Expert Advice Community

Guest

Integrating ISO 9001 and ISO 27001

  Quote
Guest
Guest user Created:   Dec 30, 2016 Last commented:   Dec 30, 2016

Integrating ISO 9001 and ISO 27001

Hi
0 0

Assign topic to the user

ISO 9001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 9001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Strahinja Stojanovic Dec 30, 2016

I have few clarifications.
1.We are implementing QMS as well as ISMS .
Can we have a common document for Document_and_Record_Control taking care of QMS/ISMS requirements.
If you have a combined format can you please share.
Also any other Common procedures of ISMS used by QMS ?

You can merge the Procedure for Document and Record Control for ISO 9001 and ISO 27001 into one, especially because the requirements are practically the same. Beside this procedure, you can also merge Procedure for Human Resources, Procedure for Management of Nonconformities and Corrective Action, Procedure For Internal Audit and Procedure for Management Review. Unfortunately, we currently do not have Integrated Documentation Toolkit for ISO 9001 and ISO 27001 so we do not have combined procedure. Here is one whitepaper that can be useful for mapping common requirements of ISO 9001 and ISO 27001, it refers to ISO 9001:2008 but you will get an idea:
- ISO 9001 vs. ISO 27001 matrix https://info.advisera.com/9001academy/free-download/iso-9001-vs-iso-27001-matrix/

2. Second clarification is on Risk management. In the templates , Procedure_for_Addressing_Risks_and_Opportunities is about performing risk analysis for QMS level or enterprise level risk management . How to modify to cover for project management risk . Is it like project managers/QA manager use same risk methodology . And critical risk from projects gets highlighted to QA Manager and get listed in enterprise level risks? Please suggest

You can use the procedure for assessing project management risks, basically, instead of writing risks regarding context of the organization, you will assess risks for the project but those risks and not a part of the risks related to the context of the organization but for individual projects.

3) Do you have a Change control procedure in the template for 9001 ? I couldn't find one in template

We do not have such procedure because ti is not mandatory, all information about the changes are stated in the Quality Manual. Here is one article about the integration of ISO 9001 and ISO 27001, that can be helpful to you:
- How to integrate ISO 9001 and ISO 27001 https://advisera.com/9001academy/blog/2016/09/27/how-to-integrate-iso-9001-and-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 29, 2016

Dec 29, 2016