SPECIALISTS IN INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)  

 

Integrated management systems

You already have a certified management system such as ISO 9001, but rather than develop a separate ISMS capability you would like to integrate it with your existing management system. Alternatively, perhaps you already have several separate management systems and would like to integrate them, or wish to develop an integrated management system capability from scratch.
 

Your response - ask Gamma to help you build an integrated management system

Gamma can help you integrate your ISMS with other management systems that you might already have, such as ISO 9001 and ISO 22301. Integration is possible because there are many requirements that are common to all management system standards, and we know what they are. Having an integrated management system equates to greater efficiency and cost savings, for example because:

  • A single management process, such as internal audit or management review can meet the requirements of several standards, so rather than have multiple similar processes, one for each standard, a single process will suffice.
  • Certification auditors can assess conformity to such common management system requirements at the same time. Thus a combined 9001/27001 audit would perhaps start by first looking at all the common management system requirements, then the quality specific requirements and finally the information security specific requirements. If the audit was not combined, then your management system processes would be audited twice, once for each standard and perhaps by different auditors. That will take up more of your time and cost more.

If you wish to develop an integrated management system capability from scratch, we would be starting afresh using a very similar approach to that we would follow for building just an ISMS. The difference is simply that we would be working to the requirements of two or more management system standards, rather than just one.

Alternatively one or more of the management systems that you wish to integrate may already exist in your organisation and, of course, you may wish to add a new one. In this case we would start by conducting a study of your existing and proposed systems, to determine:

  • Your options for achieving integration
  • Our recommendations
  • Proposed plan (or plans) for performing the integration.

At the very least we would expect the scope of integration to include the specification of common management system processes across your organisation using a common repository and technology for documented information. However, there may also be scope for further integration, for example the overall management of the integrated system.

We would include as part of our plan, negotiation with your chosen certification body in order to ensure that you benefit from having combined audits.

Once we have an agreed plan, the final step would be to assist you to implement it.

Your next move

... simply email us, or telephone +44(0)1276 702 505. Why not do it now!