comparison 20000-9000-27000
TRANSCRIPT
Appendix AService management system general requirements compared with ISO/IEC 9001 & ISO/IEC 27001.
ISO 20000:2011
ISO 9001:2008ISO 27001:2005
4.1 Management responsibility5 Management responsibility5 Management responsibility
4.1.1 Management commitment5.1 Management commitment5.1 Management commitment
4.1.2 Service management policy5.3 Quality policy4.2.1 b) Define an ISMS policy...
4.1.3 Authority, responsibility and communication5.5 Responsibility, authority and communication5.1 c) establishing roles and responsibilities for information security and Annex A control1 A.6.1.2 (approximate correlation)
4.1.4 Management representative5.5.2 Management representative5.1 c) establishing roles and responsibilities for information security and Annex A controls1 A.6.1.1 & A.6.1.2 (approximate correlation)
4.2 Governance of processes operated by other parties7.4 Purchasing (approximate correlation)Numerous Annex A controls1 , particularly A.6.1.2 to A.6.1.6 and A.6.2 (approximate correlation)
4.3 Documentation management4.2 Documentation requirements4.3 Documentation requirements
4.3.1 Establish and maintain documents4.2.1 General4.3.1 General
4.3.2 Control of documents4.2.3 Control of documents4.3.2 Control of documents
4.3.3 Control of records4.2.4 Control of records4.3.3 Control of records
4.4 Resource management6 Resource management5.2 Resource management
4.4.1 Provision of resources6.1 Provision of resources5.2.1 Provision of resources
4.4.2 Human resources6.2 Human resources5.2.2 Training, awareness and competence
4.5 Establish and improve the SMSNumerous references (as below)4.2 Establishing and managing the ISMS
4.5.1 Define scope4.4.2 a) Quality manual QMS scope definition4.2.1 a) Define the scope and boundaries of the ISMS
4.5.2 Plan the SMS (Plan)5.4.2 Quality management system planning4.2.1 b) Define an ISMS policy, through to j) Prepare a Statement of Applicability (approximate correlation)
4.5.3 Implement and operate the SMS (Do)4.1 General requirements (approximate correlation)4.2.2 Implement and operate the ISMS
4.5.4 Monitor and review the SMS (Check)5.6 Management review4.2.3 Monitor and review the ISMS
4.5.4.1 General8.1 Measurement, analysis and improvement - general4.2.3 Monitor and review the ISMS
4.5.4.2 Internal audit8.2.2 Internal audit6 Internal ISMS audits
4.5.4.3 Management review5.6 Management review7 Management review of the ISMS
4.5.5 Maintain and improve the SMS (Act)8.5 Improvement8 ISMS improvement
4.5.5.1 General8.5.1 Continual improvement8.1 Continual improvement
4.5.5.2 Management of improvements5.6 Management review7 Management review of the ISMS, supplemented by 4.2.1 d) Identify the risks to i) Obtain management authorization (approximate correlation)