The standard advises users on the processes and supporting documentation required to implement an integrated dual management system, for example helping them to:
Implement ISO/IEC 27001 when they have already adopted ISO/IEC 20000-1, or vice versa;
Implement both ISO/IEC 27001 and ISO/IEC 20000-1 together from scratch or
Align and coordinate pre-existing ISO/IEC 27001 and ISO/IEC 20000-1 management systems.
The standard proposes a framework for organizing and prioritizing activities, offering advice on:
Aligning the information security and service management and improvement objectives;
Coordinating multidisciplinary activities, leading to a more integrated and aligned approach ;
A collective system of processes and supporting documents (policies, procedures etc.);
A common vocabulary and shared vision;
Combined business benefits to customers and service providers plus additional benefits arising from the integration of both management systems; and
Combined auditing of both management systems at the same time, with the consequent reduction in audit costs.
Owner
Standardisation body
Contact information
Published on
Last update
Status
Completed
Only facilitators and authors can create content.
Moderated