ISO/IEC 20000-1:2005 defines the requirements for a service provider to deliver managed services. It is based on BS 15000-2, which has been superseded.
It may be used:
It may be used:
1. by businesses that are going out to tender for their services;
2. to provide a consistent approach by all service providers in a supply chain;
3. to benchmark IT service management;
4. as the basis for an independent assessment;
5. to demonstrate the ability to meet customer requirements;
6. to improve services.
ISO/IEC 20000-1:2005 promotes the adoption of an integrated process approach to effectively deliver managed services to meet business and customer requirements.
ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks.
ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following:
§ use within organizations to formulate security requirements and objectives;
§ use within organizations as a way to ensure that security risks are cost effectively managed;
§ use within organizations to ensure compliance with laws and regulations;
§ use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
§ definition of new information security management processes;
§ identification and clarification of existing information security management processes;
§ use by the management of organizations to determine the status of information security management activities;
§ use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
§ use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
§ implementation of business-enabling information security;
§ use by organizations to provide relevant information about information security to customers
