ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements are generic and intended to be applicable to all organizations.
CMMI Svc 3.0
The CMMI-SVC model provides guidance for applying CMMI best practices in a service provider organization which focus on activities for providing quality services to customers and end users. It integrates bodies of knowledge that are essential for a service provider.
IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. Service providers can use it to show that they are capable of meeting their customers’ requirements and service recipients can use it to ensure that their service providers will consistently meet their unique needs and expectations.
CMMI Dev 3.0
The CMMI-DEV model provides guidance for applying CMMI best practices in a development organization. Best practices in the model focus on activities for developing quality products and services to meet the needs of customers and end users.
ISO 9001:2015 specifies requirements for a quality management system where an organization needs to demonstrate its ability to consistently provide products that meets customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system.