Integrating your management systems
Save costs, time and resources with an integrated management system
Organizations certified to an ISO standard are expected to implement and maintain a management system that not only meets the requirements of the standard involved, but also improves business processes.
A "management system" in the context of ISO standards does not necessarily refer to a technological system, but refers to all the things that are needed to manage and govern an organization’s activities. Every organisation has a management system that is used to guide and control the work it carries out, whether it is a formal management system or simply an informal set of activities, measurements and guidelines.
Standards and frameworks provide best-practice guidelines for the design, implementation and audit of a management system.
Why integrate your management systems?
As companies discover the benefits of implementing more than one management system standard, complexities related to conflicting objectives and duplication of content may arise.
An integrated management system helps to avoid duplication, reduce overall risks, expose conflicting objectives, create a formalized system out of informal processes, and enables the organisation to focus on achieving its objectives.
An integrated management system (IMS) combines all related components of a business into one system for easier management.
Integrating your management systems enables your organisation to be audited to more than one standard at the same time, which means you save costs, resources, time and effort.
Building and establishing an integrated management system provides organizations with:
A common approach to compare risks that occur within different organizational divisions
Regulation management applicable to your organizational and departmental needs
Necessary training, support and awareness programs that match the needs of employees and departments
Integrating ISO 27001 into your management system
Quality, environmental and safety management systems were traditionally combined and managed as an integrated IMS. With data protection and information security becoming an increasingly important global concern, the international information security standard, ISO/IEC 27001:2013, has become a crucial standard for organisations wishing to demonstrate their commitment to data security.
If your organization is already certified to ISO 9001, ISO 22301 or ISO 14001, then achieving certification to ISO 27001 is a logical, easy and straightforward step. It also enables you to tighten your defences against the ongoing threat posed by information security risks.
Challenges associated with integration
Companies intending to certify to multiple standards must ensure that the single management system provides evidence that it meets the requirements of each standard. There may be numerous conflicting requirements and differences in terminology across multiple management standards, making integration difficult.
Annex SL and what it means for integrated management systems
Annex SL sets out the high-level structure and common terms and definitions for ISO technical committees (TCs) – standard-drafting committees – to use in management system standards.
One of the benefits of Annex SL is that it makes it simpler to run multiple management systems simultaneously. Historically, management system specifications such as ISO 9001, ISO 14001 and ISO 27001 had common elements, but their conflicting structures made it challenging for organizations to address them all in a single integrated management system.
Annex SL sets out ten section headings for the high-level structure, identical core text for sub-clauses and requirement text, and a number of common terms and core definitions. In future, all ISO management system standards should enjoy a greater consistency and compatibility. Annex SL has already informed the development of ISO 23001:2012, ISO 27001:2013 and ISO 55001:2014, and will be incorporated into the impending ISO 9001:2015 and ISO 14001:2015.
Find out about our ISO 27001, ISO 9001, ISO 22301 and ISO 14001 resources and solutions.
Documentation toolkits for integrated management systems
IT Governance’s integrated management system toolkits will enable you to build on your IMS as your organisation expands and develops its functions, tackling your IMS either as one project or in phases.
The toolkits have been designed to reduce the workload involved in producing multiple documented procedures and processes in the areas of quality, environmental and information security management.
The document templates included in our range of IMS toolkits work using a certified macro that automatically populates key elements of the templates, saving you time that would be spent manually inputting various sections of the templates (such as organisational details, documentation classifications, etc.).
ISO 27001 Add-on for ISO 9001
Integrate your ISO 9001 management system with ISO 27001, save time and costs, and be cyber secure. Using our proven FastTrack™ approach, IT Governance will help you prepare for ISO 27001 certification in as little as three months. Find out more >>