ISO20000 and ISO27001 documentation
Assign topic to the user
Answer: Yes, provided that the content of the document meets the requirements of ISO 27001.
2 -¿Cómo se pueden tomar los mismos documentos y sólo actualizarlos indicando que también son o sirven para la ISO27001?
Answer: You should check on your documented information control procedure (documents and records) how you indicate that a document is compliant with the ISO 20000 standard, and then use the same way to indicate that the document is also in line with the standard ISO 27001. In general, policies or procedures informs its application scope and normative references used, and the reference to the scope of ISO 27001 and compliant clauses may be included in these sections.
3 -¿Se puede?
Answer: Yes, and the new versions of the standards, which are based on Annex SL, are facilitating this kind of integration.
4 - ¿Se tienen que tener documentos separados? ¿Uno para cada certificación?
Answer: Not necessarily. The need of your organization is what will determine whether or not you need to separadados documents.
This article will provide you further explanation about some documentation development: Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
This whitepaper can provide you information about similarities between ISO 27001 and ISO 20000: ISO 27001 vs. ISO 20000 matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix
Comment as guest or Sign in
Nov 10, 2016