not at draft stage approximately 50% (rough draft only) 60 - 80 % (developed draft, with limited records) 90 % + (limi ted revisions required)
Require d ISO 20000 Documents Do cu ment Ty Type
General requirement
Do cu mentatio n IS ISO 20 20000
ITSM Risk Management (included in Service Management Plan) Risk Assessment Service Management and Improvement Policy
4,1
Management Review Plan
4,3
Audit Program
4,3
Audit Procedure
4,3
Service Improvement Record
4.4.2
Supplier Management Incident Management Problem Management
Release
misc.
6,1
6,1 6,1 6,2 6,2 6,3 6,3 6,3
ISO 27001 Business Continuity controls A 14.1.1 - 14.1.5
6,3
ISO 27001 Business Continuity Planning controls 14.1.3, 14.1.4
Business Continuity Risk Assessment
6,3
Business Continuity Test Procedure
6,3
Business Continuity Test Record Budgeting & Accounting Policy
6,3
Budgeting & Acccounting Procedure
6,4
6,4
6,4 6,4 6,4
ISO 27001 Capacity Management control A 10.3.1
6,5 6,5 6,3 6,6
ISO 27001 4.2.1 Establish the ISMS; control A 5.1.1
Information Security Management System (27001) Security Incident Investigation Procedure Security Control Records Security Risk Assessment Security Incident Reporting
6,6
Complaints process
7,2
ISO 9001 Customer Communication 7.2.3
7,2
ISO 9001 Customer Satisfaction 8.2.1
Customer Feedback process (QMS elements) Business Relationship Management Procedure Customer Service Review Records Supplier Management Procedure Legal Procedure Supplier Contracts and SLA's Supplier Review Records Incident Management Procedure Incident Report Record Incident Records Incident Reporting Problem Management Procedure Problem Records (functions as known error database) Configuration Policy Configuration Management Plan
Configuration Configuration Management Procedure Management Configuration Audit Procedure
Change
5
6,3
Information Security Policy
ISO 9001 8.5.1 Continual Improvement; ISO 27001 (same) 8.1 ISO 9001 8.5.1 Continual Improvement; ISO 27001 (same) 8.1
6,1
Business Impact Analysis
Summary Performance Reporting Capacity / Availability Management Procedure Capacity and Capacity Plan Availability Capacity / Availability Records Capacity / Availability Reporting
ISO 9001 Management Review 9.6; ISO 27001 Review 7 ISO 9001 Audit Requirements 8.2.2; ISO 27001 Audit Controls control 15.3.1 ISO 9001 Internal Audit 8.2.2; ISO 27001 6
4,4
4.4.2
Customer Handbook Service Reporting Procedure Service Report Summary Record Business plan Business Continuity Policy Business Continuity Framework Document (ISD) Business Continuity Plans
ISO 9001 Control of Documents and Records 4.2.2, 4.2.3; ISO 27001 4.3.2 and 4.3.3 ISO 9001 (same) 6.2.2; ISO 27001 (same) 5.2.2
4,3
Service Improvement Procedure
Budgeting & Accounting Budget Approval Form and Records
Business Relationship
3.1 a, 4.4.1
3,3
Service Level Management Procedure
ISO 27001 Establish the ISMS 4.2.1
3,1
Service Management Plan
Service Level Service Level Agreements Management Standard Service Support Reference
Information Security
3,1
Competence, Awareness, Training
New and Changed Services Implementation Plan
Business Continuity
ISO 20000 ISO 9001 or ISO 27001 clause clause
3,2
Corrective and Preventative Action
erv erv ce Reporting
ISO System Mapping and Ownership
Document Control Procedure
Plans and Procedure Procedures Corrective and Preventative Action (System level) Record
6,5
6,6
ISO 27001 Incident Responsibilities and Procedures control A 13.2.1
6,6 6,6
7,2 7,2 7,3 7,3 7,3 7,3 8,2 8,2 8,2 8,2 8,3 8,3 9,1 9,1 9,1 9,1
Configuration Management Database
9,1
Configuration Audit Results Change Policy
9,1
Change Management Procedure
9,2
Change Records List of Routine Changes CAB Meeting Minutes Change Schedule Release Policy Release Plan Record Release Management Procedure
9,2
9,2
ISO 27001 Change Management control A 10.1.2; Change Control Procedure A 12.5.1
9,2 9,2 9,2 10,1 10,1 10,1
Release Detail Records
10,1
Management System Integration
N/A
Senior system owner Management representative Business relationship manager Supplier process manager Service level process manager Security manager Finance manager System Roles Business Continuity manager Capacity manager Change process owner Service Reporting process mgr. Configuration process manager Release process owner Incident process manager Problem process manager
drafted by: record date:
ISO 20000 System Map
3,1 3,1 7,2 7,3
ISO 27001 System acceptance control A 10.3.2 ISO 9001 Compatability with other management systems 0.4; ISO 27001 (same) 0.3
Department Ownership
Company Reference Document
Department Functional Scope (records relate to primary content coverage; other docs to responsibility to generate)
emark
