How to make Implementation of ISO 27001 easier by using ISO 9001
Many companies that have implemented ISO 9001 look towards ISO 27001 implementation without knowing they can actually reduce the implementation time by 30%ISO 27001 and ISO 9001 may seem like quite different standards, but when you take a closer look at both, you can find a lot of similarities. They have the same Plan-Do-Check-Act (PDCA) cycle, four mandatory procedures are the same (Internal audit, Document control, Corrective action and Preventive Action), the role of management is very similar etc
· applies to the processes that create and control the products and services an organisation supplies
· prescribes systematic control of activities to ensure that the needs and expectations of customers are met
· is designed and intended to apply to virtually any product or service, made by any process anywhere in the world
· Identify the requirements of ISO 9001 and how they apply to the business involved.
· Establish quality objectives and how they fit in to the operation of the business.
· Produce a documented quality policy indicating how these requirements are satisfied.
· Communicate them throughout the organisation.
· Evaluate the quality policy, its stated objectives and then prioritise requirements to ensure they are met.
· Identify the boundaries of the management system and produce documented procedures as required.
· Ensure these procedures are suitable and adhered to.
· Once developed, internal audits are needed to ensure the system carries on working.
ISO 27001specifies the management of Information Security. Applicable to all sectors of industry and commerce, it is not confined just to information held on electronic systems, but addresses the security of information in whatever form it is held.
· Customers, employees, trading partners and stakeholders are comforted in the knowledge that your management information and systems are secure.
· Demonstrates credibility and trust.
· Cost savings - even a single information security breach can involve significant expense.
· Establishes that relevant laws and regulations are being adhered to.
· Shows that a commitment to Information Security exists at all levels throughout an organization
· Confidentiality - ensuring that access to information is appropriately authorized
· Integrity - safeguarding the accuracy and completeness of information and processing methods
· Availability - ensuring that authorized users have access to information when they need it Security policy
· Organizational security
· Asset classification and control
· Personnel security
· Physical and environmental security
· Communications and operations management
· Access control
· System development and maintenance
· Business continuity management
By implementing a management system within a legislative and regulatory framework such as ISO 9001, organizations can demonstrate compliance and reduce exposure to risk. In addition, by extending an existing quality management system (QMS) to encompass the requirements of an Information security management system (ISMS), organizations can enhance their compliance and achieve improvement throughout the organization. Extending an existing quality management system (QMS) to encompass the requirements of an Information security management system (ISMS) enables organizations to comply with an increasing Number of legal and regulatory requirements and enables the adoption of an integrated approach to Compliance management