SlideShare a Scribd company logo

Integrating sms and isms

Septafiansyah P
Septafiansyah P
TechnologyBusiness
1 of 13
Integrated implementation of ISO/IEC 2000-1 and ISO/IEC 27000-series ISO/IEC 27013 By: Septafiansyah Dwi P. Institut Teknologi Bandung
ITSM or SMS IT service management, is a concept that combines with system management, network management, system development management and incident management, problem management, service management, security and so on helping enterprises to manage the process of constructing, implement, maintaining, and planning for IT system through effective management method (Tang, 2009).
ISO 20000 – Standart in IT Service Management What is it? The formulation of ITIL practices into an international standard Management of 13 key IT services to meet business requirements (predominantly internally focused) Specifies a number of closely related processes that brought together will help ensure that an organisation delivers managed IT services to its internal customers Comprehensive but not exhaustive Planning, implementing, monitoring, improvement of new and changed services
The benefits ISO 20000 • A consistent approach to service management • IT service provision becomes measurable and accountable • Consistent levels of service are agreed • Improved communication flows between IT and the business • IT gain better understanding of the business requirement • Reduced risk of business failure • A reduction in the number of avoidable and repeat incidents • Higher availability of systems and services
Service management system 1. Scope 1.1. General 1.2. Application 2.Nor mativ e refren ces 3. Terms and defini tions 4. SMS general requirements 4.1. Management responsibility 4.2. Governance of processes operated by other parties 4.3 Documentati on management 4.4 Resource management Establish and improvethe SMS .. 5. Design and transition of new or changed service 5.1 General 5.2 Plan new or changed services 5.3 Design and development of new or changed services 5.4 Transition of new or changed services 6. Service delivery process 6.1 Service level management 6.2 Service reporting 6.3 Service continuity and availability management 6.4 Budgeting and accounting for services 6.5 Capacity management 6.6 Information security management 7. Relationsip process 7.1. Business relationship management 7.2 Supplier management 8. Resolution process 8.1. Incident and service request management 8.2 Problem management 9. Control process 9.1 Configuration management 9.2 Change management 9.3 Release and deployment management
Implementing PDCA to service managment Plan •Establishing •Documenting •Agreeing SMS Do •Implementing •Operating the SMS Check •Monitoring, •Measuring, •Reviewing SMS Act •Improving the SMS •Improving the service Policies Objectives Plans Process Service Management System SMS Service Management Process Service
Indonesia Hot Topic Issue
ISO27001 ISO27001 is the standard for establishing, controlling, monitoring and improving an Information Security Management System (ISMS). It provides the requirements for an ISMS framework as well as 133 controls (much like the “shalls” in ISO 20000.) (Implement ISO, 2012) It is compatible with other standards such as NIST 800-53, ISO 27005, COSO, Detiknas. and uses a risk-based assesment approach to determine the scope of its implementation within an organisation. The main goals of the ISO 27001 standard are to manage information security, maintain business continuity and comply with regulation. It addresses all information,physical security, environmental aspects, outsourcing issues, etc.
The benefits ISO27000 • Reduction in possibly damaging/embarrassing information leaks and failures • Total risk mitigation, security of brand equity • Reduction in costs due to fewer security incidents • Common policies and control across the whole organisation • Increased staff awareness • Better monitored and audited systems and information flows • The risk significantly reduced
“where does the ISO 20000-1 fit in with ISO 27001?”
Organization ISO/ IEC 27001 ISO/ IEC 2000-1 Spesific to ISO/ IEC 27001 Clasification of informat ion Informat ion asset managment Spesific to ISO/ IEC 2000-1 Budgeting and accounting for service Business relationship managment Design and t ransition of new and changed services Service level managment Resource management Risk assesment Roles and responbilities Informat ion securit y management Service continuit y and avaibilit y management Supplier management Capacit y management Change management Incident and service request management Problem management Release and deployement management Shared parts (some overlaps, some diferences) Common parts (identical between standarts) - Cont inual Improvement - PDCA - Legal and regulat ory compliance - Training and awarness - Management Review - Document at ion management Focus on serviceFocus on informat ion asset s
Advantages in integrated management system
감사합니다

