Connect with us

Hi, what are you looking for?

Governance

ISO/IEC 27013

ISO/IEC 27013:2015 – Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 (2nd edition)

Introduction

In this standard, guides are provided for implementing a security management system and an IT service management system, both compliant with ISO/IEC 27001:2005 (ISMS) and ISO/IEC 20000-1:2011 (a standard for IT service management, based on ITIL).

Among the benefits are:

– Secure and effective information/IT service provision.
– Cost savings, a quicker implementation, increased communication, improved reliability, and an easier certification process because of integration and standardization.
– Understanding between information security and service management personnel.

Scope and objectives

By providing guidance on the processes and supporting documentation for implementing an integrated dual management system, the standard helps users:

– ISO/IEC 27001 implementation when ISO/IEC 20000-1 is already in place; or vice versa;
– Implementing both ISO/IEC 27001 and ISO/IEC 20000-1 together; or
– Ensure that existing ISO/IEC 27001 and ISO/IEC 20000-1 management systems operate in accordance.

The scope of this standard consists of two ISO/IEC JTC1 subcommittees. To maintain information security and IT service management perspectives, SC 27 and SC 7 collaborated to ensure they were both met.

The content

The standard offers guidelines for organizing and prioritizing activities, including advice on:

– Affirmation of the information security objectives and the improvement of the service management objectives;
– Coordination of multidisciplinary activities, resulting in an integrated and integrated approach (for example, both donor standards stipulate incident management, but the incidents are varying in scope but are mostly identical);
– A collection of processes and supporting documents (policy, procedure, etc.);
– A shared language and vision;
– A combination of benefits for service providers and customers, and additional benefits that result from the integration of both management systems; and
– Auditing both management systems simultaneously, which should result in a cost reduction.

The 27001 and 20000 standards are compared in two annexes.

The standard’s status

In 2012, the standard was published for the first time.

In 2015, this document was revised to coincide with ISO/IEC 27001 version 2013.

Revisions will bring the standard up to date with the current 2018 version of ISO/IEC 20000-1, as well as the current 2013 version of ISO/IEC 27001 standard. A 2022 publication date has been set.

Currently, the 3rd edition is in the Draft International Standard stage. The new title of the document will be “Information security, cybersecurity and privacy protection – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1”.

Commentary

100 times as many times as possible: “There is more to information security than securing IT. There is more to information security than securing IT. There is more to information security than securing IT. There is more to information security than securing IT …”

An organization that implements both ISO27k and ISO20k together would benefit from pragmatic advice. Perhaps the second or third edition’s 60 or so pages will be more helpful…

Due to a pending update to ‘27001,’ the revised standard will not reflect that update.

 

 

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Compliance

ISO/IEC 27034:2011+ – Information technology – Security techniques – Application security (all published except part 4) Introduction Business and IT managers, developers and auditors,...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Compliance

The article discusses Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights accordingly controls.A.18.1 Compliance with...