Integrating your management systems
A ‘management system’ in the context of ISO standards does not necessarily refer to a technological system, but refers to all the things that are needed to manage and govern an organization’s activities. Every organization has a management system that is used to guide and control the work it carries out, whether it is a formal management system or simply an informal set of activities, measurements, and guidelines.
Standards and frameworks provide best-practice guidelines for the design, implementation, and audit of a management system.
Discover our full range of standards today >>
Why integrate your management systems?
As companies discover the benefits of implementing more than one management system standard, complexities related to conflicting objectives and duplication of content may arise.
An integrated management system helps to avoid duplication, reduce overall risks, expose conflicting objectives, create a formalised system out of informal processes, and enables the organisation to focus on achieving its objectives.
An integrated management system (IMS) combines all related components of a business into one system for easier management.
Integrating your management systems enables your organization to be audited to more than one standard at the same time, which means you save time, effort, resources, and reduce costs.
Building and establishing an integrated management system provides organizations with:
- A common approach to compare risks that occur within different organizational divisions
- Regulation management applicable to your organizational and departmental needs
- Necessary training, support, and awareness programs that match the needs of employees and departments
Integrating ISO 27001 into your management system
Quality, environmental, and safety management systems were traditionally combined and managed as an integrated management system (IMS). With data protection and information security becoming an increasingly important global concern, the international information security standard, ISO/IEC 27001:2013, has become a crucial standard for organizations wishing to demonstrate their commitment to data security.
If your organization is already certified to ISO 9001, ISO 22301 or ISO 14001, then achieving ISO 27001 certification is a logical, easy and straightforward step. It also enables you to tighten your defences against the ongoing threat posed by information security risks.
Challenges associated with integration
Companies intending to certify to multiple standards must ensure that the single management system provides evidence that it meets the requirements of each standard. There may be numerous conflicting requirements and differences in terminology across multiple management standards, making integration difficult.
Annex SL and what it means for integrated management systems
Annex SL sets out the high-level structure and common terms and definitions for ISO technical committees (TCs) – standard-drafting committees – to use in management system standards.
One of the benefits of Annex SL is that it makes it simpler to run multiple management systems simultaneously. Historically, management system specifications such as ISO 9001, ISO 14001 and ISO 27001 had common elements, but their conflicting structures made it challenging for organizations to address them all in a single integrated management system.
Annex SL sets out ten section headings for the high-level structure, identical core text for sub-clauses and requirement text, and a number of common terms and core definitions. In future, all ISO management system standards should enjoy a greater consistency and compatibility. Annex SL has already informed the development of ISO 23001:2012, ISO 27001:2013, ISO 55001:2014, ISO 9001:2015 and ISO 14001:2015.
Find out about our ISO 27001, ISO 9001, ISO 22301 or ISO 14001, resources and solutions.
Integration resources
ITGP documentation toolkits for integrated management systems
IT Governance’s integrated management system toolkits will enable you to build on your IMS as your organization expands and develops its functions, tackling your IMS either as one project or in phases.
The toolkits have been designed to reduce the workload involved in producing multiple documented procedures and processes in the areas of quality, environmental, and information security management.
Current Annex SL-aligned ITGP toolkits: