I want to better understand as a software SaaS company how to leverage ISO 27001/ 9001- 90003 together with SDLC for agile development and build a support team with ITIL/ ISO 20000. Security and quality without stopping productivity.
ISO 27001, ISO 9001, and ISO 20000 are management standards (for information security, quality, and IT service management, respectively), while ISO 90003 is a guideline for the application of ISO 9001 to computer software.
Considering that, as management standards, ISO 27001, ISO 9001, ISO 90003, and ISO 20000 share many requirements that allow them to be integrated (the SDLC for agile development process would part of the scope to be defined for the integrated management systems). In the integration process you should consider two phases:
1 – Integration of the common parts of ISO management systems, e.g., control of documents, internal audit, management review, etc. These have basically all the same requirements, requiring only minor adjustments to refer to all systems covered. 2 – Integration of the specific parts of each system (basically sections 6 and 8 of each standard, covering planning, support and operation).
Regarding ISO 27001, this means including in the organizational process the activities related to information security risk assessment and treatment processes.
As for building a team with ITIL/ ISO 20000, you should map the competencies needed for such a team and define them as requirements for your integrated system.