ISO 22301/20000/27001 integration

ISO 27001, ISO 22301, and ISO 20000 have the same general structure, and this makes integrating them a lot easier. In the integration process you should consider two phases:

1 – Integration of the common parts of ISO management systems, e.g., control of documents, internal audit, management review, etc. These have basically all the same requirements, requiring only minor adjustments to refer to all systems covered.

2 – Implementation of elements that cannot be integrated (basically clauses 6 and 8 of each standard). Regarding ISO 27001, this means including in the organizational process the activities related to information security risk assessment and treatment processes, for ISO 22301 this means including in the organizational process the activities related to business continuity, and for ISO 20000 this means including in the organizational process the activities related to IT services management.

These articles will provide you a further explanation about integrating ISO management systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- ISO 27001 vs. ITIL: Similarities and differences https://advisera.com/27001academy/blog/2016/03/07/iso-27001-vs-itil-similarities-and-differences/
- What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/

These materials will also help you regarding integrating ISO management systems:
- How to integrate ISO 27001 and IS O 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/
- ISO 27001 & ISO 22301: Why is it better to implement them together? [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/