There are currently, 17 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
Select Interface Language:
ISO 17799 Resources
There are now quite a few BS7799, ISO27001 and ISO 17799 portals on the web offering commercial tools & products. Possibly the most complete is ISO 17799 and ISO 27001 Central.
Call for Papers
We are shortly to launch a content section for papers and articles on ISO 17799 implementation, BS7799, AS4444, ISO 27001, UNE71502, and information security generally. If you have produced a paper and would like us to publish it, please contact us via the feedback form above.
ISO 27001, ISO 27002 & ISO17799 User Group: Forums
17799.Com :: View topic - ISO27001 and ISO9001 Integration
Joined: Apr 27, 2006 Posts: 1 Location: London, UK
Posted: Thu Apr 27, 2006 11:02 pm Post subject: ISO27001 and ISO9001 Integration
Does anyone have any experience of integrating a Quality Management System (QMS) and an Information Security Management System (ISMS)?
We have a QMS accredited to 9001 and are developing an ISMS, which will hopefully get accredited to 27001 in due course. We are unsure what the best course of action is: keep going with the ISMS, get it accredited and then try and link the two systems later on or start linking them now?
Prior to going for ISO27001 we too had ISO9001 and 14001 and I decided the best course of action was to develop an Integrated system consisting of all three.
Its a lot of work, but I found that a lot of the issues could be merged together such as review meetings, audits, training topics, incident management, document control and an overall document register.
Also, just little things like to do lists and review dates etc were a lot easier to manage this way.
The only real problem, is like me, you'll be pushed to find an auditor or assessor who can do all three standards, but if you have a clear system that shouldn't be a problem for an auditor to navigate through your ISMS.
There is mapping table at the end of ISO 27001 standard, for both ISO 9001 and 14001.
If you already have ISO 9001, you can easily use the same boundaries of ISMS as where you implemented ISO 9001 (that's also recommended by ISO 27001), you can use existing document and records control procedures, internal audit procedures, forms of documents, monitoring and measurement procedures, corrective and preventive actions...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum