Académique Documents
Professionnel Documents
Culture Documents
0.1 General 1.1 General Although there are no sub-clauses in the introduction of ISO
20000-1, both standards state in their introductions the need
for a process approach for the planning, establishment,
implementation, operation, maintenance, and improvement to
fulfill the requirements of an ISO management system (for
information security and services, in this case).
0.2 Compatibility with other There are no similar clauses in ISO 20000-1.
management systems
1 Scope 1 Scope
1.1 General Although there are no sub-clauses in the scope of ISO 27001,
both standards state here what is included: requirements for
1.2 Application the management system, service management (ISO 20000-1),
and information security risk evaluation and treatment (ISO
27001).
The generality of the standard required (fit for all kinds of
organizations, independent of size, type, and nature).
2 Normative references 2 Normative references This requirement s identical for both standards, except for
references specific for each standard.
3 Terms and definitions 3 Terms and definitions Both standards list their own Fundamentals and vocabulary
(ISO 27000 for ISO 27001, and ISO 20000-1 provides its own
definitions of the main terms).
You can use the Service Management System (SMS) Plan to map
the specific aspects of the Service Management System context
and, with a few adjustments, use a similar map to identify
information security context aspects of your ISMS.
4.2 Understanding the needs 4.5.1 Define scope You can use the same document to list requirements regarding
and expectations of 7.1 Business relationship the services to be provided. See a sample document here: List
interested parties management of Legal, Regulatory, Contractual and Other Requirements
4.3 Determining the scope of 4.5.1 Define scope You can use the same document to define the scope of your
the information security SMS. See sample document here: ISMS Scope Document
management system
4.4 Information security There is no exact clause in ISO 20000-1 similar to this ISO 27001
management system clause, but the following clauses provide some useful detail that
can help you to better understand ISO 27001 clause 4.4:
ISO 20000-1 clause 4.5.2 Plan the SMS (Plan) See
details in ISO 27001 clauses 6 and 7.
ISO 20000-1 clause 4.5.3 Implement and operate the
SMS (Do) See details in ISO 27001 clause 8.
ISO 20000 clause 4.5.4 Monitor and review the SMS
(Check) See details in ISO 27001 clause 9.
ISO 20000 clause 4.5.5 Maintain and improve the SMS
(Act) See details in ISO 27001 clauses 6 and 10.
6.2 Information security 4.1.1 Management commitment Objectives for both standards, and plans for their realization,
objectives and planning to 6.6.1 b) can be placed in one document. See sample document here:
achieve them Service Management System (SMS) Plan