Guest
Combining Quality Policy and Information Security Policy
What is the best practice, maintaining a separate Quality and Information Security Policy, or combining them for a company with both management systems?
Assign topic to the user
Expert
Dejan Kosutic
May 26, 2016
Answer: Both ISO 27001 and ISO 9001 allow you to merge these policies into a single document, however I wouldn't recommend that. These policies have a different purpose and a different focus, so I don't think it would be a good idea to merge them.
On the other hand, you should combine many other documents between your ISMS and QMS - see this article: Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
Comment as guest or Sign in
May 26, 2016
May 26, 2016
May 26, 2016