Integrating information security and service management processes

New International Standard provides integration advice

By Janice Blondeau

Integration of security best practices and service management processes helps lower the total cost of maintaining acceptable security levels while effectively managing risks. A new International Standard published by IEC and ISO (International Organization for Standardization) provides organizations with guidance on when to use two existing Standards which address very similar processes and activities.

Depositphotos_17464189_original
Information security and service management are often closely linked

Security and service management closely linked

The relationship between information security and service management is so close that many organizations recognize the benefits of adopting the two standards – ISO/IEC 27001 for information security and ISO/IEC 20000-1 for service management. This can bring advantages through an integrated management system which takes into account the services provided and also the protection of information assets.

Guidance on when Standards are to be used

The new ISO/IEC 27013, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, provides guidance on whether one standard is to be implemented before the other, or if both standards are implemented simultaneously, depending on the situation.

Range of users

Users of this International Standard include auditors, organizations implementing information security and/or service management systems, and organizations involved in auditor certification or training, certification/registration of management systems, and accreditation or standardization in the area of Conformity Assessment.

Benefits of ISO/IEC 27001 Ed.1

Key benefits of an integrated implementation include:

  • Gaining credibility for an effective and secure service to internal or external customers
  • Lowering costs
  • Reducing implementation time
  • Eliminating necessary duplication
  • Promoting understanding between service management and security personnel
  • Improving the certification process

ISO/IEC 27013, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, was developed by joint technical committee ISO/IEC JTC 1: Information technology, SC (Subcommittee) 27: IT Security techniques, in cooperation with ISO/IEC JTC 1, subcommittee SC 7: Software and systems engineering.

Gallery
Depositphotos_17464189_original Information security and service management are often closely linked
iStock_000004637317Medium Integrated implementation helps to lower costs and reduce implemenation time
Depositphotos_8162018_original (2) ISO/IEC 27013 provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1