koji su u vezi sa menadžmentom rizika. Rad će na ovaj način prikazati integraciju zahteva prethodno pomenutih standarda u jednostavan sistem koji pomaže kompaniji da sagleda i kontinuirano tretira rizike. Na osnovu sagledanih zahteva standarda, biće prikazan skup korisnih alata i metoda pomoću kojih se može implementirati integrisani menadžment rizika, uz njegove koristi i pretnje koje se mogu javiti u toku implementacije.

The main purpose of this paper is to indicate how the organization can deal with risks related to quality, information security and business continuity through the coordination of different risk management methods, and to present the importance of risk management for organizations nowadays. We analyzed the requirements of ISO 9001:2015, ISO/IEC 27001:2013 and ISO 22301:2014 related to risk management. This served to create a base for integrating the requirements of the above - mentioned standards into a simple system that helps organizations to examine and continually treat risks is shown through this paper. Furthermore, a set of useful tools and methods for implementation of integrated risk management, based on the perceived requirements of the standards, will be presented in this paper, along with benefits and threats that may occur during the implementation.