Unique Risk Management Framework for ISO 27001, ISO 22301 and ISO 9001

Can we have single Risk Management Framework to  meet the requirements of ISO27001, ISO22301 and ISO9001:2015.  I am aware and have experience in ISO27001 Risk Management Requirements.  But how can we enhance it to cover ISO22301 and ISO9001 as the ISO9001 also requires Risk Management to followed.
 

Answer:

Yes, from my point of view you can have an unique Risk Management Framework for ISO 27001, ISO 22301 and ISO 9001, but considering differences between these standards, because for example can be considered different risks in ISO 27001 (information security), ISO 22301 (business continuity), and ISO 9001 (quality). But you can define general steps: Establish the context, Risk identification, risk analysis, risk evaluation, risk treatment, etc (although the details can be very different: the identification of risk in information security is very different that in quality)
This article can be interesting for you “Can ISO 27001 risk assessment be used for ISO 22301?” : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#section22
By the way, ISO 31000 is a guide of best practices for the risk management, and you can use it for any type of risk. You can download and buy this standard from the official site of iso.org : https://www.iso.org/standard/43170.html
This article can be also interesting for you “ISO 31000 and ISO 27001 – How are they related?” : https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/