ISO 20000 is the first worldwide standard specifically aimed at IT Service Management. It describes an integrated set of management processes for the effective delivery of services to the business and its customers.
ISO 20000 is aligned with and complementary to the process approach defined within the IT Infrastructure Library (ITIL®) from The Office of Government Commerce (OGC). QAI facilitates ISO 20000 certification through a third party intervention.
The scope includes Requirements for a management system; Planning and implementing service management; Planning and implementing new or changed services; Service delivery process; Relationship processes; Resolution processes; Control processes; and Release processes.
ISO 27001, titled “Information Security Management – Specification With Guidance for Use”, is the replacement for the original document, BS7799-2. It is intended to provide the foundation for third party audit, and is ‘harmonized’ with other management standards, such as ISO 9001 and ISO 14001.
The basic objective of the standard is to help establish and maintain an effective information management system, using a continual improvement approach. It implements OECD (Organization for Economic Cooperation and Development) principles, governing security of information and network systems.
