This webinar discusses how ISO 9001 and ISO 27001 have similarities in their structure and requirements despite applying to different domains. Both standards are based on the PDCA cycle and high-level structure, and share common elements like leadership, competence, documentation, auditing and management review. The webinar reviews differences between the two standards in areas like risk assessment and security controls. It provides guidance on integrating quality and information security management systems, including roles, implementation steps, and challenges in merging the standards into a single system. The conclusion is that ISO 9001 provides an excellent foundation for implementing ISO 27001 due to their similar core requirements.

1. How to choose risk assessment
methodology for ISO 9001
15The webinar will start in minutes

2. Strahinja Stojanovic
ISO 9001 Expert
Strahinja Stojanovic is the author of the 9001Academy, 14001Academy and
18001Academy toolkit. He has extensive working experience both as an
external auditor and as a consultant. In his consulting career, he works with
clients from the manufacturing and service providing organization. He has
an MSc in Mechanical Engineering, and is the holder of the following
certificates: ISO 9001 Lead Auditor, ISO 14001 Lead Auditor, OHSAS 18001
Lead Auditor.
Contact Information
+1 (646) 759 9933
strahinja@advisera.com
www.advisera.com
linkedin.com/ strahinja. stojanovic

3. ©2016 9001Academy http://advisera.com/9001academy/ 3
ISO 9001 and ISO 27001 have much
more in common than it may seem at
firts sight

4. ©2016 9001Academy http://advisera.com/9001academy/
• Similarities
• Differences
• Implementation issues and roles
• Implementation steps
• Certification
• Biggest challenges in the integration
Agenda
4

5. ©2016 9001Academy http://advisera.com/9001academy/
Similarities
5
• PDCA Cycle
• High-Level Structure
• Context of the organization
• Leadership
• Competence and Awareness
• Documented information
• Monitoring and measuring
• Internal audit
• Management review
• Nonconformity
• Corrective actions
ISO9001:2015
ISO27001:2013
• High-Level Structure
• Context of the organization
• Leadership
• Competence and Awareness
• Documented information
• Monitoring and measuring
• Internal audit
• Management review
• Nonconformity
• Corrective actions

6. ©2016 9001Academy http://advisera.com/9001academy/
Requirements
for proceses
Measuring
customer
satisfaction
Customer
complaints
ISO
9001 Information
security risks
assessment
Information
security risks
treatement
Security
incidents
Differences
6
ISO
27001

7. ©2016 9001Academy http://advisera.com/9001academy/
• Integrate QMS and ISMS into one single
management system
• Incorporate security controls into
processes
• PAS 99 Integrated Management
• Merging Quality Policy and Information
Security Policy
Implementation issues
7

8. ©2016 9001Academy http://advisera.com/9001academy/
• Quality Manager
• CISO (Chief Information Security
Officer)
• Project team
• Top management / sponsor
Roles
8

9. ©2016 9001Academy http://advisera.com/9001academy/
Implementation steps
9
Determine context of the organization
Define QMS and ISMS Policy
Provide resources
Address risks and opportunties
Assess information security risks
Treat information security risks

10. ©2016 9001Academy http://advisera.com/9001academy/
Implementation steps
10
Define objectives
Establish operational control
Conduct monitoring and measuring
Internal audit
Management review
Continual improvement

11. ©2016 9001Academy http://advisera.com/9001academy/
• Defining policies
• Incorporating security controls into
processes
• Asset list and risks assessment
• Auditing both standards at once
• I have no grounding or training yet
• How to handle both transition and
integration
Biggest challenges in the integration
11

12. ©2016 9001Academy http://advisera.com/9001academy/
ISO 9001 and ISO 27001 have a very
similar core
… ISO 9001 is an excellent
foundation for ISO 27001
implemntation
Conclusion
12

13. Strahinja Stojanovic
Q & A

14. Thank you!
http://advisera.com/9001academy/webinars/
THANK YOU
?
+1 (646) 759 9933
strahinja@advisera.com
www.advisera.com
linkedin.com/ strahinja. stojanovic