Standards Seeker

BS ISO IEC 27013 pdf download

admin
BS ISO IEC 27013 pdf download

BS ISO IEC 27013 pdf download.Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
1 Scope
This International Standard provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for those organizations that are intending to either a) implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa, b) implement both ISO/IEC 27001 and ISO/IEC 20000-1 together, or c) integrate existing management systems based on ISO/IEC 27001 and ISO/IEC 20000-1. This International Standard focuses exclusively on the integrated implementation of an information security management system (ISMS) as specified in ISO/IEC 27001 and a service management system (SMS) as specified in ISO/IEC 20000-1. In practice, ISO/IEC 27001 and ISO/IEC 20000-1 can also be integrated with other management system standards, such as ISO 9001 and ISO 14001.
3 Terms, definitions and abbreviated terms
For the purposes of this document, the terms and definitions given in ISO/IEC 27000, ISO/IEC 20000-1 and ISO/IEC/TR 20000-10 apply. The following abbreviations apply. ISMS information security management system (from ISO/IEC 27001) SMS service management system (from ISO/IEC 20000-1) Annex A provides a comparison of content at a clause level between ISO/IEC 27001 and ISO/IEC 20000-1. Annex B provides a comparison of terms defined in the following: — ISO/IEC 27000, the glossary for ISO/IEC 27001;
4 Overviews of ISO/IEC 27001 and ISO/IEC 20000-1
4.1 Understanding the International Standards An organization should have a good understanding of the characteristics, similarities and differences of ISO/IEC 27001 and ISO/IEC 20000-1 before planning an integrated management system for information security management and service management. This maximizes the time and resources available for implementation. 4.2 to 4.4 provide an introduction to the main concepts underlying both Internatonal Standards but should not be used as a substitute for a detailed review. 4.2 ISO/IEC 27001 concepts ISO/IEC 27001 provides a model for establishing, implementing, maintaining and continually improving an ISMS to protect information. Information can take any shape, be stored in any form and be used for any purpose by, or within, the organization. To achieve conformity with the requirements specified in ISO/IEC 27001, an organization should implement an ISMS based on a risk assessment process to identify risks to information. As part of this work, the organization should select, implement, monitor and review a variety of measures to manage these risks. These measures are known as controls. The organization should determine acceptable levels of risk, taking into account the requirements of interested parties relevant to information security. Examples of requirements are business requirements, legal and regulatory requirements or contractual obligations. ISO/IEC 27001 can be used by any type and size of organization.4.3 ISO/IEC 20000-1 concepts ISO/IEC 20000-1 can be used by organizations, or parts of organizations, which use or provide services. This adds value for both the customer and the service provider. All processes covered by the standard should be controlled by the service provider, even if some processes are operated by other parties. It is only the service provider that can achieve conformity with the requirements specified in ISO/IEC 20000-1. The SMS directs and controls a service provider’s activities and resources in the design, development, transition, operation and improvement of services to fulfil service requirements as agreed with its customer(s). To fulfil the requirements specified in ISO/IEC 20000-1, the service provider should implement a range of specific service management processes. These include incident management, change management and problem management, amongst others. Information security management is one of the ISO/IEC 20000- 1 service management processes. ISO/IEC 20000-1 can be used by any type and size of organization. 4.4 Similarities and differences Service management and information security management are often treated as if they are neither connected nor interdependent. The context for such separation is that service management can easily be related to efficiency and profitability, while information security management is often not understood to be fundamental to effective service delivery. As a result, service management is frequently implemented first. However, as shown in Figure 1, many control objectives and controls in ISO/IEC 27001:2013, Annex A are also included within the service management requirements for an SMS specified in ISO/IEC 20000-1.

Download

PreviousBS ISO IEC 27043 pdf download

NextBS ISO IEC 25024 pdf download