Expert Advice Community

Guest

Software SaaS company

  Quote
Guest
Guest user Created:   Jan 21, 2021 Last commented:   Jan 21, 2021

Software SaaS company

I want to better understand as a software SaaS company how to leverage ISO 27001/ 9001- 90003 together with SDLC for agile development and build a support team with ITIL/ ISO 20000. Security and quality without stopping productivity.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 21, 2021

ISO 27001, ISO 9001, and ISO 20000 are management standards (for information security, quality, and IT service management, respectively), while ISO 90003 is a guideline for the application of ISO 9001 to computer software.

Considering that, as management standards, ISO 27001, ISO 9001, ISO 90003, and ISO 20000 share many requirements that allow them to be integrated (the SDLC for agile development process would part of the scope to be defined for the integrated management systems). In the integration process you should consider two phases:

1 – Integration of the common parts of ISO management systems, e.g., control of documents, internal audit, management review, etc. These have basically all the same requirements, requiring only minor adjustments to refer to all systems covered.
2 – Integration of the specific parts of each system (basically sections 6 and 8 of each standard, covering planning, support and operation).

Regarding ISO 27001, this means including in the organizational process the activities related to information security risk assessment and treatment processes.

As for building a team with ITIL/ ISO 20000, you should map the competencies needed for such a team and define them as requirements for your integrated system.

These articles will provide you a further explanation about integrating ISO management systems:
- How to implement integrated management systems https://advisera.com/log/2015/10/05/how-to-implement-integrated-management-systems/
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/01academy/emy/ademy/my/blog/10/03/08/using-iso-9001-for-implementing-iso-27001/
- How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/01academy/emy/ademy/my/blog/15/03/16/how-to-implement-iso-27001-and-iso-20000-together/

This material will also help you regarding Integrating management systems:
- ISO 27001 implementation: How to make it easier using ISO 9001 [free webinar on demand] https://advisera.com/27001academy/01academy/emy/ademy/my/webinar/iso-27001iso-22301-the-certification-process-free-webinar/01-implementation-make-easier-using-iso-9001-free-webinar-demand/
- ISO 27001:2013 Foundations Course https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 20, 2021

Jan 21, 2021

Suggested Topics

Guest user Created:   Jun 10, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question about SoA