The Institute for Standardization of Bosnia and Herzegovina, through its Technical Committee BAS/TC 1, Information Technology, has adopted the fourth edition of BAS ISO/IEC 27013:2025, Information Security, Cybersecurity and Privacy Protection — Guidance on the Integrated Implementation of ISO/IEC 27001 and ISO/IEC 20000-1, which is a translation of the English version of ISO/IEC 27013:2021.

BAS ISO/IEC 27013:2025 gives guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for organizations intending to:

a)    implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa;

b)    implement both ISO/IEC 27001 and ISO/IEC 20000-1 together; or

c)    integrate existing management systems based on ISO/IEC 27001 and ISO/IEC 20000-1.

This document focuses exclusively on the integrated implementation of an Information Security Management System (ISMS) as specified in ISO/IEC 27001 and a Service Management System (SMS) as specified in ISO/IEC 20000-1.

The original texts of the standard were prepared by the Technical Committee ISO/IEC JTC 1/SC 27, Information security, cybersecurity and privacy protection, whose secretariat is held by National Standardization Body of Germany (DIN).