Information technology and information security integration according to the ISO/IEC 27013:2021 standard

22 Feb 2023 09:07 AM By Davide Micheli

Reading time: ~ 3 min.

ISO/IEC 27013:2021 the link between information technology and information security

The ISO/IEC 27013:2021 standard on «Information security, cybersecurity and privacy protection Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1» provides a guide for all the organizations that try to:

  • manage the implementation of ISO/IEC 27001 after the one of the ISO/IEC 20000-1 standard (or vice versa);
  • lead the implementation of the two standards (27001 and 20000-1) together;
  • organize the integration of management systems (already implemented according to ISO/IEC 27001 and ISO/IEC 20000-1.

If we take a closer look at the both of the ISO/IEC standards, we can notice that the relationship between information security management (according to ISO/IEC 27001 standard) and the IT service management (accordin to ISO 20000-1 standard) is very close indeed.

As we can easily figure out, many organizations choose to integrate these management systems.

ISO/IEC 27013:2021 the guidance on integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for organizations

If we focus on the documentation, we can underline that there are also a lof of correlations with the management of compliance with personal data protection requirements as set by GDPR (General Data Protection Regulation, in the EU context) and the FADP (Federal Act on Data Protection - LPD, «Loi fédérale sur la Protection des données» or «Legge sulla protezione dei dati» | DSG, Bundesgesetz über den Datenschutz, in Switzerland).

We could also identify along the main benefits of an integration implementation of the information security management and service management the following:

  • more credibility to the internal and external customers, and other stakeholders;
  • lower cost of implementing, maintaining and auditing an integrated management system;
  • substantial reduction in implementation time due to the integrated development of processes;
  • last but not least: an organization certified for ISO/IEC 27001 can more easily fulfil the requirements for information security specified in ISO/IEC 20000-1:2018, 8.7.3, as ISO/IEC 27001 and ISO/IEC 20000-1 are complementary in requirements.

As we use to better focus on things with the help of our infographic, we're going to use one of them also in this case...

By Andrea Leonardi (VP @ Minerva Group Service, MP @ Alpemi Consulting & itSMF Swizerland board member).
At the final stage of our short overview on «Information technology and information security integration according to the ISO/IEC 27013:2021» we take leave and remember you that if you don't want to miss our newest content on GRC, don't forget to follow us on our LinkedIn page or subscribe to our newsletter.
If you are particularly interested in this topic, you should consider to attend our Annual IT Service Management Forum Day 2023, as we're going to share the expertise of: Digital&Privacy lawyer; ISO, SMS & Data Protection auditor and many other professionals.
More info on our hybrid Annual IT Service Management Forum Day 2023

Need to know more about it?

Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

Subscribe to itSMF Newsletter
Get the benefits of Membership Program

Davide Micheli