Recommended

Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and ismsSeptafiansyah P
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesCertification Europe
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to securityRaghunath G
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4Obrina Candra, CISA, ISMS-LA
 

More Related Content

What's hot

What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergPECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergKinverg
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Patten John
 
ISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedJisc
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTGaffri Johnson
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001qualitysummit
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013SAIGlobalAssurance
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certificationramya119
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaDiscover JKUAT
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 

What's hot (20)

What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms Compliance
 
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergPECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
 
ISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learned
 
ISO 27001:2013 - Changes
ISO 27001:2013 - ChangesISO 27001:2013 - Changes
ISO 27001:2013 - Changes
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENT
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
Isms
IsmsIsms
Isms
 
Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certification
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 

Viewers also liked

Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...
Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...
Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...Robert Jasper
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
 
Benefits of Integrated Management Systems
Benefits of Integrated Management SystemsBenefits of Integrated Management Systems
Benefits of Integrated Management SystemsPECB
 
Integrated Management System
Integrated Management System Integrated Management System
Integrated Management SystemMASIT MACEDONIA
 
(5) integrated management system (ims)
(5) integrated management system (ims)(5) integrated management system (ims)
(5) integrated management system (ims)ThetSu2
 
Ims (integrated Management system )
Ims (integrated Management system )Ims (integrated Management system )
Ims (integrated Management system )Ascent World
 
ISO 9001 IMPLEMENTATION METHODOLOGY
ISO 9001 IMPLEMENTATION METHODOLOGYISO 9001 IMPLEMENTATION METHODOLOGY
ISO 9001 IMPLEMENTATION METHODOLOGYArul Nambi
 
Basic of Integrated Management System
Basic of Integrated Management SystemBasic of Integrated Management System
Basic of Integrated Management Systemjamaluddin ma'ruf
 
Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Lakshy Management Consultant Pvt Ltd
 
Qms kick off meeting ppt
Qms kick off meeting pptQms kick off meeting ppt
Qms kick off meeting pptANUPAM RAY
 
ISO 9001:2015 Quality Management Principles
ISO 9001:2015 Quality Management PrinciplesISO 9001:2015 Quality Management Principles
ISO 9001:2015 Quality Management PrinciplesKaren Sharick
 

Viewers also liked (15)

Simpeg
SimpegSimpeg
Simpeg
 
Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...
Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...
Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
 
Benefits of Integrated Management Systems
Benefits of Integrated Management SystemsBenefits of Integrated Management Systems
Benefits of Integrated Management Systems
 
Integrated management systems
Integrated management systemsIntegrated management systems
Integrated management systems
 
Integrated Management System
Integrated Management System Integrated Management System
Integrated Management System
 
(5) integrated management system (ims)
(5) integrated management system (ims)(5) integrated management system (ims)
(5) integrated management system (ims)
 
Ims (integrated Management system )
Ims (integrated Management system )Ims (integrated Management system )
Ims (integrated Management system )
 
ISO 9001 IMPLEMENTATION METHODOLOGY
ISO 9001 IMPLEMENTATION METHODOLOGYISO 9001 IMPLEMENTATION METHODOLOGY
ISO 9001 IMPLEMENTATION METHODOLOGY
 
Basic of Integrated Management System
Basic of Integrated Management SystemBasic of Integrated Management System
Basic of Integrated Management System
 
Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914
 
Qms kick off meeting ppt
Qms kick off meeting pptQms kick off meeting ppt
Qms kick off meeting ppt
 
ISO 9001:2015 Quality Management Principles
ISO 9001:2015 Quality Management PrinciplesISO 9001:2015 Quality Management Principles
ISO 9001:2015 Quality Management Principles
 
