John Burton CIPFA IRM heads up our risk management practice. John was Head of Risk Management and Corporate Governance at Transport for London before joining the TMS Group. Our work is built around three key standards. ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.

ISO 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

ISO 20000:2012 enables organisations to plan, design, transition, deliver and improve of your Information Technology Service Management System and services. At a minimum this includes service management policies, objectives, plans, service management processes, process interfaces, documentation and resources. The SMS provides ongoing control, greater effectiveness, efficiency and opportunities for continual improvement of service management and of services. It enables your organisation to work effectively with a shared vision and objectives