Knowing ISO 27001

As I said before, I am attending a Master's degree in the area of ​​quality, environment and safety, and now in 2nd year I have to do my thesis to complete the Master. During the 1 year we approached some normatives (90001/14001/18000/22000 / NP4457) but not the 27001. By not having approached the 27001 is that I liked to do something about it. I am aware that to implement in an organization should have specific training and knowledge, which at the time I do not have it, I am thinking at this stage not to implement but to do a study in which it serves to gain knowledge about this regulation (27001). In another phase, when I finish the Master's degree, yes, I will try to take a specific training of this standard and maybe take advantage of it online, so that I can actually implement it in an organization.

In short, I would like to be able to count on your help at this stage only in giving me a light on a topic t hat I can choose and have something to research and do a study in this area (27001). Or at the same time that this study in this subject helps me to know this normative better, and then when I go to take the training is more informed of what it is.

Answer: Since your Master's degree is in the area of ​​quality, environment and safety, an interesting subject to work on may be the integration of ISO management systems. Since 2012, all ISO management systems are being published with the same general structure, which provides better and easier conditions for implementation. ISO 9001 and ISO 14001 new versions already have the same structure. ISO 45001 (based on OHSAS 18001) and ISO 22000 are under review. With this approach you can not only research about ISO 27001 itself but also how integrate it with other standards. Normally we see management systems merging ISO 9001, ISO 14001 and OHSAS 18001, and you can research in which cases also integrating ISO 27001 is worthy.

This article will provide you further explanation about integrating management systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/

These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Good morning, first of all, thank you for your feedback. It is very important the support of those who know the area well. Please see if I saw your analysis and suggestion, the idea is to do a study in which this see cases where it is possible to integrate the 27001? The idea that came to me initially was to make the study that I carry out in a certain way publicize and inform the importance of this 27001. This is because in Portugal there are very few companies that implement this regulation, I have an idea that only about 26 companies.

Considering also the specification you provided:

>"In their first response to the forum they suggested:
>This article will provide further explanations on the integration of management systems:
> - How to implement integrated management systems / ... / -
>But I can not open this article. On the other hand in the suggestion they gave I did not realize if the idea of ​​the study is to analyze which organizations is it possible to integrate the 27001?

>My specific question was to ask for help in the sense that with your broad vision to see a topic that I could take advantage of to do a study and thus be able to make my thesis, here what I wanted to take advantage of is a theme that helps make you see The added value that is the implementation of this regulation 27001 since here in Portugal are very few organizations that have implemented. This article / study is to serve as ramp for which companies have given in bulk."

First of all. I'm sorry about the problem with the link. Here is the correct link:
- How to implement integrated management systems https://advisera.com/ 7001academy/blog/2015/10/05/how-to-implement-integrated-management-systems/

About your question: the point is not to analyse in which organizations it is possible to integrate the 27001 (the standard is designed to be applicable to organizations of any kind or size), but why, so you can evidence the added value ISO 27001 implementation can bring to an organization (what I think is your main interest in your thesis).

Why would an organization implement an standard if it is not mandatory? The general benefits are:
- Obtain a competitive edge
- Improve internal organization
- Reduce losses due to incidents
- Assure compliance with legal requirements

Considering each of these benefits, you could develop a thesis identifying specific points related to a specific organization or industry.

For more information about ISO 27001 benefits, please see: Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/