期刊名称:International Journal of Software Engineering and Its Applications
印刷版ISSN:1738-9984
出版年度:2016
卷号:10
期号:9
页码:217-230
DOI:10.14257/ijseia.2016.10.9.18
出版社:SERSC
摘要:In recent times, and in order to maintain an integrated, efficient and homogeneous policy, Integrated Management Systems (IMS) have emerged as an opportunity to improve processes related to Information Technology (IT) in organizations in a way that is modular, consistent and orderly. The ISO 27001 and ISO 20000 standards provide good practices for creating and/or strengthening management infrastructure whose purpose is information security and IT services. In an attempt to provide information on how these standards are related, as well as to facilitate their integration under a single IMS, this article presents the harmonization strategy and results of the harmonization of standards ISO 27001 and ISO 20000 in an organization. The work thereby supports organizations which are interested in knowing how to carry out the harmonization of these models. It also provides a detailed analysis of their similarities and differences, showing an example of how to carry out the integration of related practices between ISO 27001 and ISO 20000-2. In addition, some benefits achieved by the organization are presented.
关键词:Multi-model; Harmonization; Information Security Management System ; (ISMS); IT service management; Integrated Management Systems; Homogenization; ; Comparison; Integration