Introduction to ISO 9001:2015
Introduction to ISO 9001:2015Introduction to ISO 9001:2015
Introduction to ISO 9001:2015
 
The new ISO 9001:2015
The new ISO 9001:2015The new ISO 9001:2015
The new ISO 9001:2015
 

Similar to Integrating sms and isms

Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Chandan Singh Ghodela
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information TechnologyKathirvel Ayyaswamy
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001powertech
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Meghna Verma
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Processkadhar_masthan
 
Benefits of Implementing ISO 20000 within your Organization
Benefits of Implementing ISO 20000 within your Organization Benefits of Implementing ISO 20000 within your Organization
Benefits of Implementing ISO 20000 within your OrganizationPECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdftoncik
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...Tromenz Learning
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business ValueHyTrust
 
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001IJNSA Journal
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wpketanaagja
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud SecurityIT Governance Ltd
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 

Similar to Integrating sms and isms (20)

Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Process
 
Benefits of Implementing ISO 20000 within your Organization
Benefits of Implementing ISO 20000 within your Organization Benefits of Implementing ISO 20000 within your Organization
Benefits of Implementing ISO 20000 within your Organization
 
Iso 27001 isms
Iso 27001 ismsIso 27001 isms
Iso 27001 isms
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Iso 27001 isms - white paper
Iso 27001 isms - white paperIso 27001 isms - white paper
Iso 27001 isms - white paper
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
 
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wp
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 

Recently uploaded

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 

Recently uploaded (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
How Tech Giants Cut Corners to Harvest Data for A.I.
How Tech Giants Cut Corners to Harvest Data for A.I.How Tech Giants Cut Corners to Harvest Data for A.I.
How Tech Giants Cut Corners to Harvest Data for A.I.
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 

Integrating sms and isms

  • 1. Integrated implementation of ISO/IEC 2000-1 and ISO/IEC 27000-series ISO/IEC 27013 By: Septafiansyah Dwi P. Institut Teknologi Bandung
  • 2. ITSM or SMS IT service management, is a concept that combines with system management, network management, system development management and incident management, problem management, service management, security and so on helping enterprises to manage the process of constructing, implement, maintaining, and planning for IT system through effective management method (Tang, 2009).
  • 3. ISO 20000 – Standart in IT Service Management What is it? The formulation of ITIL practices into an international standard Management of 13 key IT services to meet business requirements (predominantly internally focused) Specifies a number of closely related processes that brought together will help ensure that an organisation delivers managed IT services to its internal customers Comprehensive but not exhaustive Planning, implementing, monitoring, improvement of new and changed services
  • 4. The benefits ISO 20000 • A consistent approach to service management • IT service provision becomes measurable and accountable • Consistent levels of service are agreed • Improved communication flows between IT and the business • IT gain better understanding of the business requirement • Reduced risk of business failure • A reduction in the number of avoidable and repeat incidents • Higher availability of systems and services
  • 5. Service management system 1. Scope 1.1. General 1.2. Application 2.Nor mativ e refren ces 3. Terms and defini tions 4. SMS general requirements 4.1. Management responsibility 4.2. Governance of processes operated by other parties 4.3 Documentati on management 4.4 Resource management Establish and improvethe SMS .. 5. Design and transition of new or changed service 5.1 General 5.2 Plan new or changed services 5.3 Design and development of new or changed services 5.4 Transition of new or changed services 6. Service delivery process 6.1 Service level management 6.2 Service reporting 6.3 Service continuity and availability management 6.4 Budgeting and accounting for services 6.5 Capacity management 6.6 Information security management 7. Relationsip process 7.1. Business relationship management 7.2 Supplier management 8. Resolution process 8.1. Incident and service request management 8.2 Problem management 9. Control process 9.1 Configuration management 9.2 Change management 9.3 Release and deployment management
  • 6. Implementing PDCA to service managment Plan •Establishing •Documenting •Agreeing SMS Do •Implementing •Operating the SMS Check •Monitoring, •Measuring, •Reviewing SMS Act •Improving the SMS •Improving the service Policies Objectives Plans Process Service Management System SMS Service Management Process Service
  • 8. ISO27001 ISO27001 is the standard for establishing, controlling, monitoring and improving an Information Security Management System (ISMS). It provides the requirements for an ISMS framework as well as 133 controls (much like the “shalls” in ISO 20000.) (Implement ISO, 2012) It is compatible with other standards such as NIST 800-53, ISO 27005, COSO, Detiknas. and uses a risk-based assesment approach to determine the scope of its implementation within an organisation. The main goals of the ISO 27001 standard are to manage information security, maintain business continuity and comply with regulation. It addresses all information,physical security, environmental aspects, outsourcing issues, etc.
  • 9. The benefits ISO27000 • Reduction in possibly damaging/embarrassing information leaks and failures • Total risk mitigation, security of brand equity • Reduction in costs due to fewer security incidents • Common policies and control across the whole organisation • Increased staff awareness • Better monitored and audited systems and information flows • The risk significantly reduced
  • 10. “where does the ISO 20000-1 fit in with ISO 27001?”
  • 11. Organization ISO/ IEC 27001 ISO/ IEC 2000-1 Spesific to ISO/ IEC 27001 Clasification of informat ion Informat ion asset managment Spesific to ISO/ IEC 2000-1 Budgeting and accounting for service Business relationship managment Design and t ransition of new and changed services Service level managment Resource management Risk assesment Roles and responbilities Informat ion securit y management Service continuit y and avaibilit y management Supplier management Capacit y management Change management Incident and service request management Problem management Release and deployement management Shared parts (some overlaps, some diferences) Common parts (identical between standarts) - Cont inual Improvement - PDCA - Legal and regulat ory compliance - Training and awarness - Management Review - Document at ion management Focus on serviceFocus on informat ion asset s
  • 12. Advantages in integrated management system

