Assign topic to the user
asan addition If we already had ISO 9001:2008 and ISO 27001:2005 can we combine between quality policy and information security in a single document ?
Hi Gokhan,
Although ISO 9001 and ISO 27001 are very compatible, I wouldn't add information security elements in your Quality Policy.
These documents you can use for both standards, you don't have to write them twice:
Document control procedure
Internal audit procedure
Procedure for corrective action
Procedure for preventive action (although this is not required in ISO 27001 2013 revision)
In documents which you use for both QMS and ISMS, you should mention the reference to both ISO 9001 and ISO 27001.
By the way, you can also see this webinar for detailed explanation: ISO 27001 implementation: How to make it easier using ISO 9001
Comment as guest or Sign in
Jan 12, 2016