Information technology. Security techniques. Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

Information technology. Security techniques. Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

£200.00
£200.00
£100.00
Sold out

The relationship between information security and service management is so closely intertwined that many organizations already recognize the benefits of adopting ISO/IEC 27001 for information security and ISO/IEC 20000-1 for service management.

It is common for an organization to improve the way it operates to conform to the requirements of one International Standard and then make further improvements to conform to the requirements of the other.

That’s why we’ve published ISO/IEC 27013:2012 which provides organizations advice on how to make integrated use of information security and service management system standards. A number of advantages can be gained by implementing an integrated management system which takes into account not only the services provided, but also the protection of information assets.

These benefits can be experienced whether one standard is implemented before the other, or both standards are implemented simultaneously. Management and organizational processes, in particular, can derive benefit from the similarities between the International Standards and their common objectives.

An integrated implementation allows users to:

  • Gain credibility for an effective and secure service to both internal and external customers
  • Lower costs of an integrated programme
  • Reduce implementation time due to the integrated development of processes common to both standards
  • Eliminate necessary duplication
  • Promote understanding between service management and security personnel
  • Improve the certification process.

Users of this International Standard include auditors, organizations implementing information security and/or service management systems, and organizations involved in auditor certification or training, certification/registration of management systems, and accreditation or standardization in the area of conformity assessment.

Contents Page

Foreword

Introduction

1 Scope

2 Normative references

3 Terms, abbreviated terms and definitions

4 Overviews of ISO/IEC 27001 and ISO/IEC 20000-1

5 Approaches for integrated implementation

6 Integrated implementation considerations

Annex A

Annex B

Bibliography

Figures