COMBINED AUDITS & CERTIFICATION
FOR INTEGRATED SYSTEMS
Savings of up to 30 per cent:
ISO Standards perfectly supplement one another
The trend goes towards integrated management systems, which combine such topics as information security, IT service management, quality or environment to one uniform business system. Even generic processes, such as processes for finding strategies or planning processes, can be integrated. Users report they can save time and money by up to 30 per cent because of uniform processes, reviews
and combined audits.
In most of the cases ISO 9001 for quality management serves as the basis for integrated managementsystems. It already is around 5,000 companies in Austria that are certified acc. to ISO 9001. Therefore, the most frequent variant consists in building ISO/IEC 27001 or ISO/IEC 20000 upon existing quality management. However, in theory any other order is imaginable. Thanks to establishing the high level structure and the identical core text, system integration will be even easier in the future. Integrated systems will be enabled to impress by their high degree of maturity and reliability if lead processes and key processes have already gone through the continual improvement process for a longer time.CIS offers efficient combination audits for integrated system certification with other standards in co-operation with Quality Austria – “in a one-stop shop“.
Synergies created by system integration:
- Simplified handling, clarity and transparency are guaranteed;
- Joint audits for several systems relieve the top managerial levels;
- Joint documentation covers all the management and business processes;
- Saving money and time is enabled.
The standards for information security (ISO 27001), IT service management (ISO 20000), quality management (ISO 9001) and environmental management (ISO 14000) have similar structures and place the same requirements in many respects:
- responsibility of top to middle management;
- systematic structure of documentation;
- objective of continual improvement;
- compliance with the requirements;
- maintenance and operation of the systems
Single audits help in the initial phase
Valuable syergies can be obtained by implementing an additional management system into an existing one: In integrated systems, management reviews do not need double the time but additionally 25 to 30 per cent for each topic – depending on the company. It will not be necessary to develop new processes and procedures for internal audits. Instead existing checklists can be extended by adding additional aspects. The same is true for the continual improvement process, in which the new topic will be integrated. At the beginning, in particular, advantages will increasingly be yielded by single audits, at which the auditors focus on one topic and show strengths and opportunities for improvement in detail.
Combined audits create an overall view
The advantages of combined audits can be obtained to the full extent when the integrated system has reached a certain level of maturity. Combined external audits are recommended by CIS, when the sub-systems have been consolidated. Integrated audits should be planned well in coordination with the auditors in order to be responsive to the existing processes referring to the different management topics. Combined audits are interesting because auditors trained for several functions will obtain an extraordinary insight into the overall system and can show opportunities for optimization for the overall system. One example from practice: In a certain company, the topic of “incident management” had already been covered by ISO 27001 and established again when implementing ISO 20000. Thanks to a combined audit, duplication of work could be corrected.