Towards an Integrated Management System (IMS), harmonizing the ISO/IEC 27001 and ISO/IEC 20000-2 Standards

In recent times, and in order to maintain an integrated, efficient and homogeneous policy, Integrated Management Systems (IMS) have emerged as an opportunity to improve processes related to Information Technology (IT) in organizations in a way that is modular, consistent and orderly. The ISO 27001 and ISO 20000 standards provide good practices for creating and/or strengthening management infrastructure whose purpose is information security and IT services. In an attempt to provide information on how these standards are related, as well as to facilitate their integration under a single IMS, this article presents the harmonization strategy and results of the harmonization of standards ISO 27001 and ISO 20000 in an organization. The work thereby supports organizations which are interested in knowing how to carry out the harmonization of these models. It also provides a detailed analysis of their similarities and differences, showing an example of how to carry out the integration of related practices between ISO 27001 and ISO 20000-2. In addition, some benefits achieved by the organization are presented.