Correspondence STD ISO 9001/20000-1 & 27001

Clause ISO 9001 Clause ISO 20000-1 Clause ISO 27001

4 Context of the organization 4 Context of the organization 4 Context of the organization
understanding the organization and understanding the organization and its understanding the organization
4.1 its context 4.1 context 4.1 and its context

understanding the need and understanding the need and expectations understanding the need and
4.2 expectations of interested parties 4.2 of interested parties 4.2 expectations of interested parties
determining the scope of the
determining the scope of the quality determining the scope of the service information security management
4.3 management system 4.3 management system 4.3 system
5 Leadership 5 Leadership 5 Leadership
5.1 Leadership and commitment 5.1 Leadership and commitment 5.1 Leadership and commitment
5.1.1 General
5.1.2 Customer Focus
5.2 Policy 5.2 Policy 5.2 Policy
establishing the service management
5.2.1 Establishing the quality policy 5.2.1 policy
Communicating the service management
5.2.2 Comunicating the quality policy 5.2.2 policy
Organization Roles , responsibilities Organization Roles , responsibilities and Organization Roles ,
5.3 and authorities 5.3 authorities 5.3 responsibilities and authorities

6 Planning 6 Planning 6 Planning

Action to address risks and Action to address risks and
6.1 opportunities 6.1 Action to address risks and opportunities 6.1 opportunities
6.1.1 General
Information security risk
6.1.2 assessment
Information security risk
6.1.3 treatment
Quality objectives and planning to Service management objective and Information security objectives
6.2 achieve them 6.2 planning to acheive them 6.2 and planning to achieve them
6.2.1 establish objectives 6.2.1 establish objectives
 6.2.2 plan to achieive objective 6.2.2 plan to achieive objective

6.3 Planning of changes 6.3 Plan the service management system

Support of the service management
7 Support 7 system 7 Support
7.1 Resources 7.1 Resources 7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
Environment for the operation of
7.1.4 processes

7.1.5 Monitoring and measuring reources

General
Measurement traceability
7.1.6 Organizational knowledge
7.2 Competence 7.2 Competence 7.2 Competence
7.3 Awarness 7.3 Awarness 7.3 Awarness
7.4 Communication 7.4 Communication 7.4 Communication
7.5 Documented Information 7.5 Documented Information 7.5 Documented Information
7.5.1 General 7.5.1 General 7.5.1 General
Creating and updating documented
7.5.2 Creating and updating 7.5.2 information 7.5.2 Creating and updating
Control of documented
7.5.3 Control of documented information 7.5.3 Control of documented information 7.5.3 information
Service management system
7.5.4 documented information
Operation of the service management
8 Operation 8 system 8 Operation
8.1 Operation , planning and control 8.1 Operation , planning and control 8.1 Operation , planning and control
Requirements for products and Information security risk
8.2 services 8.2 Service portfolio 8.2 assessment
8.2.1 Customer communication 8.2.1 Service delivery
Determining the requirements for
8.2.2 products and services 8.2.2 Plan the sevice
 Review of requirements for product Control of parties involved in the service
8.2.3 and services 8.2.3 lifecycle
Changes to requirements for
8.2.4 products and services 8.2.4 Service catalogue management
8.2.5 Asset management
8.2.6 Configuration management
Design and development of products Information security risk
8.3 and services 8.3 Relationship and Agreement 8.3 Treatment
8.3.1 General 8.3.1 General

8.3.2 Design and development planning 8.3.2 Business relationship management

8.3.3 Design and development Inputs 8.3.3 Service level management

8.3.4 Design and development controls 8.3.4 Supplier Management

8.3.5 Design and development outputs

8.3.6 Design and development changes

Control of externally provided
8.4 processes, products and services 8.4 Supply and Demand

8.4.1 General 8.4.1 Budgeting and accounting for services

8.4.2 Type and extent of control 8.4.2 Demand management

8.4.3 Information for external providers 8.4.3 Capacity management

8.5 Production and service provision 8.5 Service Design, build and transition
Control of production and service
8.5.1 provision 8.5.1 Change management
8.5.2 Identification and traceability 8.5.2 Service design and transition
8.5.3 Property belonging to customers 8.5.3 Release and Deployed management
8.5.4 Preservation 8.5.3 Release and Deployed management
8.5.5 post-delivery activities
8.5.6 Control of Changes
8.6 Release of products and services 8.6 Resolution and fulfilment
 8.6.1 Incident management
8.6.2 service request management
8.6.3 problem management

8.7 Control of nonconforming outputs 8.7 Service assurance

8.7.1 Service availability management
8.7.2 Service continuity management
8.7.3 information security management
9 Performance evaluation 9 Performance evaluation 9 Performance evaluation
Monitoring , measurement , analysis Monitoring , measurement , analysis and Monitoring , measurement ,
9.1 and evaluation 9.1 evaluation 9.1 analysis and evaluation
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation
9.2 Internal Audit 9.2 Internal Audit 9.2 Internal Audit
9.3 Management Review 9.3 Management Review 9.3 Management Review
9.3.1 General
9.3.2 Management Review inputs
9.3.3 Management review outputs
9.4 Service reporting
10 Improvement 10 Improvement 10 Improvement
10.1 General
Non conformity and corrective
10.2 Non conformity and corrective action 10.1 Non conformity and corrective action 10.1 action
10.3 Continual Improvement 10.2 Continual Improvement 10.2 Continual Improvement