Theodora Rondozai
September 12, 2018
Implementation, maintenance, training, and knowledge products for Information Security Management Systems (ISMS) according to the ISO 27001 standard.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
All required policies, procedures, and forms to implement an ISMS according to ISO 27001.
Train your key people about ISO 27001 requirements and provide cybersecurity awareness training to all of your employees.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance and training products for critical infrastructure organizations for the European Union’s Network and Information Systems cybersecurity directive.
All required policies, procedures, and forms to comply with the NIS 2 cybersecurity directive.
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Compliance and training products for personal data protection according to the European Union’s General Data Protection Regulation.
All required policies, procedures, and forms to comply with the EU GDPR privacy regulation.
Accredited courses for individuals and privacy professionals who want the highest-quality training and certification.
Implementation, training, and knowledge products for Quality Management Systems (QMS) according to the ISO 9001 standard.
All required policies, procedures, and forms to implement a QMS according to ISO 9001.
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for Environmental Management Systems (EMS) according to the ISO 14001 standard.
All required policies, procedures, and forms to implement an EMS according to ISO 14001.
Accredited courses for individuals and environmental professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 14001 and the EMS using Advisera’s proprietary AI-powered knowledge base.
Implementation and training products for Occupational Health & Safety Management Systems (OHSMS) according to the ISO 45001 standard.
All required policies, procedures, and forms to implement an OHSMS according to ISO 45001.
Accredited courses for individuals and health & safety professionals who want the highest-quality training and certification.
Implementation and training products for medical device Quality Management Systems (QMS) according to the ISO 13485 standard.
All required policies, procedures, and forms to implement a medical device QMS according to ISO 13485.
Accredited courses for individuals and medical device professionals who want the highest-quality training and certification.
Compliance products for the European Union’s Medical Device Regulation.
All required policies, procedures, and forms to comply with the EU MDR.
Implementation products for Information Technology Service Management Systems (ITSMS) according to the ISO 20000 standard.
All required policies, procedures, and forms to implement an ITSMS according to ISO 20000.
Implementation products for Business Continuity Management Systems (BCMS) according to the ISO 22301 standard.
All required policies, procedures, and forms to implement a BCMS according to ISO 22301.
Implementation products for testing and calibration laboratories according to the ISO 17025 standard.
All required policies, procedures, and forms to implement ISO 17025 in a laboratory.
Implementation products for automotive Quality Management Systems (QMS) according to the IATF 16949 standard.
All required policies, procedures, and forms to implement an automotive QMS according to IATF 16949.
Implementation products for aerospace Quality Management Systems (QMS) according to the AS9100 standard.
All required policies, procedures, and forms to implement an aerospace QMS according to AS9100.
Implementation, maintenance, training, and knowledge products for consultancies.
Handle multiple ISO 27001 projects by automating repetitive tasks during ISMS implementation.
All required policies, procedures, and forms to implement various standards and regulations for your clients.
Organize company-wide cybersecurity awareness program for your client’s employees and support a successful cybersecurity program.
Accredited ISO 27001, 9001, 14001, 45001, and 13485 courses for professionals who want the highest-quality training and recognized certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Find new clients, potential partners, and collaborators and meet a community of like-minded professionals locally and globally.
Implementation, maintenance, training, and knowledge products for the IT industry.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance, training, and knowledge products for essential and important organizations.
Documentation to comply with NIS 2 (cybersecurity), GDPR (privacy), ISO 27001 (cybersecurity), and ISO 22301 (business continuity).
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for manufacturing companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for transportation & distribution companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for schools, universities, and other educational organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for telecoms.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for banks, insurance companies, and other financial organizations.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for local, regional, and national government entities.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for hospitals and other health organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), NIS 2 (critical infrastructure cybersecurity) and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the medical device industry.
Documentation to comply with MDR and ISO 13485 (medical device), ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), NIS 2 (critical infrastructure cybersecurity) and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the aerospace industry.
Documentation to comply with AS9100 (aerospace), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the automotive industry.
Documentation to comply with IATF 16949 (automotive), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for laboratories.
Documentation to comply with ISO 17025 (testing and calibration laboratories), ISO 9001 (quality), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
Is it possible to successfully integrate Quality, Environmental, and Occupational Health & Safety Management Systems? Once upon a time, there was a great gulf between the Quality department and the Safety, Health, and Environment (SHE) department, across which they barely interacted. The integration of the Environmental Management System (EMS) and the Occupational Health and Safety Management System (OH&SMS) was always viewed as feasible, because OHSAS 18001 (the predecessor of ISO 45001) was created to be compatible with ISO 14001:2004. But, ISO 9001, while acknowledged as the “mother” standard, was considered to be something else altogether.
