EGI Community Forum 2012

Tutorial: Management of quality, services and information security according to ISO 9000, ISO/IEC 20000 & ISO/IEC 27000 - Overview and practical insights

28 Mar 2012, 16:00

1h 30m

FMI Seminar 2 (25) (Leibniz Supercomputing Centre (LRZ))

Service Management - a gSLM Tutorial including Security

Speaker

Dr Thomas Schaaf (Ludwig-Maximilians-Universität München)

Description of the Work

Additional information:

• ISO 9000 is a series of standards related to Quality Management. The most important part of this series is ISO 9001 defining requirements for quality management systems. ISO 9000 is based upon eight basic principles of Quality Management which will be subject to the tutorial.

• ISO/IEC 20000 deals with IT Service Management and is closely related to ITIL (IT Infrastructure Library). But while ITIL provides a set of good practices for managing IT services, ISO/IEC 20000-1 is much more concise, specifying minimum requirements for IT Service Management processes on just about 24 pages of text.

• ISO/IEC 27000 addresses various topics in the area of Information Security Management, aiming at ensuring an adequate level of confidentiality, integrity and availability of information assets. Besides minimum requirements (ISO/IEC 27001), this standard series covers a code of practice, implementation guidance, guidance on measurements, and a security risk management methodology.

Conclusions

This session provides an insight to the topic areas of Quality Management, IT Service Management and Information Security Management from the perspective of the related ISO standards. This can form a helpful and solid basis for applying (parts of) these standards in the EGI ecosystem.

Impact

The end result of this session should be that participants are aware of the standards ISO 9000, ISO/IEC 20000 and ISO/IEC 27000, know how these standards interrelate, where they can be applied, and what their purpose is.

Overview (For the conference guide)

In many environments and organisations (commercial, government, non-profit), coordination and management follows international standards. The most important and popular standards are ISO 9000 (managing quality), ISO/IEC 20000 (managing IT services) and ISO/IEC 27000 (managing information security).

The goal of this training/tutorial is to deliver insight into the topics of Quality Management, IT Service Management and Information Security Management, based on these ISO standards, and in addition: provide some ideas on how this may be relevant and useful in the EGI/Grid context. The session is run by members of the gSLM project (www.gslm.eu).

This tutorial is targeted to people interested in an overview of ISO 9000, ISO/IEC 20000 and ISO/IEC 27000 and their relationships. It complements the "ITIL tutorial" given during the EGI Technical Forum 2011. However, no previous knowledge is required to attend this tutorial.