Expert Advice Community

Guest

ISO 27001 controls and ISO 20000

  Quote
Guest
Guest user Created:   Mar 12, 2019 Last commented:   Mar 12, 2019

ISO 27001 controls and ISO 20000

ISO 27001 has 114 controls and in ISO 20000 how do I determine this?
0 0

Assign topic to the user

ISO 20000 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 20000 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Branimir Valentic Mar 12, 2019

Answer:
ISO 20000, different than in ISO 27001, does not have defined (explicit) security controls, like Annex A in ISO 27001. However, There is Information Security Management process in ISO 20000 and that process requires that risk assessment has to be performed and controls should be determined, implemented and operated. But, it doesn't define any particular controls, yet it refers to ISO 27001 for further details.
Meaning, if you have ISO 27001 in place, you can use controls applied in scope of the implementation.

See more details about relation between ISO 20000 and ISO 27001 in the article "Similarities and differences between ISO 27001 and ISO 20000" https://advisera.com/20000academy/blog/2018/05/09/similarities-and-differences-between-iso-27001-and-iso-20000/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 12, 2019

Mar 12, 2019

Suggested Topics