QMS and ISMS

2. Can the MR of QMS can act as MR for ISMS also? Or only Software professional should be appointed as MR?

3. We have a procedure for Data and document control for QMS. Can this be amended to include the soft copy data / information and used for ISMS?

Answers:
1.- It is not mandatory, I mean, not only software professional can be trained as auditor. This article can be interesting for you “Qualifications for an ISO 27001 Internal Auditor” : https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/

2.- From my point of view a MR (Management Representative) is a fundamental part in a QMS and in a ISMS, and this profile is necessary for both systems, but it is not necessary that has a specific profile like a software professional (remember that ISO 27001 is about information security, so it covers many areas: IT, HR, compliance, etc). So, yes the MR of QMS can act as MS for ISMS.

3.- For me data/document control and soft copy data/information are things completely different (I suppose that with soft copy data/information you mean the software to copy data/information, that in the context of ISO 27001 is a backup software), so from my point of view¸it is better if you separate their procedures in different documents, although it is only my point of view, and there is no problem if you decide to integrate both in a unique document.

By the way, our online course about internal auditor can be interesting for you to become internal auditor “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/