The International Organization for Standardization / International Electrotechnical Commission (ISO/IEC) Joint Technical Committee (JTC) 1, Information Technology, in connection with its Subcommittee (SC) 7, Software and systems engineering, and SC 27, IT Security techniques, has developed and published a new International Standard, ISO/IEC 27013:2012, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1. The new document provides guidance related to the integrated implementation of standards dealing with service management and information security.
Due to the related nature of service management and information security goals in many organizations, it has become increasingly common for companies and other groups to implement both the ISO/IEC 27001, Information technology - Security techniques - Information security management systems – Requirements, and ISO/IEC 20000-1, Information technology - Service management - Part 1: Service management system requirements, technical standards. ISO/IEC 27013:2012 assists these organizations in their efforts to implement an integrated management system covering both provided services and the safeguarding of information assets. The new standard contains guidelines that cover instances where one of the two standards is implemented first, as well as where both standards are simultaneously implemented.
The integrated implementation assisted by the new standard provides a number of significant benefits to auditors and organizations involved in certification of management systems or conformity assessment-related accreditation, among others. The guidelines included in ISO/IEC 27013:2012 are expected to help organizations lower the costs associated with an integrated management system; bolster understanding between service management and security personnel; cut down on management system implementation time; and eliminate duplication of efforts, among other positive effects.
Created in 1987, JTC 1 works to address the standardization needs of the global ICT industry, speeding the developmental process and the wide deployment of relevant standards. The U.S. plays a leading role in JTC 1, with the American National Standards Institute (ANSI) holding the secretariat and Karen Higginbottom, director of standards initiatives at Hewlett-Packard, serving as JTC 1’s chair. The ANSI-accredited U.S. Technical Advisory Group (TAG) Administrator to JTC 1 and SC 27 is the InterNational Committee for Information Technology Standards (INCITS), an ANSI member and accredited standards developer (ASD), while the TAG Administrator to SC 7 is ANSI member and ASD IEEE.