Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

ITIL and ISO 27001

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

ITIL and ISO 27001

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 13, 2016

May I request you to please advise  on a case where client wants to maintain the IT Polices and Procedures Manual which follows best practices like ITIL V3 for IT Service Management as well as ISMS based on ISO 270001.
Please advise if we can combine these best practices and have one common IT Manual as its a small organization? Any thoughts?
 

Answer:

From my point of view there is no problem to maintain IT Policies and Procedures Manual which follow best practices like ITIL V3. You can integrate these best practices in the ISMS, but keep in mind that if you want to implement ISO 27001, you need to comply their requirements. There are some common points (change management, capacity management, etc) but because ISO 27001 is specifically related to information security there are also some points that you cannot find them in ISO 20000 (access control, cryptography, physical and environmental security, etc). So yes, you can maintain and use all documents and procedures related to ITIL for the implementation of ISO 27001, but you need to implement their specific requirements. Regarding the common IT Manual, really is not necessary to have a manual in ISO 27001:2013, but the small organization can maintain his IT Manual (although could be interesting to include important points about ISO 27001). This article can be interesting for you “Is the ISO 27001 Manual really necessary?” : https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/
We do not have a comparison about ISO 27001 and ITIL, but ITIL is very similar to ISO 20000, so this article can be interesting for you “How to implement ISO 27001 and ISO 20000 together” : https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/
By the way, you can also use ISO 27013, which is a guideline for the integrated implementation of ISO 27001 and ISO 20000-1, you can see it in the official page of ISO : https://www.iso.org/standard/43753.html

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Guest user Created:   Dec 10, 2018 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001, ITIL and ISO 20000

Guest user Created:   Apr 06, 2022 ISO 27001 & 22301
Replies: 1
0 0

27001 question