Secure Your Business




Savings of up to 30 per cent:
ISO Standards perfectly supplement one another

The market trend goes towards integrated management systems, which combine such topics as information security, IT service management, quality or environment to one uniform business system. Even generic processes, such as processes for finding strategies or planning processes, can be integrated. Users report they can save time and money by up to 30 per cent because of uniform processes, reviews

and combined audits.

Reference: 27001-20000-9001-Integration
Reference: 27001-9001-Integration


ISO 9001 as a basis helps to save time: It already is more than 4,200 companies in Austria that are certified acc. to ISO 9001. Therefore, the most frequent variant will consist in building ISO 27001 or ISO 20000 upon existing quality management. However, any other order is imaginable. Integrated systems

will be enabled to impress by their high degree of maturity and reliability if lead processes and key processes have already gone through the continual improvement process for a longer time. CIS offers efficient combination audits for integrated system certification with other standards in co-operation with Quality Austria – “in a one-stop shop“.


Synergies created by system integration:

  • Simplified handling, clarity and transparency are guaranteed;
  • Joint audits for several systems relieve the top managerial levels;
  • Joint documentation covers all the management and business processes;
  • Saving money and time is enabled.


The standards for information security (ISO 27001), IT service management (ISO 20000), quality management (ISO 9001) and environmental management (ISO 14000) have similar structures and place the same requirements in many respects:

  • responsibility of top to middle management;
  • systematic structure of documentation;
  • objective of continual improvement;
  • compliance with the requirements;
  • maintenance and operation of the systems 


Single audits help in the initial phase
In integrated systems, management reviews do not need double the time but additionally 25 to 30 per

cent for each topic – depending on the company. It will not be necessary to develop new processes and procedures for internal audits. Instead existing checklists can be extended by adding additional aspects. The same is true for the continual improvement process, in which the new topic will be integrated. At the beginning, in particular, advantages will increasingly be yielded by single audits, at which the auditors focus on one topic and show strengths and opportunities for improvement in detail. Overview of the certification procedure


Combined audits: synergies created by an overall view
Uniform external audits also are possible, this combination model being recommended by CIS if the sub-systems have been consolidated. Integrated audits should be planned well in coordination with the auditors in order to avoid double questions. Combined audits are interesting because auditors trained for several functions will obtain an insight into the overall system and can show opportunities for optimization for the overall system. One example from practice: In a company, the topic of “incident management” had already been covered by ISO 27001 and established again when implementing ISO 20000. Thanks to a combined audit, duplication of work could be avoided.


IntegrierteManagementsysteme_StillerErdpresser_web“Our management system covers all the
process focused systems, such as IS and QM,
as well as planning processes and strategy processes.
Unitized modelling helps to save a lot of time and money.”

Dr. Elisabeth Stiller-Erdpresser, Head of the Security Services
Siemens IT Solutions and Services





CIS - Macedonia Certification & Information Security Services, d.o.o. T + 389 2 3225-102 office.mk@cis-cert.com Imprint