ISO270012013vs.ISO20000-1201.PDFVIP

Copyright ?2015 27001Academy. All rights reserved. ISO 27001:2013 vs. ISO 20000-1:2011 matrix ISO 27001:2013 vs. ISO 20000-1:2011 matrix Copyright ?2015 27001Academy. All rights reserved. 2 ISO/IEC 27001:2013 ISO/IEC 20000-1:2011 Explanation 0 Introduction Introduction 0.1 General 1.1 General Although there are no sub-clauses in the introduction of ISO 20000-1, both standards state in their introductions the need for a process approach for the planning, establishment, implementation, operation, maintenance, and improvement to fulfill the requirements of an ISO management system (for information security and services, in this case). 0.2 Compatibility with other management systems There are no similar clauses in ISO 20000-1. 1 Scope 1 Scope 1.1 General Although there are no sub-clauses in the scope of ISO 27001, both standards state here what is included: requirements for the management system, service management (ISO 20000-1), and information security risk evaluation and treatment (ISO 27001). The generality of the standard required (fit for all kinds of organizations, independent of size, type, and nature). Like ISO 27001, ISO 20000-1 does not allow exclusions of clauses. 1.2 Application 2 Normative references 2 Normative references This requirement s identical for both standards, except for references specific for each standard. 3 Terms and definitions 3 Terms and definitions Both standards list their own “Fundamentals and vocabulary” (ISO 27000 for ISO 27001, and ISO 20000-1 provides its own definitions of the main terms). ISO 27001:2013 vs. ISO 20000-1:2011 matrix Copyright ?2015 27001Academy. All rights reserved. 3 ISO/IEC 27001:2013 ISO/IEC 20000-1:2011 Explanation 4 Context of the organization 4.5 Establish and improve the SMS 7 Relationship processes 4.1 Understanding the organization and its context 4.5.1 Define scope You can use the same document to define the process of ide