“By attaining these certifications we have demonstrated that our IT organization adopts and practices the processes required for effective service delivery and enterprise security,” said Mahendra Durai, senior vice president, IT Technology and Strategy Office, CA Technologies. “Many clients require ISO 20000 and ISO 27001 compliance as a condition for awarding contracts to CA Technologies. Once again, we can provide independent evidence of our commitment to service and security for our company and to our customers.”
To achieve certification against each standard, all processes must be adequately documented and demonstrated to an independent auditor to ensure that they are being executed based on documented policies, procedures and work instructions. The thorough audit process was conducted by an accredited independent auditor.
ISO/IEC 20000 is a family of international IT standards that allows companies to demonstrate excellence and prove best practice in IT Service Management. The standard ensures companies can achieve evidence-based benchmarks to continuously improve their delivery of IT services. ISO/IEC 20000 was released in 2005 based on the IT infrastructure library (ITIL®) best practice framework, and updated in 2011.*
ISO/IEC 27001 is an Information Security Management System (ISMS) standard. It was published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The standard requires companies to put in place and maintain adequate security controls to protect information assets at all times. A rigorous audit must be undergone before a company can achieve ISO/IEC 27001 certification.*
*Language for standards provided by ISO.