SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Combining Quality Policy and Information Security Policy

Guest

Combining Quality Policy and Information Security Policy

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   May 26, 2016 Last commented:   May 26, 2016

Combining Quality Policy and Information Security Policy

ISO 27001 & 22301
What is the best practice, maintaining a separate Quality and Information Security Policy, or combining them for a company with both management systems?
0 0

Assign topic to the user

ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Dejan Kosutic May 26, 2016

Answer: Both ISO 27001 and ISO 9001 allow you to merge these policies into a single document, however I wouldn't recommend that. These policies have a different purpose and a different focus, so I don't think it would be a good idea to merge them.

On the other hand, you should combine many other documents between your ISMS and QMS - see this article: Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 26, 2016

May 26, 2016

Suggested Topics
Atheer AlMartan Created:   Apr 24, 2024 ISO 27001 & 22301
Replies: 0
0 0

3.4. Handling classified information
LindaK Created:   Jan 16, 2024 ISO 27001 & 22301
Replies: 2
0 0

Choose to Not implement a security control
ISO Created:   Dec 26, 2023 ISO 27001 & 22301
Replies: 1
0 0

Information Security Goals