Integrating ISO 27001 and ISO 9001
Now my organization has 9001 but want to implement 27001 how would the integration look like or do you need to have a separate quality manual
Assign topic to the user
First is important to note that ISO 27001 does not require an "information security manual", so in this specific case, you do not need a separate document.
Considering that, ISO 9001 and ISO 27001 share many similar requirements that allow the use of a single document for both systems (e.g., document control procedure, internal audit, etc.). Other required documents defined specifically for each standard, such as security policies and quality plans, can be kept separated without risks to create inconsistencies.
These articles will provide you further explanation about integrating management systems:
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/
To see how ISO 27001 documents look like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
This course can also be of help:
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 14, 2020