Processes are a series of structured and interrelated activities or tasks designed to achieve specific company objectives. They ensure the systematic management of an organization's operations by providing a framework for consistent and repeatable activities.
Operational Processes: These are day-to-day activities that maintain the organization’s general activities.
Management Processes: These processes involve planning, monitoring, and reviewing tasks to ensure they meet the organization’s requirements.
Support Processes: These provide necessary resources and support to the operational and management processes. Examples include HR management, financial management, and IT support.
There is a large variety of different standards and frameworks focussing on processes. Below, you’ll find a subset of related references.
ISO 9001 (Quality Management Systems):
Focuses on quality management principles including strong customer focus, the motivation and implication of top management, the process approach, and continual improvement.
Provides a framework for organizations to meet customer and other stakeholder needs within statutory and regulatory requirements.
ISO 31000 (Risk Management):
Provides guidelines for risk management principles and implementation.
Applicable to any organization regardless of size, industry, or sector.
ISO 14001 (Environmental Management Systems):
Specifies requirements for an effective environmental management system (EMS).
Helps organizations improve their environmental performance through more efficient use of resources and waste reduction.
ISO/IEC 20000 (IT Service Management):
Specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain, and improve a service management system (SMS).
Lean Six Sigma:
Combines Lean manufacturing/Lean enterprise and Six Sigma to improve performance by systematically removing waste and reducing variation.
Focuses on process improvement and variation reduction through the application of DMAIC (Define, Measure, Analyze, Improve, Control).
Business Process Model and Notation (BPMN):
Provides a graphical representation for specifying business processes in a Business Process Diagram (BPD).
Widely used for business process modeling to ensure consistency and understanding among stakeholders.
Total Quality Management (TQM):
Focuses on long-term success through customer satisfaction.
Integrates fundamental management techniques, existing improvement efforts, and technical tools under a disciplined approach.
COBIT (Control Objectives for Information and Related Technologies):
Provides a framework for developing, implementing, monitoring, and improving IT governance and management practices.
Helps enterprises achieve their objectives for the governance and management of enterprise IT.
ITIL (Information Technology Infrastructure Library):
Provides a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of the business.
Offers guidance on the provisioning, management, and delivery of IT services.
The Balanced Scorecard:
A strategic planning and management system used to align business activities to the vision and strategy of the organization.
Improves internal and external communications, and monitors organizational performance against strategic goals.
ISO/IEC 27001: The leading international standard for ISMS, providing requirements for establishing, implementing, maintaining, and continuously improving an ISMS.
NIST Cybersecurity Framework: The National Institute of Standards and Technology developed a framework that provides guidelines for managing and reducing cybersecurity risks.
PCI DSS (Payment Card Industry Data Security Standard): Sets security requirements for organizations that handle branded credit cards from the major card schemes.
Processes are fundamental to the effective operation of a company. By systematically managing and securing information through well-defined and structured processes, organizations can protect their information assets against a wide range of threats. Implementing and adhering to recognized standards and frameworks provides a robust foundation for these processes, enabling organizations to not only comply with regulatory requirements but also to build trust with stakeholders and continuously improve their information security posture.
Click “Create Process,” fill out the form with all necessary data, and finish by clicking the “Create“button. Processes are often centralized and documented within a company. You can enter an external link to your favorite external application, the master for processes' data.
You can maintain all your high-level processes here if you don't have such an application.
GRC Assets of the module “Risk Management“ (optionally) reference processes for potential analysis of business impacts.
Having done this, you’ll see the new process in the overview:
