What is ISO/IEC 27013 and why is it important for information security and service management
ISO/IEC 27013 is an international standard that provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, two widely recognized and adopted standards for information security management system (ISMS) and service management system (SMS) respectively. ISO/IEC 27013 helps organizations that want to:
implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa;
implement both ISO/IEC 27001 and ISO/IEC 20000-1 together; or
integrate existing management systems based on ISO/IEC 27001 and ISO/IEC 20000-1.
By following the guidance of ISO/IEC 27013, organizations can benefit from:
a consistent and aligned approach to managing information security and service quality;
a reduced risk of duplication, inconsistency, and conflict between the two management systems;
a more efficient and effective use of resources and processes;
a greater assurance of meeting the requirements and expectations of customers, stakeholders, and regulators.
The latest edition of ISO/IEC 27013 was published in November 2021 and replaces the previous edition from 2015. It reflects the updates and changes made to ISO/IEC 27001 and ISO/IEC 20000-1 in recent years. It also provides more practical examples and scenarios to illustrate how to apply the integrated implementation of the two standards.
If you are interested in learning more about ISO/IEC 27013, you can download a PDF version of the standard from the official website of the International Organization for Standardization (ISO) [^1^]. You can also find other related standards and publications on information security, cybersecurity, and privacy protection from the same source.
ISO/IEC 27013 is based on the principle of Plan-Do-Check-Act (PDCA), which is a common framework for managing and improving processes. It provides a step-by-step approach to plan, implement, monitor, review, and improve the integrated management system. It also explains how to use the common requirements and clauses of ISO/IEC 27001 and ISO/IEC 20000-1 to avoid duplication and inconsistency.
ISO/IEC 27013 is applicable to any organization that needs to manage information security and service quality in a coordinated and integrated manner. It can be used by organizations of any size, type, or sector. It can also be used by external consultants or auditors who assist organizations in implementing or assessing their integrated management system.
ISO/IEC 27013 is not a certification standard, but it can help organizations prepare for certification against ISO/IEC 27001 and ISO/IEC 20000-1. Certification can demonstrate to customers, stakeholders, and regulators that the organization has implemented an effective and reliable integrated management system that meets the international best practices for information security and service management. 061ffe29dd