This research analyzes the demand of two international standards, ISO 27001 (Information Security) and ISO 20000-1 (IT Service Management), and the resulting impact on the demand for ISO consulting. Due to rising security breaches with increased media coverage, the public and the government is starting to recognize the importance of protecting critical data. Implementing an Information Security Management System enables companies to sufficiently safeguard their information in the long-term and adhere to governmental regulations. Companies seek to implement an IT Service Management System in order to implement best practices in their organization and enable themselves to compete in the market on a global basis. ISO 27001 and ISO 20000-1 enable a company to operate in more successful ways by reducing the cost of operations and reducing the risk of severe damages to a company’s reputation in case of any cyberattacks. The standards are complex in nature and most companies do not have enough internal resources to implement the standards on their own. Also, the introduction of an Information Security Management System requires adoption by the entire organization and not just single departments. The scope of such a system requires deepener knowledge of the standards in order to successfully implement the management system and for the company to benefit from its long-term effectiveness. Thus, the demand for the implementation of ISO 27001 and ISO 20000-1 result in an increased demand for the services of ISO consulting firms.


IT information security, IT service management, consulting

Document Type


Year of Completion



Business Administration and Management


Professor Edward G. Verlander

Academic Department

Department of Management