Integrated installing ISO 9000 and ISO 27000 management systems on an organization

Abstract

In response to the diversification and the rapid evolution of business environment, it is a rising tendency that organization needs to adopt some relevant management systems in order to continuously reinforce its information management mechanisms. Meanwhile, the arrangement for introducing any new management system needs to comply with a series of regulatory procedures and standards. In order to exert and maintain multiple management systems in an efficient as well as better quality way, their common/similar management functionalities should be integrated and modularized. For instance, consider the internal control systems of both ISO 9001 Quality Management and ISO 27001 Information Security Management in terms of their documents and records control, correction and prevention, internal audit, management review, and the cyclic management of Plan-Do-Check-Act (PDCA). How to achieve an effective integration and modularization, with an organization's current resources is an important task for the organization in order to carry out its management improvement This research centers on comparison as well as integration of the internal control systems of both ISO 9001 Quality Management and ISO 27001 Information Security Management. We explore the commonality of these two management systems and then proceed to integrate them into an effective management model. We anticipate that such management integration model will benefit the intended management of an organization very efficiently. We adopt an exploratory hypothesis research method to proceed toward our research goal. Then we present our research result with a case study on a private enterprise whose information process center is located across the country. This integration work is still in progress and intends to implement the PDCA cyclic management mechanism for integrated ISO management systems.