Integrating ISO 9001 and ISO 27001 to Enhance Regulatory Compliance
For businesses seeking to improve both Quality and Information Security, then satisfying the requirements of more than one management standard is a challenge. Increased time and effort, the duplication of effort and increased resource expenditure are only some of the consequences of segregating the management of compliance actions and activities.
This paper looks at the operational challenges faced by businesses in extending an ISO 9001-certified quality management system (QMS) to include an information security management system (ISMS) and achieve ISO 27001 certification. It also explores solutions that enable an integrated approach to managing compliance with the legal and regulatory requirements of both ISO 9001 and ISO 27001.