2. 2
PECB Conference
1. Reality of the market
2. What is an integrated management system
3. New challenges
4. IMS and ISO standards
5. IMS and industry standards
6. IMS and regulations
7. Presentation of 5 business cases
3. 3
Introduction
Many organizations have adopted or are adopting formal
management system standards specifications such as ISO
9001, ISO 14001, ISO/IEC 27001, ISO 22000, ISO/IEC 20000
and OHSAS 18001 (ISO 45001) and also industry and/or legal
framework
Frequently these are operated as independent systems
In all management systems, however, there are certain
common elements which can be managed in an integrated way
The essential unity of all these systems within the overall
management system of the organization can then be
recognized and used to best advantage
The reality of the market
4. 4
If an organization decides to operate more than one
management system, it can can managed in one system as
an integrated management system
Integrated Management System
ISO 20000
ISO 27001ISO 9001
ISO 14001
Integrated
management system
5. 5
New challedges for a Management
System
Quality
Contracts and
SLA
(Clients)
Standards
(Industry)
Laws and
regulations
(Authorities)
ResilienceSecurity
Compliance
6. 6
Actual Management System Standards
Primary standards against which an organization can be
certified
ISO 9001
Quality
ISO 14001
Environment
ISO 45001
Health and Safety
at work
ISO 20000
IT Service
ISO 22000
Food Safety
ISO 22301
Business
continuity
ISO 27001
Information
security
ISO 28000
Supply Chain
Security
7. 7
Integrated Management System
Old versions of ISO standards
Requirements
ISO
9001:2008
ISO
14001:2004
ISO
20000:2011
ISO
27001:2005
Objectives of the
management system
5.4.1 4.3.3 4.5.2 4.2.1
Policy of the
management system
5.3 4. 2 4.1.2 4.2.1
Management
commitment
5.1 4.4.1 4.1 5
Documentation
requirements
4.2 4.4 4.3 4.3
Internal audit 8.2.2 4.5.5 4.5.4.2 5
Continual improvement 8.5.1 4.5.3 4.5.5 8
Management review 5.6 4.6 4.5.4.3 7
8. 8
Integrated Management System
Common structure of new ISO standards
Requirements
ISO
9001:2015
ISO
14001:2015
ISO
22301:2012
ISO
27001:2013
Objectives of the
management system
6.2 6.2 6.2 6.2
Policy of the
management system
5.2 5.2 5.2 5.2
Management
commitment
5.1 5.1 5.1 5.1
Documentation
requirements
7.5 7.5 7.5 7.5
Internal audit 9.2 9.2 9.2 9.2
Continual improvement 10 10 10 10
Management review 9.3 9.3 9.3 9.3
9. 9
New Insdustry Standards
Increase of standards that companies need to follow
CTPAC
Cloud
Essential
SSAE-16
(Replacement of
SAS 70)
NERC
Tier IV
NIST
PCI-DSS
WLA-SCS
IT Baseline
OECD
Principles
10. 10
Legal Aspects
Major topics to be monitored
1 Data protection
2 Privacy
3 Computer Crimes
4 Digital Signature
5 Intellectual Property
6 Electronic Payments
7 Records Management and electronic archiving
11. 11
Compliance needs that we
need to ensure that
suppliers comply to
Compliance needs from
contracts and SLAs with
clients
Complexity of Contracts and SLA
Management
Second Party Audit
SSAE-16
(Replacement of
SAS 70)
Customer Supplier
Organization
12. 12
Business sectors
Where integrated management system are important
Banks and
insurence
Aerospace and
Defense
Public sector
Healthcare UtilitiesGambling E-commerce
Telecom
13. 13
An add-value?
1. Facilitating better decision making
2. Identifying risk areas
3. Helping to develop objectives and plans that are consistent with
business needs
4. Allowing better planning and allocation of available resources
5. Promoting harmonised methods and processes for the overall
'business management' system
6. Reducing the amount of documentation
7. Raising awareness of, and promoting the interaction and
interrelation of the IMS
8. Facilitating the development of coordinated solutions to problems
identified
9. Saving up to 30% of audit days
Integrated Management System
14. 14
Business case 1
1. EN 9100 (Aerospace Quality Management System)
2. ISO 14001 (Environmental Management System)
3. ISO 27001 (Information Security Management System)
4. ISO 45001 (Occupational health and Safety
Management System)
5. CSPN (Certification de Sécurité de Premier Niveau)
6. DO-254 (Electronic embedded systems)
7. DO-178 series (Airborne Systems and Equipment
Certification)
8. Airbus contract and SLA
Aerospace Supplier for Electronic
Components
15. 15
Medical research center
Business case 2
1. ISO 13485 (Medical Devices Management System)
2. ISO 20000 (Système de management des services)
3. ISO 27001 (Information Security Management System)
4. HADS (HealthCare data Management)
5. GDPR compliance
6. FDA rules and regulations
16. 16
Datacenter
Business case 3
1. ISO 9001 (Quality Management System)
2. ISO 14001 (Environmental Management System)
3. ISO 20000 (Système de management des services)
4. ISO 22301 (Business Continuity Management System)
5. ISO 27001 (Information Security Management System)
6. ISO 45001 (Occupational health and Safety
Management System)
7. ISO 50001 (Energy Management System)
8. Cloud certification
9. GDPR compliance
10.Tier IV certification (infrastructure)
17. 17
Electronic archiving
Business case 4
1. ISO 9001 (Quality Management System)
2. ISO 14001 (Environmental Management System)
3. ISO 27001 (Information Security Management System)
4. PSDC-D (Electronic Archiving – Demateralization)
5. PSDC-C (Electronic Archiving – Conservation)
6. GDPR compliance
18. 18
National Lottery
Business case 5
1. ISO 9001 (Quality Management System)
2. ISO 27001 (Information Security Management System)
3. PCI-DSS (Credit card Payment)
4. WLA-SCS (Security Control Standard)
5. WLA-SG (Responsible Gaming)