Integration of ITIL V3, ISO 20000 & ISO 27001:2013forIT Services and Security Management System

Abstract

IT organizations are responsible for delivering good IT services and maintaining IT security to improve their competitive advantage Both IT security and IT services have their own international standard and framework. When the IT service management system (SMS) and an information security management system (ISMS) are implemented separately, it can lead to consuming high resources and costly. This paper is going to focus on the integration of ISO 20001 as SMS standard, ITIL v3 as the framework, and ISO 27001 as ISMS standard. We are going to discuss how the ITIL V3 can be combined with ISO 20001 and ISO 27001 by scientifically matching the similarities of process, procedure, and resources. This paper contributes to providing a guideline for an IT organization that is going to implement SMS and ISMS standard and framework. In the Appendix section 4, we also provide a table of process, procedures, and resources similarities. Therefore, the organization can use the combined processes in order to reduce the cost of implementing those standards.