International Standards and Conformity Assessment for all electrical, electronic and related technologies

March 2013

 

Integrating information security and

service management processes

New International Standard provides integration advice

Integration of security best practices and service management processes helps lower the total cost of maintaining acceptable security levels while effectively managing risks. A new International Standard published by IEC and ISO (International Organization for Standardization) provides organizations with guidance on when to use two existing Standards which address very similar processes and activities.

Security and service management closely linked

The relationship between information security and service management is so close that many organizations recognize the benefits of adopting the two standards – ISO/IEC 27001 for information security and ISO/IEC 20000-1 for service management. This can bring advantages through an integrated management system which takes into account the services provided and also the protection of information assets.

Guidance on when Standards are to be used

The new ISO/IEC 27013, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, provides guidance on whether one standard is to be implemented before the other, or if both standards are implemented simultaneously, depending on the situation.

Range of users

Users of this International Standard include auditors, organizations implementing information security and/or service management systems, and organizations involved in auditor certification or training, certification/registration of management systems, and accreditation or standardization in the area of Conformity Assessment.

Benefits of ISO/IEC 27001 Ed.1

Key benefits of an integrated implementation include:

  • Gaining credibility for an effective and secure service to internal or external customers
  • Lowering costs
  • Reducing implementation time
  • Eliminating necessary duplication
  • Promoting understanding between service management and security personnel
  • Improving the certification process

ISO/IEC 27013, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, was developed by joint technical committee ISO/IEC JTC 1: Information technology, SC (Subcommittee) 27: IT Security techniques, in cooperation with ISO/IEC JTC 1, subcommittee SC 7: Software and systems engineering.

 

 

  • Information security and service management are often closely linked
  • Integrated implementation helps to lower costs and reduce implemenation time
  • ISO/IEC 27013 provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

 

 

Find out more