Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: DEUF
New Today: 33
New Yesterday: 84
Overall: 143609

People Online:
Visitors: 57
Members: 4
Total: 61 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - ISO20000 and ISO17799, can we adopt both?
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

ISO20000 and ISO17799, can we adopt both?

 
Post new topic   Reply to topic    ITIL Forum Index -> ITIL Discussion
View previous topic :: View next topic  
Author Message
jacknson
Newbie
Newbie


Joined: Jan 04, 2007
Posts: 2

PostPosted: Fri Jan 05, 2007 12:29 am    Post subject: ISO20000 and ISO17799, can we adopt both? Reply with quote

Dear Everyone, i need some help guys and girls. I need to adopt the ISO standard but i dont know which one? My firm provides security equipments and advice.

Can we adopt both, is it worth it?
Does part of ISO20000, section 6.6 consists of ISO17799? what are the similarities and differencies between these two series?
what about the ISO9000, i know this one is for quality management, can we adopt all three series?

Please help.
thanks a lot
Jack
Back to top
View user's profile
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3305
Location: London, UK

PostPosted: Fri Jan 05, 2007 3:34 am    Post subject: Reply with quote

ISO 20000 must be completely implemented. All 16 disciplines (10 of which are ITIL related/Based. 1 Security (ISO 17799) etc) must be implemented and audit in order to achieve ISO 20000

The security ISO can implemented as is.
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
jacknson
Newbie
Newbie


Joined: Jan 04, 2007
Posts: 2

PostPosted: Fri Jan 05, 2007 5:43 am    Post subject: Reply with quote

UKVIKING wrote:
ISO 20000 must be completely implemented. All 16 disciplines (10 of which are ITIL related/Based. 1 Security (ISO 17799) etc) must be implemented and audit in order to achieve ISO 20000

The security ISO can implemented as is.


Hi UKVIKING,
Thank you for your quick reply. However i am still a bit confused.Can i implement both ISO20000 and ISO17799. Could you or anyone else elaborate a little bit more on this subject please.
Thanks you
Jack
Back to top
View user's profile
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3305
Location: London, UK

PostPosted: Sat Jan 06, 2007 9:26 pm    Post subject: Reply with quote

Jacknson

The answer is yes

You can implement both ...

but in order to implement ISO 20000 you have to implement ALL 16 disciplines within ISO 20000 because your processes will be audited accroding to iSO20000:1 and ISO20000:2. I wrote a long commentary in another thread about the 16 disciplines.

One of tje disciplines within ISO 20000 is Information Security Management which ISO 17799 also covers... therefore if ISO 17799 is implemented, you have dealt with 1 of the 1 disciplines
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
Justin
Newbie
Newbie


Joined: Jan 25, 2007
Posts: 1

PostPosted: Thu Jan 25, 2007 8:11 pm    Post subject: ISO20000 and ISO27001 Reply with quote

Jack,

My former colleague John is absolutely spot on as usual. I shall just add to his comments. ISO17799 has now been replaced by ISO27001 but is essentially still the standard for IT Information Security Management. There is one aspect of ISO20000 dedicated to this. You can go for either but ISO20000 is dependent on the specified SCOPE and your interface to any suppliers of process to that scope, i.e. you may not have management control over your HR department but your scope relies on it to provide staff or a disciplinary process etc...

So, where John and I used to work we achieved ISO270001 for one part of the business and then achieved ISO20000 in that same part of the business but the assessors did not need to address the Information Security area as this had already been achieved by us attaining ISO27001 and thus concentrated on the other areas.

I hope this helps.

Justin
Back to top
View user's profile
itsmer
Itiler


Joined: Oct 11, 2006
Posts: 21

PostPosted: Wed Jan 31, 2007 11:01 pm    Post subject: great Reply with quote

I am currently implementing ISO20k in an organisation which has already got ISO27001.
What you need to understand where your requirement and focus is. If security focus and commitment is required then, 27001 is good. Some companies may have a organisational/regulatory requirement (banks,bpo's)
I always feel both are required, even though there are overlaps.
For e.g Clause 6.3 (service continuity and availability) and clause 6.6 Information security management in ISO20000 overlap with bcp and dr of 27001 and also with security risk management, security incident reporting and so on..

Understand the your current strength. Both certifications need commitment from people (management and staff).
cheers
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> ITIL Discussion All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.