Jul,03

ISO IEC 27013 pdf – Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

ISO IEC 27013 pdf – Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

ISO IEC 27013 pdf – Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
4.2 ISO/IEC 27001 concepts ISO/IEC 27001 provides a model for establishing, implementing, maintaining and continually improving an information security management system (ISMS) to protect information. Information can take any form, be stored in any way and be used for any purpose by, or within, the organization. To achieve conformity with the requirements specified in ISO/IEC 27001, an organization should implement an ISMS based on a risk assessment process. As part of a risk treatment process, the organization should select, implement, monitor and review a variety of measures to manage identified risks. These measures are known as information security controls. The organization should determine acceptable levels of risk, taking into account the requirements of interested parties relevant to information security. Examples of requirements are business requirements, legal and regulatory requirements or contractual obligations. ISO/IEC 27001 can be used by any type and size of organization. Excluding any of the requirements specified in ISO/IEC 27001:2013, Clauses 4 to 10, is not acceptable when an organization claims conformity to ISO/IEC 27001.
4.3 ISO/IEC 20000-1 concepts ISO/IEC 20000-1 specifies requirements for establishing, implementing, maintaining and continually improving a service management system (SMS). An SMS supports the management of the service lifecycle, including the planning, design, transition, delivery and improvement of services, which meet agreed requirements and deliver value for customers, users and the organization delivering the services. Some of the requirements specified in ISO/IEC 20000-1 are grouped into clauses indicating processes, such as incident management, change management and supplier management. Some requirements for information security management are specified in ISO/IEC 20000-1:2018, 8.7.3. All requirements specified in ISO/IEC 20000-1 are generic and are intended to be applicable to all organizations, regardless of the organization’s type or size, or the nature of the services delivered. ISO/IEC 20000-1 is intended for management of services using technology and digital information. Exclusion of any of the requirements in ISO/IEC 20000-1:2018, Clauses 4 to 10, is not acceptable when the organization claims conformity to ISO/IEC 20000-1, irrespective of the nature of the organization.
4.4 Similarities and differences Service management and information security management are sometimes treated as if they are neither connected nor interdependent. The context for such separation is that service management can easily be related to efficiency, service quality, customer satisfaction and profitability, while information security management is often not understood to be fundamental to effective service delivery. As a result, service management is frequently implemented first. There are some shared concepts between these two disciplines, as well as concepts that are unique to each. Information security management and service management clearly address very similar requirements and activities, even though the SMS and the ISMS each highlight different details. When working with ISO/IEC 27001 and ISO/IEC 20000-1, it should be understood that their characteristics differ in more than one aspect. It is possible that the scopes of an ISMS and an SMS can differ (see 5.2). They also have different intended outcomes. ISO/IEC 20000-1 is designed to ensure that the organization provides effective services, while ISO/IEC 27001 is designed to enable the organization to manage information security risk and recover from or prevent information security incidents. See Annex A for details of the correspondence between ISO/IEC 27001:2013, Clauses 1 to 10, and ISO/IEC 20000-1:2018, Clauses 1 to 10. See Annex B for a comparison of topics between the controls in ISO/IEC 27001:2013, Annex A, and the requirements in ISO/IEC 20000-1:2018. See Annex C for a comparison of terms and definitions between ISO/IEC 27000 and ISO/IEC 20000-1.
5 Approaches for integrated implementation 5.1 General An organization planning to implement both ISO/IEC 27001 and ISO/IEC 20000-1 can be in one of three states as follows: — unofficial management arrangements exist which cover both information security management and service management but have not been formalized, documented or deliberately integrated into the organization ’s other activities;

Download
The previous

ISO IEC 24775-8 pdf - Information technology — Storage management — Part 8: Media libraries

The next

ISO IEC 27050-4 pdf - Information technology — Electronic discovery — Part 4: Technical readiness

Related Standards

IEC 63245-1 pdf – Spatial wireless power transfer based on multiple magnetic resonances – Part 1: Requirements
Jul,05 326
IEC 63245-1 pdf – Spatial wireless power transfer based on multiple magnetic resonances – Part 1: Requirements
IEC 63252 pdf – Energy consumption of vending machines
Jul,05 393
IEC 63252 pdf – Energy consumption of vending machines
IEC Guide 115 pdf – Application of uncertainty of measurement to conformity assessment activities in the electrotechnical sector
Jul,05 406
IEC Guide 115 pdf – Application of uncertainty of measurement to conformity assessment activities in the electrotechnical sector
IEC IEEE 63113 pdf – Nuclear facilities – Instrumentation important to safety – Spent fuel pool instrumentation
Jul,05 437
IEC IEEE 63113 pdf – Nuclear facilities – Instrumentation important to safety – Spent fuel pool instrumentation
IEC PAS 61162-103 pdf – Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 103: Single talker and multiple listeners – New and amended sentences and Talker IDs
Jul,05 277
IEC PAS 61162-103 pdf – Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 103: Single talker and multiple listeners – New and amended sentences and Talker IDs
IEC PAS 63325 pdf – Lifecycle requirements for functional safety and security for IACS
Jul,05 275
IEC PAS 63325 pdf – Lifecycle requirements for functional safety and security for IACS
IEC SRD 63235 pdf – Smart city system – Methodology for concepts building
Jul,05 331
IEC SRD 63235 pdf – Smart city system – Methodology for concepts building
IEC TR 61188-8 pdf – Circuit boards and circuit board assemblies – Design and use – Part 8: 3D shape data for CAD component library
Jul,05 284
IEC TR 61188-8 pdf – Circuit boards and circuit board assemblies – Design and use – Part 8: 3D shape data for CAD component library
IEC TR 62222 pdf – Fire performance of communication cables installed in buildings
Jul,05 393
IEC TR 62222 pdf – Fire performance of communication cables installed in buildings
IEC TR 63042-303 pdf – UHV AC transmission systems – Part 303: Guideline for the measurement of UHV AC transmission line power frequency parameters
Jul,05 271
IEC TR 63042-303 pdf – UHV AC transmission systems – Part 303: Guideline for the measurement of UHV AC transmission line power frequency parameters

Tags

www.standard-codes.com