BS ISO/IEC 27013:2015 pdf download-Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1.
4 Overviews of ISO/IEC 27001 and ISO/IEC 20000-1 4.1 Understanding the International Standards An organization should have a good understanding of the characteristics, similarities and differences of ISO/IEC 27001 and ISO/IEC 20000-1 before planning an integrated management system for information security management and service management. This maximizes the time and resources available for implementation. 4.2 to 4.4 provide an introduction to the main concepts underlying both Internatonal Standards but should not be used as a substitute for a detailed review. 4.2 ISO/IEC 27001 concepts ISO/IEC 27001 provides a model for establishing, implementing, maintaining and continually improving an ISMS to protect information. Information can take any shape, be stored in any form and be used for any purpose by, or within, the organization. To achieve conformity with the requirements specified in ISO/IEC 27001, an organization should implement an ISMS based on a risk assessment process to identify risks to information. As part of this work, the organization should select, implement, monitor and review a variety of measures to manage these risks. These measures are known as controls. The organization should determine acceptable levels of risk, taking into account the requirements of interested parties relevant to information security. Examples of requirements are business requirements, legal and regulatory requirements or contractual obligations. ISO/IEC 27001 can be used by any type and size of organization. 4.3 ISO/IEC 20000-1 concepts ISO/IEC 20000-1 can be used by organizations, or parts of organizations, which use or provide services. This adds value for both the customer and the service provider. All processes covered by the standard should be controlled by the service provider, even if some processes are operated by other parties. It is only the service provider that can achieve conformity with the requirements specified in ISO/IEC 20000-1.
BS ISO/IEC 27013:2015 pdf download-Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
PS:
If you don't mind, please turn off your ad blocker.