BS ISO/IEC 27013:2021 PDF Download

What is BS ISO/IEC 27013:2021 about?

A revised international standard, BS ISO/IEC 27013:2021 aims to help organizations integrate their implementation of an information security management system to BS EN ISO/IEC 27001:2017 and a services management systems to BS ISO/IEC 20000-1:2018.

Who is BS ISO/IEC 27013:2021 for?

Any type and size of organization wishing to provide effective and secure IT services, which will include:

• IT companies such as cloud providers and software developers

• Online and offline service providers

• Financial institutions

• Health organizations with health records

• High tech companies tasked with protecting intellectual property

• Consulting companies seeking the right methodology to resolve their clients’ security issues

What does BS ISO/IEC 27013:2021 cover?

It provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for organizations intending to either:

(a) Implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented or vice versa

(b) Implement both ISO/IEC 27001 and ISO/IEC 20000-1 together

(c) Integrate existing management systems based on ISO/IEC 27001 and ISO/IEC 20000-1

In order for integration to take place, organizations and users should note that their information security management system should be based on a risk assessment process specified in BS ISO/IEC 27001:2017 where the organization selects, implements, monitors and reviews a variety of security controls to manage identified risks.

Conversely, their service management system should support the management of the service lifecycle including planning, designing, transitioning, delivering and improving services with the aim of meeting agreed requirements and delivering value for customers, users and organizations delivering the service. These requirements are stipulated in BS ISO/IEC 20000-1:2018.

NOTE: BS ISO/IEC 27013:2021 focuses exclusively on the integrated implementation of an information security management system (ISMS) as specified in ISO/IEC 27001 and a service management system (SMS) as specified in ISO/IEC 20000-1. In practice, ISO/IEC 27001 and ISO/IEC 20000-1 can also be integrated with other management system standards such as ISO 9001 and ISO 14001.

Why should you use BS ISO/IEC 27013:2021?

• It provides for the credible provision of effective and secure information/IT services

• It can lower the cost of implementing, maintaining and auditing an integrated management system where effective and efficient management of both services and information security are part of an organization’s strategy

• It can reduce implementation time due to the integrated development of processes common to both standards

• It can support better communication, increased reliability and improved operational efficiency through elimination of unnecessary duplication

• It can strengthen the understanding by service management and information security personnel of each other’s viewpoints

• An organization certified to BS ISO/IEC 27001 can more easily fulfil the requirements for information security specified in BS ISO/IEC 20000-1, 8.7.3, as both nationally adopted standards are complementary in requirements

• It can strengthen organizational risk management

BS ISO/IEC 27013:2021 contributes to UN Sustainable Development Goal 9 on industry, innovation and infrastructure by underpinning more secure and resilient infrastructures.