InfoGuard Cyber Security Blog: Integrated management system for information security and data protection

Integrated Management System for Information Security and Data Protection

Nowadays most organisations actively recognise the importance of data protection and information security and deploy appropriate information security and data protection management systems (ISMS and DSMS) to address these key aspects. The current trend is towards integrated management systems that combine information security (in accordance with ISO/IEC 27001:2022) and data protection (revised Swiss Data Protection Act) within a uniform overall system. This makes it possible to design higher-level strategy-finding or planning processes more efficiently. 

In practical terms, the solid foundation for integrated overall systems at InfoGuard is the ISO/IEC 27000 standard, which offers wide-ranging content on information security and data protection. Almost all management systems today follow the ISO standard, which sets out comparable structures and requirements for different systems. These include, for example, management responsibility, the documentation system, the objective of continuous improvement, compliance with the specifications as well as the operation and maintenance of the systems.
The ISO standard, which follows Annex SL (also referred to as Annex L in the 2019 edition), is a section of ISO/IEC Directives Part 1 that prescribes how ISO management system standards (MSS) must be written. They have comparable structures and make the same demands in many respects:

  • Accountability of upper to middle management
  • Documentation system
  • Objective of continuous improvement
  • Compliance with the specifications
  • Maintenance and operation of the systems

The gradual expansion of an integrated management system to include further components such as environmental management, IT service management and business continuity is possible and also recommended. The aim is to ensure that the various systems are interlinked and that continuous improvement of the company’s quality is guaranteed.

Combining two or more models not only enables a reduction in audit effort and optimisation of management reporting, but also opens up a broader view of the company and identifies additional starting points for further development.

Benefits of an integrated management system

An integrated management system (IMS) provides a central solution that brings together all the systems within a company while meeting all the requirements of the International Organisation for Standardisation (ISO). This prevents redundant variants that can lead to higher costs and additional work. An integrated approach means that all ISO standards are efficiently addressed and complied with.

InfoGuard Integrated Management System: Information Security (ISMS) and Data Protection (DSDS) combined

Efficiency through system integration

The integration of different management systems produces numerous advantages, including simplified handling, improved clarity and transparency, combined audits for multiple systems, efficient management reviews and uniform documentation for all management and business processes. This can save costs and time.

High Level Structure: simplification through uniformity

The High Level Structure (HLS) provides a uniform basic structure for new or revised management systems. It ensures a better understanding and high compatibility between different management systems and favours the merger into an integrated management system.
In accordance with Annex SL, a management system standard should be structured as follows:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organisation
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

Competitive advantages through an integrated management system

The implementation of data protection within an integrated management system (reinforced by ISO/IEC 27001 certification) can be promoted as a quality feature. By doing so, companies can ensure continuous review and improvement and make a favourable impression on customers or in public tenders.

Information security and data protection

Neither information security nor data protection constitutes a one-off project, but rather they require continuous review and improvement. Information security is about protecting all corporate assets from misuse by third parties, while data protection seeks to protect personal data. A data protection management system (DMS) is considered an effective tool for protecting an organisation’s data.

In conclusion, integrated management systems offer an effective way to combine information security and data protection within a unified overall system. This enables more efficient and transparent management and can give companies a competitive edge. In an age of increasing data mishaps and scandals, the permanent availability of data protection processes is of great importance – and a DSMS can play a decisive role here.

Still no adequate ISMS and DSMS? InfoGuard can support you!

Are you on your way to upgrading your cyber security and data protection efforts to a professional standard? If you’re not ready yet: don’t worry. Our consulting specialists will provide expert advice and support, for example on setting up the integrated management system (DSMS and ISMS), implementing NIST CSF, security assessments, architecture etc. Contact us for a non-binding discussion and a quote.

Request Integrated Management System ISMS & DSMS


<< >>

Data Governance , IT Security

Markus Limacher
About the author / Markus Limacher

InfoGuard AG - Markus Limacher, Head of Security Consultant, Mitglied des Kaders

More articles from Markus Limacher

Related articles
ISO/IEC 27701 – the aspects of data protection that are integrated in the ISMS
ISO/IEC 27701 – the aspects of data protection that are integrated in the ISMS

When the European General Data Protection Regulation (GDPR) was introduced in May 2018, there was a great [...]
ISO/IEC 27002:2022 – what you should know about the new changes
ISO/IEC 27002:2022 – what you should know about the new changes

After a wait of over nine years, the revised ISO/IEC 27002:2022 standard has finally been published. Of [...]
SWIFT CSCF v2021 – are you ready for the independent assessment?
SWIFT CSCF v2021 – are you ready for the independent assessment?

The financial sector remains one of the main targets for cyber attacks. According to one analysis, of the 200 [...]

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media