BS 7799 and ITIL

[NCooper]

Has anyone had any experience of dealing with both ITIL and BS 7799?

I am currently on a Project that is implementing 7799 but our IT guys are banging on about ITIL ... i have had a quick look at the OGC website and the associated links and ITIL seams to be a very IT focussed .... something that I believe BS 7799 was critisised for when it was first released.

Doing both ITIL and BS7799 ... does it have any value???

[Elavarasu]

ITIL is all about IT processes where as BS 7799 is more about controls.
It will be good if you combine these.
Infact ITIL expects that we will refer to BS7799 when it comes to security management.

Regards,
Elavarasu

[Biljana]

I know a company who got certified easily to BS 7799 after they implemented ITIL - it solved a lot of problems on both sides.

[smashingvicky]

Hi Cooper

I am lead auditor for both BS7799 & BS15000. First of all ITIL is only individual certification. A company can't be certified for ITIL but it can be certified for BS15000 which is an IT service management system.

Both of these standards have different clauses & targets. Only few of the controls like internal audits, MRM are same. So, better to have the common procedure integrated & its good if a company goes for both standards

Vikas Garg
Lead Auditor BS7799
Ex- BSI

[Calvin]

There is a very good paper in the ISACA website which aligns the COBIT, ITIL and ISO 17799. U can have a look there. The mapping is proivided in the paper.

ITIL is an individual certification and equivalent certification for organization/process is BS15000 as smashing has pointed correctly