ISO 20000 - ITIL - IT Service Management:

“ITIL (IT Infrastructure Library) is the most widely accepted approach to IT Service Management in the world. ITIL provides a cohesive set of best practice, drawn from the public and private sectors internationally. It is supported by a comprehensive qualifications scheme, accredited training organizations, and implementation and assessment tools.” ITIL standard BS 15000 has now become ISO 20000, a two part standard: ·        ISO/IEC 20000 Part 1:2005 “Information technology service management. Specification for Service Management.” describes the requirements for IT service management against which organizations may be independently certified.

ISO/IEC 20000 Part 2:2005 “Information technology service management. Code of Practice for Service Management.” gives more practical guidance to implementers, a suite of best practices for IT service management

ISO 21827 - Systems Security Engineering Capability Maturity Model:

Like other Capability Maturity Models (CMMs), the Systems Security Engineering (SSE) CMM defines the essential characteristics of SSE processes, emphasizing those which indicate process maturity. The model covers the entire systems development lifecycle from concept definition to decommissioning. It applies to those developing or integrating secure products/systems, and those providing specialist security services such as security engineering

      Conclusion

Along with the recent promotion of networking business processes in areas such as supply chain management (SCM) or e-commerce, the scope of our business community has been expanding and increasing in terms of transaction volumes and speed. Thanks to the development of information and network technologies, the requirements this creates are easily fulfilled, from business organizations through to the governmental level. On the other hand, we have occasionally come across incidents of business discontinuity not only in one specific organization, but also in several organizations linked within a supply chain ore-commerce network. The scope of disruption has also been expanding and increasing in size and speed. In such circumstances, BCP (Business Continuity Planning) has become increasingly important to ensure “resiliency” in business communities as a proactive business initiative. BCP has evolved from conventional DRP (Disaster Recovery Planning) and has integrated the perspective of continuing business operations at an acceptable level to protect the tangible and intangible assets of organizations based on business impact analysis. Stand-alone BCP is insufficient to achieve “resiliency” in the business community as a whole. Some methodologies, systems for professional skill development, and social systems for wide spread application of BCP will be required to establish security in business communities. In Japan, several BCP guidelines have already been issued, or will soon be issued, by the Ministry of Economy, Trade and Industry, the Cabinet Office, the Small and Medium Enterprise Agency, and major industry associations. Many private and public organizations have already recognized the importance of BCP and started establishing BCP programmes to share within their own communities.

  Although international standardization of BCP will no doubt contribute to supporting those efforts, careful discussions regarding the scope of application and approaches to implementation will be required to avoid an unnecessary burden on organizations. Too much standardization may become a threat to business continuity. Required levels and threats to business continuity should  differ by organization, industry, or country. The differences in each organization’s mission and social responsibility should also be reflected. Considering those discussion points, international standardization of BCP will be desirable in a guideline format to provide each organization with as hared baseline framework for each business community, to be supported by local standardization through development of specific action plans.