Expert Advice Community

Guest

Integrating ISO 27001 and ISO 13485

  Quote
Guest
Guest user Created:   Sep 27, 2019 Last commented:   May 26, 2021

Integrating ISO 27001 and ISO 13485

Do have any advice for implementing ISO27k into an existing ISO13485 certified QMS?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 27, 2019

Before I answer this question is important to note that besides the 2016 version of ISO 13485, all ISO management systems published after 2012 have the same general structure.

Considering that, integrating ISO 27001 with ISO 13485 is possible, but requires a bit more effort than required regarding integration with other management systems, like ISO 9001, and ISO 14001. First, you have to map the relations between ISO 13485:2016 clauses and ISO 9001:2015 clauses (you can do that consulting ISO 13485 Annex B). After that, you can make the link with ISO 27001 clauses.

For example, ISO 13485:2016 clause 4.2 (Documentation requirements) corresponds to ISO 9001:2015 clause 7.5 (Documented information), which is the same clause for ISO 27001.

After this mapping the integration process should consider two phases:
1 – Integration of the common requirements of ISO 13485 and ISO 27001 management systems, e.g., control of documents, internal audit, management review, etc. These will require lesser adjustments to refer to systems covered
2 – Integration of the specific parts of each system. Regarding ISO 27001, this means including in the organizational process the activities related to information security risk assessment and treatment processes.

Regarding the audit of integrated standards, you just need to plan the audit considering a single approach to common requirements and approaches specifics for the core of each one (e.g., a single checklist for common requirements and checklists specific for the main part of each standard).

These articles will provide you a further explanation about integrating ISO management systems and defining audit checklists:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

Quote
0 0
Guest
Guest user May 25, 2021

Is the mapping ISO 27001 vs ISO 13485:2016 available as a template?

Quote
0 0
Expert
Rhand Leal May 26, 2021

Unfortunately, we do not have this specific mapping available.

However, you can combine the information provided in ISO 13485 Annex B (which maps ISO 13485:2016 clauses to ISO 9001:2015 clauses) with the information provided in this free downloadable material to have a link between ISO 13485 and ISO 27001:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 27, 2019

May 26, 2021