Integrating ISO 27001 and ISO 9001
What are the steps that We should follow on integrating the same
Assign topic to the user
All ISO management systems published after 2012 have the same general structure, and this make integrating them a lot easier. In the integration process you should consider two phases:
1 – Integration of the common parts of ISO management systems, e.g., control of documents, internal audit, training, management review, etc. These have basically all the same requirements, requiring only minor adjustments to refer to all systems covered
2 – Integration of the specific parts of each system (basically sections 6 and 8 of each standard). Regarding ISO 27001, this means including in the organizational process the activities related to information security risk assessment and treatment processes.
This article will provide you further explanation about integrating ISO management systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
These materials will also help you regarding integrating ISO management systems:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free webinar – ISO 27001 implementation: How to make it easier using ISO 9001 https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/
Comment as guest or Sign in
May 11, 2018