Implementing ISO 9001 and ISO 27001
Assign topic to the user
Answer: You do not need to create separated documents to comply with ISO 27001 if you already have documents that cover similar requirements for ISO 9001 (e.g., control of documents, internal audit, management review, etc.), but you have to take care to adjust them to cover ISO 27001 requirements and your need for information security, and not simply write that the ISO 9001 documents also refer to the Companies ISO 27001 (e.g., in an hypothetical situation, if your internal audit for ISO 9001 is annual, but for any reason the ISO 27001 internal audit is semi-annual, then this difference should be adjusted in your internal audit procedure).
These articles will provide you further explanation about implementing management systems:
- How to impl ement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
These materials will also help you regarding ISO 27001 implementation:
- ISO 27001 implementation: How to make it easier using ISO 9001 [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 01, 2018