Editor's Notes

  1. Perumusan praktek ITIL ke dalam standar internasional Pengelolaan 13 layanan TI kunci untuk memenuhi kebutuhan bisnis (terutama berfokus secara internal) Menentukan sejumlah proses terkait erat yang membawa bersama-sama akan membantu memastikan bahwa organisasi memberikan layanan TI berhasil pelanggan internal Komprehensif tapi tidak menyeluruh Perencanaan, pelaksanaan, pemantauan, perbaikan layanan baru dan berubah
  2. Integrated SMS and ISMSIt is ISO 27001 which fits in to ISO 20000 and specifically in Section 6.6 Information Security Management.  This section addresses information security policy, controls and changes/incidents as related to IT-based information.  ISO 27001 can provide much further details and information in terms of setting up security elements in your organisation.  ISO 27001 tells you “how” to do it rather than stating that you “have” to do it.In other words, aim to combine some of the implementation activities such as the auditreview / risk assesment.  There are advantages to having a single audit team to look at both Management Systems.  This eliminates redundancies and gives good value for money and make organitization established one of aspect in good delivery service.  As stated above, both standards use common management approaches, are both based on processes and also use the PDCA principles. 
  3. There are a number of advantages in implementing an integrated management system which takes into account not only the services provided but also the protection of information assets. These benefits can be experienced whether one standard is implemented before the other, or both standards are implemented simultaneously. Management and organizational processes, in particular, can derive benefit from the similarities between the International Standards and their common objectives. Key benefits of an integrated implementation include: a) the credibility, to internal or external customers of the organization, of an effective and secure service; b) the lower cost of an integrated programme of two projects, where achieving both service management and information security are part of an organization’s strategy; c) a reduction in implementation time due to the integrated development of processes common to both standards; d) elimination of unnecessary duplication; e) a greater understanding by service management and security personnel of each others’ viewpoints;