Expert Advice Community

Home / ISO 27001 & 22301 / Combining Quality Policy and Information Security Policy

Guest

Combining Quality Policy and Information Security Policy

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   May 26, 2016 Last commented:   May 26, 2016

Combining Quality Policy and Information Security Policy

ISO 27001 & 22301
What is the best practice, maintaining a separate Quality and Information Security Policy, or combining them for a company with both management systems?
0 0

Assign topic to the user

ISO 27001 INFORMATION SECURITY POLICY

Define the main rules for information security management.

ISO 27001 INFORMATION SECURITY POLICY

Define the main rules for information security management.
Expert
Dejan Kosutic May 26, 2016

Answer: Both ISO 27001 and ISO 9001 allow you to merge these policies into a single document, however I wouldn't recommend that. These policies have a different purpose and a different focus, so I don't think it would be a good idea to merge them.

On the other hand, you should combine many other documents between your ISMS and QMS - see this article: Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 26, 2016

May 26, 2016

Suggested Topics
Igor Created:   Mar 17, 2025 ISO 27001 & 22301
Replies: 0
0 0

Secure Development policy
Igor Created:   Dec 10, 2024 ISO 27001 & 22301
Replies: 0
0 0

Access Control Policy - Managing Records
Igor Created:   Dec 09, 2024 ISO 27001 & 22301
Replies: 0
0 0

Access Control Policy - Map Job titles to User Profiles