Monday, July 25, 2011

ISO 20000 ITSMS & ISO 27001 Certification Consultants in India, Delhi, Pune, Gurgaon,Noida

ISO/IEC 20000-1:2005 defines the requirements for a service provider to deliver managed services. It is based on BS 15000-2, which has been superseded.
It may be used:
1.    by businesses that are going out to tender for their services;
2.    to provide a consistent approach by all service providers in a supply chain;
3.    to benchmark IT service management;
4.    as the basis for an independent assessment;
5.    to demonstrate the ability to meet customer requirements;
6.    to improve services.

ISO/IEC 20000-1:2005 promotes the adoption of an integrated process approach to effectively deliver managed services to meet business and customer requirements.
   
ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. 

ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following:
§  use within organizations to formulate security requirements and objectives;
§  use within organizations as a way to ensure that security risks are cost effectively managed;
§  use within organizations to ensure compliance with laws and regulations;
§  use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
§  definition of new information security management processes;
§  identification and clarification of existing information security management processes;
§  use by the management of organizations to determine the status of information security management activities;
§  use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
§  use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
§  implementation of business-enabling information security;
§  use by organizations to provide relevant information about information security to customers