Information security is no small matter! The necessity of ISO20000 and ISO27001
Release Date:
2021-10-08 14:31
Source:
With the rapid development of the internet, our lives are becoming increasingly information-based, and information technology is getting closer to our daily lives. Of course, the development of anything has two sides; while informatization changes life and brings convenience, it also carries considerable risks.
01
According to statistics, two companies worldwide go bankrupt every minute due to information security issues. Among all information security incidents, only 20%-30% are caused by hacker attacks or other external reasons, while 70%-80% result from negligence or intentional leaks by internal employees; at the same time, 78% of corporate data breaches come from improper operations by internal staff. Therefore, enterprise information security construction requires both internal and external efforts to build a comprehensive enterprise information security solution. A certain electronic hardware expansion software service manufacturer, with business development from hardware products to software services, increasingly relies on informatization. The importance of information security assurance, especially the protection of trade secrets, is becoming more prominent. How to properly strengthen information security construction within reasonable investment to minimize or avoid economic losses and impacts on the enterprise caused by information leakage, loss, or damage is a key concern.
The company can improve its management level and information security standards overall by obtaining ISO 27001 and ISO 20000 certifications.
02
ISO 20000 is an IT service management standard aimed at organizations, designed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an IT service management system (ITSM).
ISO/IEC 27001 is the basis for a comprehensive or partial information security management system assessment of an organization. It can serve as the standard for auditing and certifying an organization's comprehensive or partial information security management system.
Currently, many enterprises obtain ISO 20000 certification after ISO 27001 certification to improve overall IT service quality. However, many companies are unclear about the relationship between the ISO 20000 IT service management standard and the ISO 27001 information security management standard.
As is well known, the new version of ISO 27001 was officially released on October 19, 2019. Below is an explanation of the relationship between ISO 27001 and ISO 20000.
03
Different focus of the subjects
ISO 20000 is process-centered, defining a series of relatively abstract process objectives, while ISO 27001 focuses on control points/control measures, which are more specific.
Different emphasis in system standards
ISO 20000 is a quality system standard aimed at IT service management, whereas ISO 27001 is a quality standard specification aimed at information security. ISO 20000 emphasizes achieving quality management standards through processes, while ISO 27001 emphasizes achieving information security management goals through risk control points.
Common characteristics of system standards
For example: incident management, business continuity management, information asset management, etc. Most enterprises choose to implement ISO 20000 and ISO 27001 certification projects together to fully leverage the complementary features of the two systems, thereby more comprehensively and systematically controlling the company's service operation and maintenance system and security management.
Different scopes
ISO 20000 applies to the IT service department of an enterprise, usually the IT department; ISO 27001 applies to the entire enterprise, including not only the IT department but also business, finance, human resources, and other departments.
There is an essential difference between ISO 20000 certification and ISO 27001 certification: ISO 20000 is an IT information technology service management system, while ISO 27001 is an information security management system.
In terms of information security protection, we certainly cannot rely solely on our management system. Under the premise that our management system provides us with certain direction and foundation, we must implement the standards and engrain information security awareness in our minds. Only by being constantly vigilant about information security can we achieve true information security protection.
Related News
Based on the strategic plan proposed by the headquarters, United Zhiye takes the upgrade of its product system as a key driver to build a three-tiered business structure—comprising “zero-carbon factory solutions + carbon-related products + integrated comprehensive services”—and thereby develop end-to-end service capabilities. The original enterprise’s integrated approach to low-carbon development has been upgraded to an integrated approach to zero-carbon development, which we regard as a milestone event. While the zero-carbon factory business focuses on deepening engagement in the manufacturing sector, the integrated approach to zero-carbon enterprise development transcends industry boundaries, extending its reach to the service sector and thus covering a broader scope of services.
Recently, the Ministry of Industry and Information Technology issued the latest revised "Administrative Measures for the Tiered Cultivation of High-Quality Small and Medium-Sized Enterprises" (hereinafter referred to as the "Measures"), which have expanded the scope of cultivation by including technology-based SMEs in the tiered cultivation system for the first time. In the future, the tiered system for high-quality SMEs will encompass technology- and innovation-driven SMEs, specialized, refined, distinctive, and innovative SMEs, and "Little Giant" enterprises that are specialized, refined, distinctive, and innovative. The "Measures" will take effect from April 1, 2026.
Recently, five departments—the Ministry of Industry and Information Technology, the National Development and Reform Commission, the Ministry of Ecology and Environment, the State-owned Assets Supervision and Administration Commission of the State Council, and the National Energy Administration—jointly issued the "Guiding Opinions on Promoting the Construction of Zero-Carbon Factories" (MIIT Joint [2026] No. 13, hereinafter referred to as the "Guiding Opinions"). These opinions aim to tap deeply into the potential for energy conservation and carbon reduction in the industrial and information technology sectors, drive carbon reduction and efficiency improvements in key industries, promote a green and low-carbon transformation, and foster the development of new-quality productive forces.
This standardization effort will provide an in-depth interpretation of the new version of the rules and systematically analyze the significant changes and implementation requirements of the new rules in areas such as audit procedures, responsibilities of top management, evidence management, and risk control.
Understand at a Glance | Guangdong Province’s Zero-Carbon Park Development Plan
Recently, the Guangdong Provincial Development and Reform Commission, the Guangdong Provincial Department of Industry and Information Technology, the Guangdong Provincial Department of Ecology and Environment, and the Guangdong Provincial Energy Administration jointly issued the "Guangdong Province Zero-Carbon Park Construction Plan."
Related Downloads
Related News
undefined
Core Business
Company Overview
Contact Us
Address: No. 170 Beiyuan Road, Chaoyang District, Beijing, Triumph City (Triumph Center)Building C 17th Floor / Building F Room 303
Email:vip-market@uiiso.com
WeChat Official Account
Website QR Code
© 1999-2023 United Intelligence Certification Ltd Copyright United Intelligence Ltd
