Integrating your management systems
A ‘management system’ in the context of ISO standards does not necessarily refer to a technological system. Instead, it encompasses all the things needed to manage and govern an organisation’s activities.
Every organisation has a management system that guides and controls the work it carries out, whether it is a formal management system or simply an informal set of activities, measurements, and guidelines.
Standards and frameworks provide best-practice guidelines for designing, implementing, and auditing a management system.
Discover our full range of standards today
Why integrate your management systems?
As companies discover the benefits of implementing more than one management system standard, complexities related to conflicting objectives and duplication of content may arise.
An integrated management system helps avoid duplication, reduce overall risks, expose conflicting objectives, create a formalised system out of informal processes, and enable the organisation to focus on achieving its goals.
An integrated management system (IMS) combines all related business components into one system for easier management.
Integrating your management systems enables your organisation to be audited to more than one standard simultaneously, which means you save time, effort and resources and reduce costs.
Building and establishing an integrated management system provides organisations with:
- A common approach to compare risks that occur within different organisational divisions;
- Regulation management applicable to your organisational and departmental needs; and
- Necessary training, support and awareness programmes that match the needs of employees and departments.
Integrating ISO 27001 into your management system
Quality, environmental and safety management systems were traditionally combined and managed as an integrated management system (IMS). With data protection and information security becoming an increasingly important global concern, the international information security standard, ISO/IEC 27001:2013, has become crucial for organisations wishing to demonstrate their commitment to data security.
If your organisation is already certified to ISO 9001, ISO 22301 or ISO 14001, achieving certification to ISO 27001 is a logical, straightforward step. It also enables you to tighten your defences against the ongoing threat posed by information security risks.
Challenges associated with integration
Companies intending to certify to multiple standards must ensure that the single management system provides evidence that it meets the requirements of each standard.
There may be numerous conflicting requirements and differences in terminology across multiple management standards, making integration difficult.
Annex SL and what it means for integrated management systems
Annex SL sets out the high-level structure and common terms and definitions for ISO technical committees (TCs) – standard-drafting committees – for management system standards.
One of the benefits of Annex SL is that it makes it simpler to run multiple management systems simultaneously. Historically, management system specifications such as ISO 9001, ISO 14001 and ISO 27001 had common elements.
Still, their conflicting structures made it challenging for organisations to address them all in a single integrated management system.
Annex SL lists ten section headings for the high-level structure, identical core text for sub-clauses and requirement text, and some common terms and core definitions.
In future, all ISO management system standards should enjoy greater consistency and compatibility.
Annex SL has already informed the development of ISO 23001:2012, ISO 27001:2013, ISO 55001:2014, ISO 9001:2015 and ISO 14001:2015.
Find out about our ISO 27001, ISO 9001, ISO 22301 and ISO 14001 resources and solutions.
Integration resources
ITGP documentation toolkits for integrated management systems
IT Governance’s integrated management system toolkits will enable you to build on your IMS as your organisation expands and develops its functions, tackling your IMS either as one project or in phases.
The toolkits have been designed to reduce the workload involved in producing multiple documented procedures and processes in quality, environmental and information security management.
Current Annex SL-aligned ITGP documentation toolkits: