Similarities and Differences between ISO 27001 and ISO 20000

Comments · 573 Views

When we converse with our clients we frequently talk about carrying out various ISO norms, and we regularly hear that ISO 20000 and ISO 27001 are exceptionally related and share a great deal for all intents and purposes and that executing one will make the other much more

When we converse with our clients we frequently talk about carrying out various ISO norms, and we regularly hear that ISO 20000 and ISO 27001 are exceptionally related and share a great deal for all intents and purposes and that executing one will make the other much more. All the more without any problem. Be that as it may, when you begin talking about the subtleties, it's a totally unique story.

 

While the facts confirm that the two models share a lot of practically speaking, they are exactly correlative to one another. Then again, I can't duplicate/glue the whole execution as they are likewise unique. How about we investigate this.

 

 The positive most importantly - similitudes Let's begin with an Information Security Management System (ISMS) in view of ISO 27001. Despite the fact that ISO 27001 seems, by all accounts, to be about data, the "story" is more extensive. Data is an expansive term that incorporates crude information, where it is put away, and the hardware it is put away on. This likewise incorporates gadgets and programming for handling, organization, individuals and partaking associations. It likewise incorporates correspondence channels, providers and acquisition, advancement and enactment. As should be obvious, if ISO 27001 says data implies we haven't actually said enough.

ISO 20000-1 Certification Services in Bahrain is additionally basically the same as SMS (Service Management System). He characterizes, carries out, oversees and further develops IT administrations in certifiable conditions, from plan to the board and post-discharge improvement. This goes a long way past what a help does, including how to construct it, how to utilize it, and how to investigate issues it experiences. It likewise incorporates how the association is set up, how it interfaces with outsiders, detailing and consumer loyalty/objections/acclamation, and that's just the beginning. The majority of these components can be found in ISO 27001, yet according to an alternate point of view.

 ISO 20000 is process based. ISO 27001 isn't unequivocally process-based, however in case you really look at Annex A (List of Controls for Risk Management) you will see various controls by which cycles should be characterized. ISO 20000-1 Certification Services in Saudi Arabia cycles cover similar subjects as ISO 27001 controls. Consider a couple of models where an ISMS might should be carried out as a component of a danger appraisal:

Limit - ISO 27001 requires the limit given to help the necessary framework execution. ISO 20000 subtleties limit prerequisites, arranging and checking. 

Setup - The two norms force severe necessities on IT benefits, for example the resources needed to help the handling of data. ISO 20000 goes further and indicates more itemized prerequisites. 

Episode - Data security episodes are only one of the classes of occurrences in ISO 20000. In the event that you have carried out an episode the board in ISO 20000, then, at that point, ISO 27001 is additionally adequate to execute. 

Change - Both principles require a change in board execution. ISO 20000 considers changing the executives to be controlling numerous exercises, from arranging and planning IT administrations to controlling when administrations are in reality. 

Maker - The two principles view the provider as one of the significant components of the administration framework. ISO 20000 requires a more itemized examination of providers and their sub-providers.

 Thus, the people who guarantee that in case you have one of the norms you as of now have a huge piece of the other are correct. 

 

Comparable to ISO 20000-1 Consultant Services in Kuwait, the standard requires the execution of data security, the board processes, the coherence and accessibility of IT administrations. The prerequisites for these two cycles are comprehensively steady with the ISMS necessities characterized in ISO 27001. Along these lines, on the off chance that you have ISO 27001, it will be of incredible assistance in executing ISO 20000. 

 

Be that as it may, what's the distinction? 

Consistency appears to be amazing up until now, yet entirely it's difficult. ISO 20000 and ISO 27001 share a great deal practically speaking, however there are contrasts. ISO 20000 is administration based. ISO 27001 depends on the executives and it depends on the hazard of the board. In the ISO 20000 norm, hazard is viewed as one of the principal components of IT administration. All in all, it adds an additional angle to the help. 

 

ISO 20000 subtleties the everyday work of IT associations. This implies that it covers for certain pieces of ISO 27001 (e.g. data arrangement, access control, progression ideas, and so forth) however looks for a more extensive setting. Notwithstanding data security, ISO 20000 additionally gives a 360-degree perspective on administrations, including monetary viewpoints, plan, dispatch and organization of IT administrations, administration level administration, business associations with clients, and then some.

 

Along these lines, ISO 20000-1 Services in Bangalore further investigates some broad cycles for IT administration the board, like occurrence, change or limit of the executives (thinking about client necessities, all parts of IT administration conveyance, administration attributes, jobs and obligations, clients, and so forth) .

 

Things being what they are, would it be a good idea for us to utilize it together? 

Obviously, having one of the guidelines makes it valuable to execute the other. Contingent upon which one you carry out first, you utilize coordinating with components and add missing ones.

 

The fact of the matter is that the two norms have reusable components. Modify, exploit every norm, and partake in the outcome of a powerful, all around oversaw administration or present day security of the executives. Clients will realize how to make up for this.

 

Our Advice:

If you’re looking for ISO 20000-1 Implementation in Oman. You can write to us at contact@certvalue.com or visit our official website as we are ISO Certification Consultant Companies in Oman. Certvalue and provide your contact details so that one of our certification experts shall contact you at the earliest to understand your requirements better and provide best available service at market.

Comments