Free Downloads

ISO 20000: 2011
ITIL 2011 MMap

Request for Change (RFC) Template

Major Incident Report Template

ISO 20000/ITIL Timeline poster


Sponsored Links



Apr 18, 2012

ISO 9000 - ISO/IEC 27001 - ISO/IEC 20000: How do They Fit Together?

With newly refreshed ISO/IEC 20000 alignment to ISO 9001 and ISO/IEC 27001, I thought it would be nice to have a set of more detailed information about relations between these three, all in one place.

Think, there is a great chance that a Service Provider aiming for 27001 or 20000 already implemented ISO 9001. And once we have two standards out of these three, how much more work is it to get the third one?

For new people here:

If a company already adopted a Quality Management mindset from 9001, then going either for 27001 (Information Security Management) or 20000 (Service Management) is a natural thing. Usually the order of implementation is determined by local market demand and governmental regulation of the core business (Financial organizations, Service providers, military...).

Implementation of ISO/IEC 27001 brings a significant market advantage to a Service Provider, since it is often a requirement in tenders, especially in European countries. It will make you care about security, both yours and of your customer. In the beginning it will feel a bit restraining, but for a good reason. It will significantly reduce risks of losing contracts due to information security reasons.

ISO/IEC 20000 requires a broad specter of implemented processes, but if you are a service providing organization with some experience and knowledge of ITIL (could it be otherwise?), then it shouldn't be a problem. It will only make you define neglected or less cared for aspects and Service Management processes.

Here is a simple diagram I use in presentations to communicate a quick win-win feeling to the audience:
Overlapping ISO 9001, 27001 and 20000
How ISO 9001, 27001 and 20000 overlap

And here is a table of more detailed relations.
ISO 9001 - ISO/IEC 27001 - ISO/IEC 20000 Mapping
ISO 9001 - ISO/IEC 27001 - ISO/IEC 20000 Mapping

This is still a working version of the table, but still pretty usable. Hope you enjoy it. If it displays too small for you when clicked on, you can copy it with rightclick and paste it to your favorite text or picture editor. Or, click here on my Google pages.


Anonymous said...

Youre so awesome, man! I cant believe I missed this blog for so long. Its just great stuff all round.

doctor said...

just my thoughts! :)
thank you friend for the kind words. live long and prosper.

Anonymous said...

very nice post, i certainly love this website, keep on it

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...

Appreciate it for this tremendous post, I am glad I found this website on yahoo.

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...

Excellent post. I learned a lot reading it. Thanks.

Anonymous said...

I was just seeking for this information for a while.

Anonymous said...


can you share your thoughts on the amount of time require to deliver this Multi Standard model for Small enterprise (< 500 Employee)