a. What are the differences between ISO27001 and IS02000?
b. If an organisation is ISO27001 certified and intend to go for ISO2000 certification
1. what are the additional areas needed and to prepare?
2. Generally how long will it take to be ISO20000 certified?
3. How should one advise them on what is needed for the ISO20000?
Point a: ISO 27001 establishes requirements for an Information Security Management System, and ISO 20000 establishes requirements for an Service Management System, so ISO 27001 is related to Information Security, and ISO 20000 is related to IT service management.
Point b.1: There are many things, because the objective of both standards is different. For example, in ISO 20000 you need a Configuration management process, or business relationship management process, or service level management process, etc.
Point b.2: It depends on the company, but between 8-12 months