After taking the 27001 Foundation last week, I decided to give it a try and peek into ISO 20000 as well. I had passed an ITIL V3 Foundation cert almost a decade ago and figured it would be a good fit to refresh some insights on IT Service Management aka ITSM. It’s somehow bread and butter to a lot of organizations, and 20k is also a standard you can certify against.

I recently had a short gig at a local internet carrier where I got in touch with the topic of ISO/IEC 27001 - which is fundamentally relevant to the protection of information. Briefly, the standard deals with the implementation, maintenance, and continuous improvement of an Information Security Management System, abbreviated to ISMS. This system ensures that standard measures (‘controls’) are implemented so that information is safe. I never fully understood how Risks, Controls, Processes, and Policies worked together in a unified way and how they fit into the bigger picture.