Integrating management systems

Answer:

All ISO management systems published after 2012 have the same general structure, and this makes integrating them a lot easier. In the integration process you should consider two phases:
1 – Integration of the common parts of ISO management systems, e.g., control of documents, internal audit, management review, etc. These have basically all the same requirements, requiring only minor adjustments to refer to all systems covered
2 – Integration of the specific parts of each system (basically sections 6 and 8 of each standard). Regarding ISO 27001, this means including in the organizational process the activities related to information security risk assessment and treatment processes.

Regarding the audit of integrated standards, you just need to plan the audit considering a single approach to common requirements and approaches specifics for the core of each one (e.g., a single checklist for common requirements and checklists specific for the main part of each standard).

These article will provide you further explanation about integrating ISO management systems and defining audit checklists:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

This material will also help you regarding audits:
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/