not at draft stage approximately 50% (rough draft only) 60 - 80 % (developed draft, with limited records) 90 % + (limited revisions

required)

ISO 20000 System Map

ISO System Mapping and Ownership
ISO 20000 ISO 9001 or ISO 27001 clause clause
ISO 27001 Establish the ISMS 4.2.1

drafted by: record date:

Required ISO 20000 Documents

Document Type Documentation ISO 20000

Company Reference Document

Department Functional Scope

(records relate to primary content coverage; other docs to responsibility to generate)

Remarks

Department Ownership

General requirement

ITSM Risk Management (included in Service Management Plan) Risk Assessment Service Management and Improvement Policy Document Control Procedure Competence, Awareness, Training Service Management Plan Management Review Plan Audit Program Audit Procedure Corrective and Preventative Action

3,1 3,1 3.1 a, 4.4.1 3,2 3,3 4,1 4,3 4,3 4,3 4,3 4,4 4.4.2

ISO 9001 Control of Documents and Records 4.2.2, 4.2.3; ISO 27001 4.3.2 and 4.3.3 ISO 9001 (same) 6.2.2; ISO 27001 (same) 5.2.2 ISO 9001 Management Review 9.6; ISO 27001 Review 7 ISO 9001 Audit Requirements 8.2.2; ISO 27001 Audit Controls control 15.3.1 ISO 9001 Internal Audit 8.2.2; ISO 27001 6

Plans and Procedure Procedures Corrective and Preventative Action (System level) Record
Service Improvement Procedure Service Improvement Record New and Changed Services Implementation Plan Service Level Management Procedure

4.4.2 5 6,1 6,1 6,1 6,1 6,2 6,2 6,3 6,3 6,3 6,3 6,3 6,3 6,3 6,3 6,4 6,4 6,4 6,4 6,4 6,5 6,5 6,3 6,6 6,5 6,6 6,6 6,6
6,6

ISO 9001 8.5.1 Continual Improvement; ISO 27001 (same) 8.1 ISO 9001 8.5.1 Continual Improvement; ISO 27001 (same) 8.1

Service Level Service Level Agreements Management Standard Service Support Reference Service Reporting
Customer Handbook Service Reporting Procedure Service Report Summary Record Business plan Business Continuity Policy Business Continuity Framework Document (ISD) Business Continuity Plans Business Impact Analysis Business Continuity Risk Assessment Business Continuity Test Procedure Business Continuity Test Record Budgeting & Accounting Policy

ISO 27001 Business Continuity controls A 14.1.1 - 14.1.5 ISO 27001 Business Continuity Planning controls 14.1.3, 14.1.4

Business Continuity

Budgeting & Budgeting & Acccounting Procedure Accounting Budget Approval Form and Records
Summary Performance Reporting Capacity / Availability Management Procedure Capacity Plan Capacity / Availability Records Capacity / Availability Reporting Information Security Policy Information Security Management System (27001) Security Incident Investigation Procedure Security Control Records Security Risk Assessment Security Incident Reporting Complaints process Customer Feedback process (QMS elements) Business Relationship Management Procedure Customer Service Review Records Supplier Management Procedure Legal Procedure Supplier Contracts and SLA's Supplier Review Records Incident Management Procedure Incident Report Record Incident Records Incident Reporting Problem Management Procedure Problem Records (functions as known error database) Configuration Policy Configuration Management Plan

Capacity and Availability

ISO 27001 Capacity Management control A 10.3.1

ISO 27001 4.2.1 Establish the ISMS; control A 5.1.1

Information Security

ISO 27001 Incident Responsibilities and Procedures control A 13.2.1

7,2 7,2 7,2 7,2 7,3 7,3 7,3 7,3 8,2 8,2 8,2 8,2 8,3 8,3 9,1 9,1 9,1 9,1
9,1 9,1

ISO 9001 Customer Communication 7.2.3 ISO 9001 Customer Satisfaction 8.2.1

Business Relationship

Supplier Management Incident Management Problem Management

Configuration Configuration Management Procedure Management Configuration Audit Procedure

Configuration Management Database Configuration Audit Results Change Policy Change Management Procedure

9,2 9,2
9,2 9,2 9,2 9,2 ISO 27001 Change Management control A 10.1.2; Change Control Procedure A 12.5.1

Change

Release

Change Records List of Routine Changes CAB Meeting Minutes Change Schedule Release Policy Release Plan Record Release Management Procedure Release Detail Records

10,1 10,1 10,1 10,1

N/A ISO 9001 Compatability with other management systems 0.4; ISO 27001 (same) 0.3 ISO 27001 System acceptance control A 10.3.2

misc.

Management System Integration

Senior system owner Management representative Business relationship manager Supplier process manager Service level process manager Security manager Finance manager System Roles Business Continuity manager Capacity manager Change process owner Service Reporting process mgr. Configuration process manager Release process owner Incident process manager Problem process manager

3,1 3,1 7,2 7,3