ISO 27001 implementation:

How to make it easier using

ISO 9001?

Presenter: Dejan Kosutic

GoToWebinar Control Panel

Open and close your

Panel
View, Select, and
Test your audio
Submit text
questions they will
be addressed
throughout the
session
Raise your hand
2017 27001Academy advisera.com/27001academy 6
How to use ISO 9001 to make your ISO 27001
implementation less painful.

You have already implemented ISO 9001, or

you are planning to implement both ISO 9001
and ISO 27001.

In most of the cases ISO 9001 can save up to

25% of time needed for ISO 27001
implementation.

2017 27001Academy advisera.com/27001academy 3

 ISO 27001 is much more similar to
ISO 9001 than it may seem at first sight!

2017 27001Academy advisera.com/27001academy 4

Agenda

Similarities
Differences
Implementation issues & roles
Top management issues
Implementing both standards
Certification
Greatest challenges with ISO 27001

2017 27001Academy advisera.com/27001academy 5

Similarities PDCA cycle

Define
what you Fill the
Plan Act
want to gap
achieve

Measure
Implement
if you
what you
Do Check achieved
have
the
planned for
objectives
2017 27001Academy advisera.com/27001academy 6
 Similarities

Process approach
Document control
Corrective actions
Human resources management
Internal audits
Management review
Setting the objectives and measuring
ISO 27001 Annex A exclusions are possible

2017 27001Academy advisera.com/27001academy 7

 And differences

ISO 9001 ISO 27001

Selecting controls
(risk assessment)
Quality manual Statement of
Applicability
Customer Security
complaints Incidents

2017 27001Academy advisera.com/27001academy 8

Implementation issues

Integrate ISMS and QMS in one single

management system
PAS 99 Integrated Management
For ISO 9001 clause 7.1.3 (Infrastructure)
use ISO 27001
Do not merge Quality Policy and Information
Security Policy

2017 27001Academy advisera.com/27001academy 9

Roles

QMS management representative

CISO (Chief Information Security Officer)
Project team
Top management / sponsor

2017 27001Academy advisera.com/27001academy 10

Top management issues

If QMS is already implemented, they will

understand the benefits (or drawbacks) of
ISMS easier
The management review can be done at the
same time for both ISO 27001 and ISO 9001
System for setting objectives and measuring
them can be the same

2017 27001Academy advisera.com/27001academy 11

Implementing both standards in
parallel
ISO 27001 + ISO 9001
ISO 27001 ISO 9001
Objectives
ISMS, QMS
policies
Document
management
Risk Core
Assessment operating
+ Annex A procedures
Internal audits,
Management
reviews,
Corrective
actions
2017 27001Academy advisera.com/27001academy 12
Certification

Integrated audit

it will save you time and money!

2017 27001Academy advisera.com/27001academy 13

Greatest challenges with ISO 27001

Lot of related ISO standards (ISO 19011, ISO

9001, ISO 27000 family, ISO 31000, etc.)
Defining the scope of implementation
Management and colleague commitment
Risk management since ISO 9001:2015
doesn't really need a formal risk process
Creating Integrated Management System

2017 27001Academy advisera.com/27001academy 14

Conclusions

ISO 27001 and ISO 9001 have a very

similar core management system

ISO 9001 is an excellent foundation

for ISO 27001 implementation

2017 27001Academy advisera.com/27001academy 15

Q&A

Dejan Kosutic
 Thank you!
http://advisera.com/27001academy/webinars