Expert Advice Community

Guest

Certification for both 9001 and 27001

  Quote
Guest
Guest user Created:   Sep 07, 2023 Last commented:   Sep 07, 2023

Certification for both 9001 and 27001

I actually have one question /clarification based one what I read which confirms that it is possible to get certified for both 9001 and 27001 at the same time. I would like to get clarification on how both projects would be done concurrently and/or together. What are the common activities / interview meetings / deliverables?  Can a department interview approach be taken? Is the risk assessment and treatment plan common to both standards or only specific to 27001? How does the certification audit work in this case? What does it take to undertake both projects at the same time ( in terms of additional time and resources)? Do you recommend to work on both 9001 and 27001 certification at the same time?

0 0

Assign topic to the user

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 07, 2023

1- What are the common activities / interview meetings / deliverables?

After getting support for your project (through approval of the ISMS-QMS project plan) and approval of the Procedure for Document and Record Control, these are the common steps and deliverables:

    1) defining ISMS-QMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational context and requirements of interested parties;

    2) performing people training and awareness;

    3) performance monitoring and measurement;

    4) performing internal audit;

    5) performing management critical review; and

    6) addressing nonconformities, corrective actions, and opportunities for improvement.

The definition and execution of the information security risk management process are specific to ISO 27001, while the planning and realization of products and services are specific to ISO 9001.

For further information, see how to implement integrated management systems.

2 - Can a department interview approach be taken?

I'm assuming your question refers to the standard's implementation.

Considering that, a department interview approach is possible, but you need to remember the ISO management standards are process-based, so in a department interview it will be easier for the project to also consider the processes performed by the department.

3 - Is the risk assessment and treatment plan common to both standards or only specific to 27001?

Please note that risk assessment for each standard has different purposes and different assessment criteria, so at the moment we do not see a practical way to combine risk assessment according to ISO 27001 and ISO 9001 in a single plan. It is better to do a separate risk assessment for ISMS and for QMS.

4 - How does the certification audit work in this case?

In this case, you need to contact your certification body to explain you wish to go for an integrated certification audit. The details on how this certification audit will be performed need to be aligned with the certification body.

5 - What does it take to undertake both projects at the same time ( in terms of additional time and resources)?

Since these standards have some requirements in common, you can save approximately 30% of time and resources during the implementation.

6 - Do you recommend to work on both 9001 and 27001 certification at the same time?

Implementing both standards at the same time is recommended when you have:

  • a customer demand or legal requirements to fulfill
  • additional resources to allocate in the implementation

If these are not you case, you can think about implementing one standard think the common requirements for both standards, and when you have more resources you may start implementing the remaining requirements.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 06, 2023

Sep 06, 2023

Suggested Topics

Guest user Created:   Feb 15, 2023 ISO 27001 & 22301
Replies: 1
0 0

Request for Guidance

Guest user Created:   Jun 07, 2022 ISO 27001 & 22301
Replies: 1
0 0

Questions about Conformio

Guest user Created:   May 08, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 expert question