A ‘management system’ in the context of ISO standards does not necessarily refer to a technological system, but refers to all the things that are needed to manage and govern an organisation’s activities. Every organisation has a management system that is used to guide and control the work it carries out, whether it is a formal management system or simply an informal set of activities, measurements and guidelines.
Standards and frameworks provide best-practice guidelines for the design, implementation and audit of a management system.
Why integrate your management systems?
As companies discover the benefits of implementing more than one management system standard, complexities related to conflicting objectives and duplication of content may arise.
An integrated management system helps to avoid duplication, reduce overall risks, expose conflicting objectives, create a formalised system out of informal processes, and enables the organisation to focus on achieving its objectives.
An integrated management system (IMS) combines all related components of a business into one system for easier management.
Integrating your management systems enables your organisation to be audited to more than one standard at the same time, which means you save time, effort and resources, and reduce costs.
Building and establishing an integrated management system provides organisations with:
- A common approach to compare risks that occur within different organisational divisions;
- Regulation management applicable to your organisational and departmental needs; and
- Necessary training, support and awareness programmes that match the needs of employees and departments.
Integrating ISO 27001 into your management system
Quality, environmental and safety management systems were traditionally combined and managed as an integrated management system (IMS). With data protection and information security becoming an increasingly important global concern, the international information security standard, ISO/IEC 27001:2013, has become a crucial standard for organisations wishing to demonstrate their commitment to data security.
If your organisation is already certified to ISO 9001, ISO 22301 or ISO 14001, then achieving certification to ISO 27001 is a logical, easy and straightforward step. It also enables you to tighten your defences against the ongoing threat posed by information security risks.
Challenges associated with integration
Companies intending to certify to multiple standards must ensure that the single management system provides evidence that it meets the requirements of each standard. There may be numerous conflicting requirements and differences in terminology across multiple management standards, making integration difficult.
Annex SL and what it means for integrated management systems
Annex SL sets out the high-level structure and common terms and definitions for ISO technical committees (TCs) – standard-drafting committees – to use in management system standards.
One of the benefits of Annex SL is that it makes it simpler to run multiple management systems simultaneously. Historically, management system specifications such as ISO 9001, ISO 14001 and ISO 27001 had common elements, but their conflicting structures made it challenging for organisations to address them all in a single integrated management system.
Annex SL sets out ten section headings for the high-level structure, identical core text for sub-clauses and requirement text, and a number of common terms and core definitions. In future, all ISO management system standards should enjoy a greater consistency and compatibility. Annex SL has already informed the development of ISO 23001:2012, ISO 27001:2013, ISO 55001:2014, ISO 9001:2015 and ISO 14001:2015.
Find out about our ISO 27001, ISO 9001, ISO 22301 and ISO 14001 resources and solutions.
ITGP documentation toolkits for integrated management systems
IT Governance’s integrated management system toolkits will enable you to build on your IMS as your organisation expands and develops its functions, tackling your IMS either as one project or in phases.
The toolkits have been designed to reduce the workload involved in producing multiple documented procedures and processes in the areas of quality, environmental and information security management.
Bolt-ons currently available:
Current Annex SL-aligned ITGP documentation toolkits: