ISO 27001, ISO 20000, ISO 9001 question
1. Is there a possibility to integrate ISO 9001 with 20000 or this is not recommendable? If this is not recommendable, how will the usage of the three management systems according to the three standards (9001, 20000, 27001) be facilitated?
2. What outcomes could be expected within the certification process provided that we have developed the systems in compliance with the applicable standards:
a. One integrated management system?
b. Separate systems for each of the three standards?
c. One system for 27001 and one system integrating 9001 and 20000, each of them with different scope?
Assign topic to the user
1. Is there a possibility to integrate ISO 9001 with 20000 or this is not recommendable? If this is not recommendable, how will the usage of the three management systems according to the three standards (9001, 20000, 27001) be facilitated?
ISO 27001, ISO 20000, and ISO 9001 share some common requirements that can be fulfilled by the same documents with minor adjustments (this makes integration highly recommendable), like document control procedure, internal audit, and management review. For requirements specific to each standard, you will need to develop specific documents.
There is no specific procedure for such integration, but broadly speaking you can follow the steps to implement ISO 27001 and use the following material to identify when common requirements can be integrated:
- ISO 27001 vs. ISO 9001 matrix (PDF) https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix
- ISO 27001 vs. ISO 20000 matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix
For further information, see:
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
- How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/
- How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/
2. What outcomes could be expected within the certification process provided that we have developed the systems in compliance with the applicable standards:
a. One integrated management system?
b. Separate systems for each of the three standards?
c. One system for 27001 and one system integrating 9001 and 20000, each of them with different scope?
Please note that this answer will depend on your chosen certification body because some of them are able to perform integrated systems certification audits.
Considering that, you need to contact your chosen certification body so you can clarify this information with them.
This article will provide you a further explanation about certification audit:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
These materials will also help you regarding certification audit:
- Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
Comment as guest or Sign in
Mar 24, 2021