What is this standard about?
This international standard gives up-to-date guidance on how to implement both BS ISO/IEC 27001(on information security) and ISO/IEC 20000 1 (on service management), in order to build an integrated management system.
Who is this standard for?
- Anyone implementing, or thinking of implementing, information security and service management systems
- All organizations involved in auditing integrated management systems
- All organizations involved in auditor certification, training, or registration of management systems
- Anyone involved in conformity assessment
Why should you use this standard?
The relationship between information security management and service management is so close that many organizations already recognize the benefits of adopting both BS ISO/IEC 27001 and BS ISO/IEC 20000-1. It’s common for an organization to improve the way it operates to achieve conformity with the requirements specified in one of these international standards and then make further improvements to achieve conformity with the requirements of the other.
There are a number of advantages in implementing an integrated management system that takes into account not only the services provided but also the protection of information. These include credibility for an effective and secure service to both internal and external customers, lower costs of an integrated programme, reduced implementation time due to the integrated development of processes common to both standards and promoting understanding between service management and security personnel.
What’s changed since the last update?
- The standard has been systematically reviewed by experts, who have taken into consideration recent technological and industry developments
- This second edition replaces the 2012 edition