ISO/IEC 27013 is an international standard that provides specific guidance on the integrated implementation of an Information Security Management System (ISMS) according to ISO/IEC 27001 and an IT Service Management System (ITSMS) according to ISO/IEC 20000-1. It addresses the challenges of combining these two management systems, offering a framework for aligning policies, processes, and objectives. The standard helps organizations to reduce duplication of effort, streamline documentation, and conduct more efficient, integrated audits. It is the only standard listed that is explicitly designed to guide the implementation of an integrated management system involving ISO/IEC 27001.

A. ISO/IEC 27003: This standard provides implementation guidance for ISO/IEC 27001 alone; it does not cover integration with other management system standards.

C. ISO 9001: This is a requirements standard for a Quality Management System (QMS). While it can be integrated with ISO/IEC 27001, it does not provide the guidance on how to perform the integration.

D. None of the above: This is incorrect because ISO/IEC 27013 is the correct standard that provides guidance for integrated implementation with ISO/IEC 27001.

1. International Organization for Standardization (ISO). (2021). ISO/IEC 27013:2021 Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1. Geneva, Switzerland: ISO.

Scope (Section 1): "This document provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for organizations that are intending to either: a) implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa; b) implement both ISO/IEC 27001 and ISO/IEC 20000-1 together; or c) integrate existing management systems based on ISO/IEC 27001 and ISO/IEC 20000-1."

2. International Organization for Standardization (ISO). (2017). ISO/IEC 27003:2017 Information technology — Security techniques — Information security management systems — Guidance. Geneva, Switzerland: ISO.

Scope (Section 1): This document is described as providing "explanation and guidance on ISO/IEC 27001:2013," confirming its focus is solely on the ISMS standard itself.

3. Graňa, M., & Grolmus, M. (2014). Integration of Management Systems according to ISO 9001, ISO/IEC 27001 and ISO/IEC 20000-1. Procedia Engineering, 96, 588-596.

Section 3, Paragraph 2: The paper explicitly mentions that "The standard ISO/IEC 27013 provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1." This peer-reviewed source confirms the specific purpose of ISO/IEC 27013.

DOI: https://doi.org/10.1016/j.proeng.2014.12.200