ISO 27001 and ISO 20000 certification
Our company is looking at getting ISO 27001 and ISO 20000 certification. Do you think this is necessary? Or which one will suffice to cover both certifications
Assign topic to the user
Please note that ISO 27001 and ISO 20000 have different objectives, and core requirements, so only one of them is not enough to fulfill the criteria for both certifications. However, they share many requirements, which makes implement them together easier.
Now, regarding the necessity, this only can be evaluated based on your organization’s strategies and objectives. For example, if your core business is related to the provision of IT services and you have a clear demand for information protection, then both certifications would help.
These articles will provide you a further explanation about ISO 27001 and ISO 20000 integration:
- How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/
- How to implement integrated management system https://advisera.com/articles/how-to-implement-integrated-management-systems/
These materials will also help you regarding ISO 27001 and ISO 20000 integration:
- How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/
- ISO 27001 vs. ISO 20000 matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix
Comment as guest or Sign in
Feb 15, 2021