The advent of the High-Level Structure, effective for all ISO standards published from September 2015, has changed this picture. Where each ISO technical committee (TC) previously had the relative freedom to decide on the structure of their standard, they must now abide by Annex SL, the new guideline for ISO standards writers. It dictates an identical 10-clause structure and core text shared by all new and updated standards.
Suddenly, in 2015, the ISO 9001 people and the ISO 14001 people were speaking the same language, and it no longer made sense to operate at arm’s length. In fact, it was now the OH&S lagging behind, as it took another two and a half years for ISO 45001 to be published. Now the three standards can be integrated with ease.
The obvious starting point is to define the organization’s context. This includes determining the system’s intended results / outcomes, along with the internal and external issues that will impact the achievement of these outcomes, as well as the relevant interested parties and their needs and expectations. It also includes defining the scope of the system. This can be done once for all three standards, while taking in consideration the fact that details (intended results, interested parties, etc.) will vary depending on the actual scope: for example, a QMS intended result of maintaining a consistent taste in a food product, an EMS intended outcome of meeting license specifications for effluent discharge, and the OHS intended outcome of minimizing risks related to handling hazardous substances.
Once these basics are in place, an integrated policy can be formulated, which includes all the mandatory and specific commitments relevant to the scope: meeting customer requirements (e.g., maintaining a consistent taste that customers love), preventing injury and ill health (e.g., by replacing outdated equipment), and protecting the environment (e.g., by using recycled packaging) and meeting compliance obligations.
Apart from Context (clause 4) and Leadership (clause 5), clauses 6 to 10 are conveniently packaged into the PDCA cycle of PLAN (clause 6) – DO (clauses 7 & 8) – CHECK (clause 9) – ACT (clause 10).
The next step is Planning, which involves determining the risks and opportunities (relating to quality, the environment, or occupational health and safety) and the actions to address them in order to achieve the intended results / outcomes, as well as establishing objectives and plans to achieve them. In relative terms, ISO 14001 and ISO 45001 have more focus on Planning – with aspect and impact identification and evaluation of significance (ISO 14001) and hazard identification and risk assessment (ISO 45001) taking up considerable effort.
The greatest divergence between ISO 9001 and the other two systems is to be found under Operation (clause 8). Clause 8 of ISO 14001 and ISO 45001 is brief, addressing similar issues under operational planning and control and emergency preparedness and response. However, ISO 9001 goes into great detail on clause 8. This is because there are multiple operational aspects to ensuring that product meets specifications.
The Leadership (clause 5) sections are very similar, apart from the additional sub clauses 5.1.2 (Customer focus) in ISO 9001, and 5.4 (Consultation and participation of workers) in ISO 45001. Both reflect the key positions of the main interested parties in the two standards – one outside, and the other within the organization. The presence of the key interested party within the organization means that consultation and participation is a recurring theme throughout the ISO 45001 standard. ISO 9001 seeks customer feedback in clause 9.1.2 (Customer satisfaction).
Performance evaluation processes will also be streamlined to seamlessly incorporate all IMS requirements for monitoring and measurement, evaluation of compliance, internal audit, and management review. Note that OH&S has the additional requirement for incident investigation. Management review will simply need the additional inputs relevant to each standard, such as trends in OH&S incidents and the results of consultation and participation.
Whether ISO 45001 is added to an existing QMS and EMS, or whether all three are starting from scratch, the process will be similar, because there are clear building blocks that fit together.
The beauty of building one integrated management system (IMS) is that while the identified risks might be many and varied, when it comes to the actions to address them, there is often convergence. The same operational controls may address quality and environmental, as well as health and safety risks. Regular equipment maintenance is an example. This explains the stress on ensuring that the systems are integrated into the organization’s business processes.
Interestingly, the TCs still hang onto their own pet terms in some cases, such as “intended results” in ISO 9001 being replaced by “intended outcomes” in ISO 14001 and ISO 45001. ISO 45001 eschews the “preferred” term of “compliance obligations” and holds onto the old beloved “legal and other requirements.” Luckily, users can ignore this and use terminology that makes sense to them. This has made integration of multiple standards painless. After all, the goal is always performance improvement.
Download this free white paper: How to integrate 2015 revisions of ISO 9001 and ISO 14001 to learn more about how to implement an integrated management system.
You may unsubscribe at any time. For more information, please see our privacy notice.