Abstract. In order to secure collaborative business processes, we present a methodological approach that early integrates security and risk management throughout the design process of service-oriented architectures. We develop our methodology based on two complementary axes: the first being the business needs while the second, is ensuring a consistent security between partners at the runtime. The information security is globally applied to business needs, service specifications and infrastructure deployment. Finally, we annotate services with security parameters that could be used to improve the selection of secure services in run-time.