www.tms-ua.comTMS - Cooperation partner of TÜV SÜD

EFFECTIVE SERVICE MANAGEMENT

based on

ISO/IEC 27001 & ISO/IEC 20000-1

www.tms-ua.comTMS - Cooperation partner of TÜV SÜD

INTRODUCTION

A Management System is the framework of policies, processes and procedures used to ensure that an organization can fulfill all tasks required to achieve its objectives.

Management responsibilityDocument managementResource managementManagement reviewInternal auditContinuous improvement

Information security policyRisk managementInformation security controlsSecurity incident management

ISO 9001Quality

management

ISO/IEC 20000IT Service

management

ISO/IEC 27001Information security

management

www.tms-ua.comTMS - Cooperation partner of TÜV SÜD

ISO/IEC 20000 - IT SERVICE MANAGEMENT

• ISO 20000 is a global standard that describes the requirements for an information technology service management (ITSM) system. The standard was developed to mirror the best practices described within the IT Infrastructure Library (ITIL) framework.

• An IT Service organization can use ITIL to implement ITSM processes according to best practices, and ISO 20000 can be used for implementation and measurement of essential processes.

ISO/IEC 20000-1

Specification

ISO/IEC 20000-2Code of Practice

ITIL, CobiT, etc.Best practices

Processes, Policies, Procedures, Instructions

Requirements

Management Overview

Process definitions

Deployed In-House

Certification

www.tms-ua.comTMS - Cooperation partner of TÜV SÜD

ISO/IEC 27001 - INFORMATION SECURITY MANAGEMENT

• ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. Managements commitment to a management system providing governance over

information company wide, data governance Asset inventory allowing the formal identification of information repositories in addition

to software, hardware, people, telecommunications and physical property Information classification identifying the categories of information and what controls

need to be applied during the course of regular business activities Continuous improvement allowing management to address quality, which translates

into cost savings by supporting and following up on defects in service delivery impacting availability, software, information repositories impacting data integrity and confidentiality enforcing security standards and processes, etc.

www.tms-ua.comTMS - Cooperation partner of TÜV SÜD

Points?

INTEGRATED MANAGEMENT SYSTEM

An Integrated Management System (IMS) combines all related components of a business into one system for easier management and operations.  

IT Service and Information Security management systems can be combined and managed as an IMS. These systems will be not separate systems that joined together, rather they will be integrated with linkages so that similar processes will seamlessly managed and executed without duplication.

Cost and resource saving

Risk management

Finance performance

Corporate reputation

Improved communication

Streamlined business

operations

www.tms-ua.comTMS - Cooperation partner of TÜV SÜD

ISO

270

01

ISO

200

00

ISO 27001 AND ISO 20000

0 Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Context of the organization

5 Leadership

6 Planning

7 Support

8 Operation

9 Performance evaluation

10 Improvement

Introduction 1 Scope

2 Normative references

3 Terms and definitions

7 Relationship processes

6.6.1 c) & d) Information security policy

6 Service delivery processes

6.6 Information security management

4.5.5 Maintain and improve the SMS

4.5.4 Monitor and review the SMS

4.1 Management responsibility

4 Service management system general requirements

4.5.3 Implement and operate the ISMS

6.3 Service continuity and availability management

5.2 Plan new or changed services

4.5.2 Plan the SMS

4.5 Establish and improve the SMS

• Policy• Definition of

objectives• Definition of

roles and responsibilities

• Awareness• Communications• Control of

documents and records

• Management of metrics

• Internal audit• Management review• Corrective/Preventive

actions and continual improvement

www.tms-ua.comTMS - Cooperation partner of TÜV SÜD

TECHNICAL TOOLS

Change management database system Management and planning Configuration identification Configuration control Status accounting Verification & audit

Help desk system Knowledge Management Problem Management Access Management Service Catalog

Data loss prevention system Discover where data is stored Monitor how data is being used Protect data from being leaked or stolen

Security information and event management system

Log management Turn data into useful

information The automated events

analysis Dashboards Gathering of compliance data

(security, governance and auditing processes)

Long-term storage of historical data

Forensic analysis

www.tms-ua.comTMS - Cooperation partner of TÜV SÜD

SUCCESS STORY

TMS - Cooperation partner of TÜV SÜD www.tms-ua.com

TMS LLC04070, Kyiv, Ukraine9 Naberezhno-Khreschatitskaya str.Tel.: +380 44 500 3345Fax: +380 44 500 3346info@tms-ua.comwww.tms-ua.com

Management Systems Ltd.N4 Bokhua str. Tbilisi, Georgia Tel: (+ 995 32) 2 14 73 73info@managementsystems.gewww.managementsystems.ge