The Pros and Cons of integrated management systems
When a company wants to introduce a management system, they usually begin their journey by learning more about the different ISO standards that exist. Eventually they do consider to go for 1 to 3 different standards. Here, the thought of combining these different standards inside one management system would suggest being a time saver. unfortuantely, this is not quite the case. Thisis why in this article we will explain in more detail the advantages and disadvantages of integrated management systems.
An integrated management system is a set of documents handling topics from 2 different standards. It also possible to combine a standard with a regulatory standard, such as combining ISO 27001 with GDPR. Hence, documents will contain references to ISO 27001 and to GDPR. Some documents are not relevant to GDPR so that the particular document will only refer to ISO27001.
In the following part of this article we will look at the advantages and the disadvantages. This will then be broken down further by some combinations of different standards.
Advantages of integrated management systems
The key advanage of an integrated Management System is that you can handle closely related standards inside one system. This way, you can get both standards audited at the same time. As previously mentioned, you can combine 3 standards such as ISO 9001 (Quality Management), ISO 14001 (Environmental Protection) and ISO 45001 (Work Safety). These are traditionally a set of standards that integrate with each other very well. They are a lot of work forthe organisation as one has to handle 3 different objectives at the same time, but once you are through with them, you are way ahead of your competitors. Less than 10% of your direct competitors will have such proven management systems in place. This reduces your insurance costs, increases the positive ESG rating and makes you a valuable supplier for big clients.
Combining ISO 27001 and GDPR is a good choice
A company wanting to be compliante with european data pricay legislation (GDPR) and working on manifesting information security is well adviced to go for an integrated management system. Do not confuse the GDPR management System with ISO 27701 (PIMS) which refers to personal / private data handling. ISO Standards are not fully geared at national legistations and laws as an international standard can never match all the different legal rules in all countries of the world. Hence, if you implement an integrated management System for ISO 27001 and GDPR you can gain an ISO 27001 certificate and a GDPR compliance certificate.
Disadvantages of integrated management systems
When it comes to the disadvantages of integrated management systems, you need to realize that some choices of standards can get you in hot waters. Some standards do not combine with each other very well. Furthermore, you might have to wait longer for an audit appointment with a certification body, as the audit team has to be competent on both standards and on integrated management systems. It takes at least 1 -2 years for a new auditor to get appointed by a certification body as the requirements are very complex and experience is a critical part of an auditors competency.
Combining ISO 9001 and ISO 27001 is a bit too far a bridge to build
We do not recommend trying to integrate ISO 9001 with ISO 27001 as their objectives are very distant from each other. Thereby, you would putting unnecessary burdon on your organisation from an organizational, financial and technical aspect. In such a case of desiring an ISO 9001 certificate and an ISO 27001 certificate, you are better off creating 2 separate management systems. ISO 9001 quality management systems can be audited much faster as there is a greater number of auditors available to certification bodies that is the case for ISO 27001 lead auditors.