What is ISO/IEC 27015:2019 ?

ISO/IEC 27015:2019 is an essential international standard that provides organizations with guidelines for implementing, maintaining, and continually improving an information security management system (ISMS) in the context of managing the risks related to the processing of information. It focuses on specific requirements and controls for establishing, implementing, maintaining, and continually improving an ISMS tailored to the unique needs of organizations involved in managing their information security risks.

The purpose of ISO/IEC 27015:2019 is to provide organizations with guidance for establishing, implementing, maintaining, and continually improving a coherent and reliable ISMS, which supports the achievement of information security objectives. It helps organizations develop a systematic approach to manage the risks associated with the processing of information, ensuring confidentiality, integrity, and availability of information assets. The standard also aims to enhance customer confidence and promote best practices for information security management.

ISO/IEC 27015:2019 is built upon the key components of ISO/IEC 27001:2013, which provides a framework for establishing, implementing, maintaining, and continually improving an ISMS. However, ISO/IEC 27015:2019 goes beyond this framework by providing more in-depth guidance on the integration of ISMS and ITSM.

The key components of ISO/IEC 27015:2019 include:

1. The establishment of an information security management system (ISMS): This involves the development of a systematic approach to manage the risks associated with the processing of information.

2. The implementation of controls: This involves the implementation of controls to manage the risks associated with the processing of information.

3. The ongoing improvement of the ISMS: This involves the continually improving the ISMS to ensure it remains relevant and effective.

4. The alignment of the ISMS with other management systems: This involves the integration of the ISMS with other management systems, such as ITSM.

ISO/IEC 27015:2019 helps organizations develop a holistic approach towards managing information security and IT services. This integration allows for better risk management, more effective incident response, and improved overall governance.

In conclusion, ISO/IEC 27015:2019 is an essential international standard that provides organizations with guidance for implementing, maintaining, and continually improving an information security management system. It focuses on specific requirements and controls for establishing, implementing, maintaining, and continually improving an ISMS tailored to the unique needs of organizations involved in managing their information security risks. With the integration of ISO/IEC 27013:2019, the standard offers even more benefits to organizations, including enhanced performance, efficiency, and security.