• Shopping Cart
    There are no items in your cart

CAN/CSA-ISO/IEC 27013:16

Current

Current

The latest, up-to-date edition.

Information technology - Security techniques - Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 (Adopted ISO/IEC 27013:2015, second edition, 2015-12-01)

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

01-01-2016

€170.49
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms, definitions and abbreviated terms
4 Overviews of ISO/IEC 27001 and ISO/IEC 20000-1
5 Approaches for integrated implementation
6 Integrated implementation considerations
Annex A (informative) - Correspondence between ISO/IEC 27001
        and ISO/IEC 20000-1
Annex B (informative) - Comparison of ISO/IEC 27000 and
        ISO/IEC 20000-1 terms
Bibliography

Specifies guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for those organizations that are intending to either: a) implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa; b) implement both ISO/IEC 27001 and ISO/IEC 20000-1 together, or; and c) integrate existing management systems based on ISO/IEC 27001 and ISO/IEC 20000-1.

DocumentType
Standard
ISBN
978-1-4883-0600-6
Pages
0
PublisherName
Canadian Standards Association
Status
Current
Supersedes

Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 27013" throughout. This Standard supersedes CAN/CSA-ISO/IEC 27013:15 (adopted ISO/IEC 27013:2012). At the time of publication, ISO/IEC 27013:2015 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This International Standard provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for those organizations that are intending to either a) implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa b) implement both ISO/IEC 27001 and ISO/IEC 20000-1 together, or c) integrate existing management systems based on ISO/IEC 27001 and ISO/IEC 20000-1. This International Standard focuses exclusively on the integrated implementation of an information security management system (ISMS) as specified in ISO/IEC 27001 and a service management system (SMS) as specified in ISO/IEC 20000-1. In practice, ISO/IEC 27001 and ISO/IEC 20000-1 can also be integrated with other management system standards, such as ISO 9001 and ISO 14001.

Standards Relationship
ISO/IEC 27013:2015 Identical

ISO/IEC TR 20000-5:2013 Information technology Service management Part 5: Exemplar implementation plan for ISO/IEC 20000-1
ISO 19011:2011 Guidelines for auditing management systems
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC TR 90006:2013 Information technology Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC 20000-1:2011
ISO/IEC 27003:2017 Information technology — Security techniques — Information security management systems — Guidance
ISO/IEC 27004:2016 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation
ISO 31000:2009 Risk management Principles and guidelines
ISO/IEC 27006:2015 Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems
ISO/IEC 27014:2013 Information technology Security techniques Governance of information security
ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
ISO/IEC TR 20000-9:2015 Information technology Service management Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services
ISO/IEC TR 20000-4:2010 Information technology Service management Part 4: Process reference model
ISO/IEC 27010:2015 Information technology Security techniques Information security management for inter-sector and inter-organizational communications
ISO/IEC 20000-1:2011 Information technology Service management Part 1: Service management system requirements
ISO/IEC 20000-2:2012 Information technology Service management Part 2: Guidance on the application of service management systems
ISO/IEC 20000-3:2012 Information technology Service management Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1
ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
ISO 9000:2015 Quality management systems — Fundamentals and vocabulary
ISO/IEC TR 27008:2011 Information technology Security techniques Guidelines for auditors on information security controls
ISO/IEC TS 15504-8:2012 Information technology Process assessment Part 8: An exemplar process assessment model for IT service management
ISO/IEC 27007:2017 Information technology Security techniques Guidelines for information security management systems auditing
ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
ISO/IEC TR 20000-10:2015 Information technology Service management Part 10: Concepts and terminology
ISO Guide 73:2009 Risk management — Vocabulary

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.