Answer: Roughly speaking, ISO 27001 implementation steps can be resumed in: 1) getting management buy-in for the project; 2) defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational context and requirements of interested parties; 3) development of risk assessment and treatment methodology; 4) perform risk assessment and define risk treatment plan; 5) controls implementation (e.g., policies and procedures documentation, acquisitions, etc.); 6) people training and awareness; 7) controls operation; 8) performance monitoring and measurement; 9) perform internal audit; 10) perform management critical review; and 11) address nonconformities, corrective actions and opportunities for improvement.
This article will provide you further explanation about ISMS implementation:
- ISO 27001 implementation checklist advisera.com/27001academy/knowledgebase/iso-27001-implementation-check list/
Regarding integration with ISO 9001 QMS, after releasing of Annex SL and new versions of ISO 9001:2015 and ISO 27001:2015, integrating both standards became a much easier task. Since your question refers to ISO 9001:2008 I suggest you first consider a gap analysis between ISO 9001:2008 and ISO 9001:2015. This way you ensure your QMS will be ready when the transition period is over (this will happen on September 2018), and your QMS will be prepared with most of clauses also required by ISO 27001, like documented information control, internal audit and nonconformities and corrective actions treatment