Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Downloads
· FAQ
· Feedback
· Forums
· Papers
· Statistics
· Surveys
· Top 10
· Topics
· Web Links
· Your Account

Who's Online
There are currently, 17 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

ISO17799 Search



Languages
Select Interface Language:


ISO 17799 Resources
There are now quite a few BS7799, ISO27001 and ISO 17799 portals on the web offering commercial tools & products. Possibly the most complete is ISO 17799 and ISO 27001 Central.

Call for Papers
We are shortly to launch a content section for papers and articles on ISO 17799 implementation, BS7799, AS4444, ISO 27001, UNE71502, and information security generally. If you have produced a paper and would like us to publish it, please contact us via the feedback form above.

ISO 27001, ISO 27002 & ISO17799 User Group: Forums

17799.Com :: View topic - ISO27001 and ISO9001 Integration
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

ISO27001 and ISO9001 Integration

 
Post new topic   Reply to topic    17799.Com Forum Index -> Other Standards
View previous topic :: View next topic  
Author Message
Valb
Newbie
Newbie


Joined: Apr 27, 2006
Posts: 1
Location: London, UK
PostPosted: Thu Apr 27, 2006 11:02 pm    Post subject: ISO27001 and ISO9001 Integration Reply with quote
Does anyone have any experience of integrating a Quality Management System (QMS) and an Information Security Management System (ISMS)?

We have a QMS accredited to 9001 and are developing an ISMS, which will hopefully get accredited to 27001 in due course. We are unsure what the best course of action is: keep going with the ISMS, get it accredited and then try and link the two systems later on or start linking them now?

Any pointers would be gratefully received Smile

V.
Back to top
View user's profile
Gazzil
Newbie
Newbie


Joined: Jul 08, 2005
Posts: 5
PostPosted: Wed May 03, 2006 8:22 pm    Post subject: Reply with quote
Hi mate,

Prior to going for ISO27001 we too had ISO9001 and 14001 and I decided the best course of action was to develop an Integrated system consisting of all three.

Its a lot of work, but I found that a lot of the issues could be merged together such as review meetings, audits, training topics, incident management, document control and an overall document register.

Also, just little things like to do lists and review dates etc were a lot easier to manage this way.

The only real problem, is like me, you'll be pushed to find an auditor or assessor who can do all three standards, but if you have a clear system that shouldn't be a problem for an auditor to navigate through your ISMS.

Hope this helps,

Gaz
Back to top
View user's profile
cbauer
Newbie
Newbie


Joined: Jun 06, 2006
Posts: 1
PostPosted: Wed Jun 07, 2006 3:39 am    Post subject: Looking at ISO27001 Reply with quote
We also have the ISO 9001 and may look into 27001. Does anyone have any type of "mapping" for these two standards?

Thanks for any pointers!
Christine
Back to top
View user's profile
Biljana
Newbie
Newbie


Joined: Jun 23, 2005
Posts: 20
PostPosted: Fri Jun 16, 2006 5:59 pm    Post subject: Reply with quote
There is mapping table at the end of ISO 27001 standard, for both ISO 9001 and 14001.

If you already have ISO 9001, you can easily use the same boundaries of ISMS as where you implemented ISO 9001 (that's also recommended by ISO 27001), you can use existing document and records control procedures, internal audit procedures, forms of documents, monitoring and measurement procedures, corrective and preventive actions...
Back to top
View user's profile
ALB
Newbie
Newbie


Joined: Jul 26, 2006
Posts: 2
PostPosted: Thu Jul 27, 2006 5:43 am    Post subject: Reply with quote
You can also look into ISO 20000 which is the integrated management system standard.
Back to top
View user's profile
Calvin
Newbie
Newbie


Joined: Aug 30, 2005
Posts: 39
PostPosted: Tue Aug 08, 2006 4:05 am    Post subject: Reply with quote
ISO 20000 is more concerned with IT Service Management (formerly BS15000) rather then Information Security (ISO27001) or quality.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    17799.Com Forum Index -> Other Standards All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem, sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003 http://www.nukecops.com

Forums ©

 
The ISO 17799 Implementation Forum: A BS7799 / ISO27001, ISO17799 and ISO 27000 User Group
All logos and trademarks are property of their respective owner. Comments are property of their posters. The rest © 2005 ISO17799 / ISO 27002 Forum
AKA: BS 7799, SPE 20003, SS 627799, JIS X 5080, AS/NZS 4444, ISO 27001. Other links: UKAS accreditation body. SV
Website source phpnuke.org (c) 2003, and is Free Software under GNU / GPL licence. All Rights Are Reserved.