Ispis

ISO/IEC 27013:2012

Kreirano Subota, 23 Ožujak 2013 06:02
Hitovi: 3282

ISO-IEC 27013ISO - Međunarodna organizacija za normizaciju i IEC - Međunarodni odbor za elektrotehniku objavili su novu normu ISO/IEC 27013:2012, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1. U njoj se nalaze smjernice kako uspješno primjenjivati norme ISO/IEC 27001 i ISO/IEC 20000-1 u integriranom sustavu upravljanja.

Sustav upravljanja informacijskom sigurnošću prema normi ISO/IEC 27001:2005 Information technology - Security techniques - Information security management systems - Requirements i sustav upravljanja pružanjem usluga prema normi ISO/IEC 20000-1:2011 Information technology - Service management - Part 1: Service management system requirements blisko su povezani i mnoge organizacije primjenjuju oba sustava upravljanja. Iz tog razloga se pojavila potreba izdavanja norme ISO/IEC 27013:2012 koja pomaže organizacijama što uspješnije integrirati oba sustava.


Prednosti implementacije integriranog sustava upravljanja je u međusobnom pozitivnom djelovanju sustava upravljanja prema ISO/IEC 27001 i ISO/IEC 20000-1. Također je prednost u nižim troškovima primjenjujući integrirani sustav upravljanja. Manji je utrošak vremena kada se primjenjuje integrirani sustav nego dva sustava zasebno. Primjenom integriranog sustava poboljšava se razumijevanje oba sustava upravljanja i njihov utjecaj jedan na drugi.

Sadržaj norme ISO/IEC 27013:2012
Foreword
Introduction
1 Scope
2 Normative references
3 Terms, abbreviated terms and definitions
4 Overviews of ISO/IEC 27001 and ISO/IEC 20000-1
4.1 Understanding the International Standards
4.2 ISO/IEC 27001 concepts
4.3 ISO/IEC 20000-1 concepts  
4.4 Similarities and differences
5 Approaches for integrated implementation
5.1 General
5.2 Considerations of scope
5.3 Pre-implementation scenarios
5.3.1 General
5.3.2 Neither standard is currently used as the basis for a management system
5.3.3 A management system exists which fulfils the requirement of one of the standards
5.3.4 Separate management systems exist which fulfil the requirements of each standard
6 Integrated implementation considerations
6.1 General
6.2 Potential challenges
6.2.1 The usage and meaning of asset
6.2.2 Design and transition of services
6.2.3 Risk assessment and management
6.2.4 Differences in risk acceptance levels
6.2.5 Incident and problem management
6.2.6 Change management
6.3 Potential gains
6.3.1 Use of the Plan-Do-Check-Act cycle
6.3.2 Service level management and reporting
6.3.3 Management commitment
6.3.4 Capacity management
6.3.5 Management of third party risk
6.3.6 Continuity and availability management
6.3.7 Supplier management
6.3.8 Configuration management
6.3.9 Release and deployment management
6.3.10 Budgeting and accounting
Annex A (informative) Correspondence between ISO/IEC 27001:2005 and ISO/IEC 20000-1:2011
Annex B (informative) Comparison of ISO/IEC 27000:2009 and ISO/IEC 20000-1:2011 terms
Bibliography
Figures
Figure 1: Comparison between concepts in ISO/IEC 27001 and ISO/IEC 20000-1
Figure 2: Relationship between information assets in ISO/IEC 27001 and CIs in ISO/IEC 20000-1
Figure 3: Illustration of relationship between standards for incident management

Više podataka o normi ISO/IEC 27013:2012 saznajte na web stranici www.iso.org.

Više podataka o normi ISO/IEC 27001:2005 saznajte ovdje.

Više podataka o normi ISO/IEC 20000-1:2011 saznajte ovdje.

Portal Svijet kvalitete koristi kolačiće (cookies) zbog pružanja bolje funkcionalnosti portala. Nastavkom pregleda portala slažete se s korištenjem kolačića. Postavke kolačića možete podesiti u svojem internetskom pregledniku. Više podataka o kolačićima i vašoj privatnosti možete saznati na Privatnost korisnika.

Prihvaćam kolačiće