In practical terms, the solid foundation for integrated overall systems at InfoGuard is the ISO/IEC 27000 standard, which offers wide-ranging content on information security and data protection. Almost all management systems today follow the ISO standard, which sets out comparable structures and requirements for different systems. These include, for example, management responsibility, the documentation system, the objective of continuous improvement, compliance with the specifications as well as the operation and maintenance of the systems.
The ISO standard, which follows Annex SL (also referred to as Annex L in the 2019 edition), is a section of ISO/IEC Directives Part 1 that prescribes how ISO management system standards (MSS) must be written. They have comparable structures and make the same demands in many respects:
- Accountability of upper to middle management
- Documentation system
- Objective of continuous improvement
- Compliance with the specifications
- Maintenance and operation of the systems
The gradual expansion of an integrated management system to include further components such as environmental management, IT service management and business continuity is possible and also recommended. The aim is to ensure that the various systems are interlinked and that continuous improvement of the company’s quality is guaranteed.
Combining two or more models not only enables a reduction in audit effort and optimisation of management reporting, but also opens up a broader view of the company and identifies additional starting points for further development.
Benefits of an integrated management system
An integrated management system (IMS) provides a central solution that brings together all the systems within a company while meeting all the requirements of the International Organisation for Standardisation (ISO). This prevents redundant variants that can lead to higher costs and additional work. An integrated approach means that all ISO standards are efficiently addressed and complied with.
Efficiency through system integration
The integration of different management systems produces numerous advantages, including simplified handling, improved clarity and transparency, combined audits for multiple systems, efficient management reviews and uniform documentation for all management and business processes. This can save costs and time.
High Level Structure: simplification through uniformity
The High Level Structure (HLS) provides a uniform basic structure for new or revised management systems. It ensures a better understanding and high compatibility between different management systems and favours the merger into an integrated management system.
In accordance with Annex SL, a management system standard should be structured as follows:
- Normative references
- Terms and definitions
- Context of the organisation
- Performance evaluation
Competitive advantages through an integrated management system
The implementation of data protection within an integrated management system (reinforced by ISO/IEC 27001 certification) can be promoted as a quality feature. By doing so, companies can ensure continuous review and improvement and make a favourable impression on customers or in public tenders.
Information security and data protection
Neither information security nor data protection constitutes a one-off project, but rather they require continuous review and improvement. Information security is about protecting all corporate assets from misuse by third parties, while data protection seeks to protect personal data. A data protection management system (DMS) is considered an effective tool for protecting an organisation’s data.
In conclusion, integrated management systems offer an effective way to combine information security and data protection within a unified overall system. This enables more efficient and transparent management and can give companies a competitive edge. In an age of increasing data mishaps and scandals, the permanent availability of data protection processes is of great importance – and a DSMS can play a decisive role here.
Still no adequate ISMS and DSMS? InfoGuard can support you!
Are you on your way to upgrading your cyber security and data protection efforts to a professional standard? If you’re not ready yet: don’t worry. Our consulting specialists will provide expert advice and support, for example on setting up the integrated management system (DSMS and ISMS), implementing NIST CSF, security assessments, architecture etc. Contact us for a non-binding discussion and a quote.