All ISO management systems published after 2012 have the same general structure, and this makes integrating them a lot easier. In the integration process you should consider two phases:
1 – Integration of the common parts of ISO management systems, e.g., control of documents, internal audit, etc. These have basically all the same requirements, requiring only minor adjustments to refer to all systems covered
2 – Integration of the specific parts of each system (basically sections 6 and 8 of each standard). Regarding ISO 27001, this means including in the organizational process the activities related to information security risk assessment and treatment processes, while for ISO 9001 this means product planning and development.
These article will provide you further explanation about integrating ISO management systems:
- How to implement integrated management systems https://advisera.com/log/2015/10/05/how-to-implement-integrated-management-systems/
- Using ISO 9001 for impl ementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
This material can also help you:
- ISO 27001 implementation: How to make it easier using ISO 9001 [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-the-certification-process-free-webinar/01-implementation-make-easier-using-iso-9001-free-webinar-demand/