Expert Advice Community

Guest

Links between 14001, 27001 and 45001

  Quote
Guest
Guest user Created:   Sep 22, 2022 Last commented:   Sep 23, 2022

Links between 14001, 27001 and 45001

The real question is are there natural linkages between 14001, 27001 and 45001 that can be built upon in developing the operating systems environment that you want to achieve, and satisfy the requirements of the three in the process. This is what we need to ensure that we're asking the best questions and tasking the people in the right direction. We look forward, not at lagging indicators, but at guiding science.

0 0

Assign topic to the user

ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 22, 2022

Please note that ISO 14001, 27001, and 45001 share many similar requirements (e.g., document control, internal audit, management review, etc.) and require the adoption of a risk management approach to manage environmental risks (ISO 14001), information security risks (ISO 27001), and occupational health and safety risks (ISO 45001), so these common requirements and the need for a risk management approach (which can be fulfilled by adopting practices form the ISO 31000 standard, which defines requirements for risk management) can be considered natural links between these standards.

These articles will provide you with further explanation about these standards:

Quote
0 0
Guest
G.Stuart McKibbin Sep 22, 2022

So why not push 31000 as the basis of growth to building the program and dealing with the issues as they are recognized within the organization.  IT may not even be considered a risk until you examine it through an assessment process,but legal requirements may vary greatly on safety and environmental and necessitate the adoption of 14000 and 45000 to demonstrate compliance with the legislation. 

Quote
0 0
Expert
Rhand Leal Sep 23, 2022

Please note that ISO 31000 is only one of many available approaches for risk management an organization can adopt (other examples are NIST RMF, German BSI, USA OCTAVE-S, etc.), according to their specific business needs, and promoting a single approach over others is not an objective of ISO.

If an organization has implemented a systematic risk management approach that works for its context and is aligned with applicable legal requirements, then it is enough to be compliant with ISO management standards.

Please also note that, in general, legal requirements that demand the implementation of an ISO standard are not specific to mandatory risk management approaches.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 22, 2022

Sep 23, 2022

Suggested Topics

Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 1

ISO 27001 Internal Audits