Part 4 - IMS Integration

Part 4: Integrated Risk Management | ISO 27001, ISO 27701 & ISO 42001 In this video, we move from theory into practice — showing how risk is actually managed in an Integrated Management System (IMS). 📄 The presentation slides are also available here:https://www.linkedin.com/posts/alison-wickens-641b893_ims-integration-part-4-activity-7444357691197702144-jcSQ?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAC1PFEBZ3u-y7vxiToCmB_MgO3SKydN6jE Building on the Annex SL structure, this session unpacks how organisations can manage risk across security, privacy, and AI using a single, coordinated approach. We explore: How to define risk using cause → event → impact The difference between risk identification, analysis, and evaluation How to assess risk across multiple domains (security, privacy, AI) What happens after risk evaluation — including treatment and control selection (SoA) How to move from risk into controls, monitoring, and improvement What an integrated risk register and dashboard should look like The key takeaway? 👉 You don’t manage risk separately per standard. 👉 You manage it once — with visibility across all domains. This is where integration becomes real. 💡 Disclaimer: This content reflects my understanding and practical experience working with these standards. As areas like AI governance continue to evolve, I’m continuously learning and refining my approach.