Integrating information security and
service management processes
New International Standard provides integration advice
Integration of security best practices and service management processes helps lower the total cost of maintaining acceptable security levels while effectively managing risks. A new International Standard published by IEC and ISO (International Organization for Standardization) provides organizations with guidance on when to use two existing Standards which address very similar processes and activities.
Security and service management closely linked
The relationship between information security and service management is so close that many organizations recognize the benefits of adopting the two standards – ISO/IEC 27001 for information security and ISO/IEC 20000-1 for service management. This can bring advantages through an integrated management system which takes into account the services provided and also the protection of information assets.
Guidance on when Standards are to be used
The new ISO/IEC 27013, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, provides guidance on whether one standard is to be implemented before the other, or if both standards are implemented simultaneously, depending on the situation.
Range of users
Users of this International Standard include auditors, organizations implementing information security and/or service management systems, and organizations involved in auditor certification or training, certification/registration of management systems, and accreditation or standardization in the area of Conformity Assessment.
Benefits of ISO/IEC 27001 Ed.1
Key benefits of an integrated implementation include:
- Gaining credibility for an effective and secure service to internal or external customers
- Lowering costs
- Reducing implementation time
- Eliminating necessary duplication
- Promoting understanding between service management and security personnel
- Improving the certification process
ISO/IEC 27013, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, was developed by joint technical committee ISO/IEC JTC 1: Information technology, SC (Subcommittee) 27: IT Security techniques, in cooperation with ISO/IEC JTC 1, subcommittee SC 7: Software and systems engineering.