Deutsch
Français
български
中国人
Dansk
Eesti
Suomalainen
Ελληνικά
bahasa Indonesia
Italiano
日本
Latviski
Lietuvių
Nederlands
Polski
Português
Română
Русский
Svenska
Slovinčina
Slovensky
Español
čeština
Türk
український
Magyar
Build a unified glossary in your integrated manual to clearly define terms. Separate certification bodies auditing at different times.
ISO/IEC 27013 (titled "Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1" ) is an international standard published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
Secure executive sponsorship by demonstrating the cost savings of a unified management system. Phase 2: Conduct a Joint Gap Analysis
Modern compliance programs often promise structure, but few actually deliver true harmony across information security and IT service operations. The rapid evolution of regulatory requirements exposes the weaknesses of fragmented approaches, which can lead to redundant policies, duplicated evidence, and audit changes that catch teams unprepared. ISO 27013 specifically addresses these pain points. Consequently, it is not just another document to collect dust on a shelf; it is a strategic tool for aligning your IT service delivery with your security posture.
"I can ignore 27013 if I have ISO 27001." Reality: If you offer or consume IT services (help desk, hosting, SaaS), ISO 20000-1 is becoming a client requirement. ISO 27013 saves you from double-work.
While ISO 27001 tells you what to do for security controls, ISO 27013 provides supplementary guidance on how to implement those controls specifically within a cloud computing environment. It works alongside ISO 27017 (Cloud security) and ISO 27018 (Cloud privacy).
Appoint a cross-functional steering committee featuring both IT service managers and security officers. Update your corporate policies to reflect integrated goals. Phase 3: Merge Common Processes
The standard is designed for three main "what-if" situations: The Add-On:
: If you are already certified for ISO/IEC 27001 , you have already fulfilled many requirements for ISO/IEC 20000-1. Three Common Implementation Paths
Instead of running two separate, potentially conflicting systems, this standard helps you build a unified framework that saves time, reduces paperwork, and ensures your security measures don't break your IT services. Core Scenarios Covered
Explain the between the 2015 and 2021 versions.
Deploying an integrated management system requires a methodical approach. Follow these core phases:
ISO 20000-1 requires systems to meet agreed-upon service availability targets. ISO 27001 requires information availability to be maintained during disasters. ISO 27013 combines these requirements into a singular Business Continuity Plan (BCP) and Disaster Recovery (DR) strategy. 4. Supplier Relationship Management