ISO 27013 Standard

ISO 27013:2012 is a new international standard that gives organizations advice on how to make integrated use of the ISO 27001 (information security) and ISO 20000-1 (service management) system standards.

ISO 27013:2012, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, provides guidance to be used whether one standard is implemented before the other, or both standards are implemented simultaneously.

ISO 27001 for information security and ISO 20000-1 for service management both address very similar processes and activities, including the important principle of continual improvement. A number of advantages can be gained by implementing an integrated management system which takes into account not only the services provided, but also the protection of information assets.

Key benefits of an integrated implementation of ISO 27001 and ISO 20000-1 include:

  • Gaining credibility for an effective and secure service to internal or external customers of the organization
  • Lowering costs of an integrated program
  • Reducing implementation time due to the integrated development of processes common to both standards
  • Eliminating necessary duplication
  • Promoting understanding between service management and security personnel
  • Improving the certification process

Users of ISO 27013 include auditors, organizations implementing information security and/or service management systems, and organizations involved in auditor certification or training, certification of management systems, and accreditation or standardization in the area of conformity assessment.

Technical report ISO TR 20000-10 is under development to provide an overview of the concepts of ISO 20000, explaining the terminology used within the series, identifying how the different parts of ISO 20000 interact with each other, and describing how the standard is interrelated with other ISO standards. Similarly, ISO TR 90006 is under development as audit guidelines for the application of ISO 9001 to service management.

ISO 27013:2012 can be ordered at this ANSI eStandards Store web page.