Integrating information security and service management processes - IEC/ISO Standard provides integration advice

Issue 48 – April 2013

Integration of security best practices and service management processes helps lower the total cost of maintaining acceptable security levels while effectively managing risks. ISO/IEC 27013, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, provides organisations with guidance on when to use two existing Standards, which address very similar processes and activities.

Security and service management closely linked

The relationship between information security and service management is so close that many organisations recognise the benefits of using the two Standards – ISO/IEC Information technology – Security techniques – Information security management systems – Requirements and ISO/IEC 20000-1 Information technology – Service management – Part 1: Service management system requirements. This can bring advantages through an integrated management system, which takes into account the services provided and the protection of information assets.

Guidance on when Standards are to be used

ISO/IEC 27013 provides guidance on whether one Standard is to be implemented before the other, or if both Standards are implemented simultaneously, depending on the situation.

Range of users

Users of ISO/IEC 27013 include auditors, organisations implementing information security and/or service management systems, and organisations involved in auditor certification or training, certification/registration of management systems, and accreditation or standardisation in the area of conformity assessment.

Key benefits of an integrated implementation

Key benefits of an integrated implementation include:

  • gaining credibility for an effective and secure service to internal or external customers
  • lowering costs
  • reducing implementation time
  • eliminating necessary duplication
  • promoting understanding between service management and security personnel
  • improving the certification process.

Summarised from IEC's e-tech, March 2013.

Note: You can order IEC and ISO Standards from www.standards.co.nz or call 0800 782 632 during business hours or email enquiries@standards.co.nz. Members of Standards New Zealand receive a 20% discount on all NZS and AS/NZS Standards, and a 10% discount on all international Standards. Visit our membership page for more information.

 

Published in business and ICT.

You may be interested in these Standards: