ISO Management System Integration
Traditionally, organizations seeking multiple ISO certifications—such as ISO 9001, ISO 14001, or ISO 45001—go through separate audits for each standard. However, a growing number of businesses are exploring Integrated ISO Management Systems (IMS) to streamline these processes under one unified framework. Not only does this reduce the time and cost of auditing and related certification costs, but it also promotes a holistic view of Safety, Occupational Health, Environmental, and Quality considerations across the entire organisation.
It’s key that the Safety, Occupational Health, Environmental, or Quality (SHEQ) system isn’t simply ‘bolted-on’ to the way an organisation is governed. It should be a well defined system so that any integration can adequately address how the ISO management systems come together. Organisations should keenly consider how their IMS can become a part of the day-to-day mechanisms of how the business is run.
By aligning different standards into a single management system, companies can eliminate redundant documentation, consolidate risk assessments, and foster a culture where teams collaborate on shared objectives rather than working in silos.
Share This Article With Your Network!
Table of Contents
Nevertheless, the journey toward an integrated management system—often culminating in an IMS certification audit—brings its own set of challenges. Auditors must be well-versed in all relevant ISO standards, and businesses must carefully align policies, procedures, and competencies to ensure a cohesive system that genuinely enhances performance.
In this blog post, we’ll demystify the concept of ISO Management System Integration—exploring what an IMS entails, who might benefit most, the guiding principles that make IMS effective, and the practical steps involved in merging multiple standards into one robust management system. We’ll also dive into the global shift toward unified ISO certifications and highlight what companies need to keep in mind if they’re considering an integrated approach to auditing and continual improvement.
What is an Integrated ISO Management System (IMS)?
An Integrated ISO Management System (IMS) consolidates multiple ISO Management System Standards into a single, cohesive Management System. Instead of managing each ISO Standard and Management System separately, IMS streamlines processes, reducing redundancies and therefore improving organisational performance.
By integrating management systems, businesses can now focus on achieving their goals holistically rather than addressing the requirements of each standard in isolation. This, in turn, eliminates duplication of effort by identifying and utilising the things that are the same and/or common among ISO standards. For example, most ISO standards include requirements related to leadership commitment, risk management, and continual improvement. IMS allows organisations to address requirements collectively and approach conformance in a streamlined and effective manner.
To help you understand this concept, let’s take the example of a manufacturing company certified for ISO 9001 (Quality Management), ISO 14001 (Environmental Management), and ISO 45001 (Occupational Health and Safety). The company may choose to integrate these standards, which would result in a single framework where quality, environmental, and safety objectives are aligned. The structure would leverage shared resources and processes. For instance, employing a unified risk assessment process that simultaneously evaluates quality, environmental, and safety risks, thereby eliminating redundancies and enhancing decision-making.
We do need to note that some standards may pose challenges to integration due to their specialized or industry-specific requirements. For example, ISO 27001’s emphasis on information security controls, and ISO 50001’s focus on energy management may require dedicated expertise and different processes. However, with proper planning and a unified approach, even these specialized standards can be integrated effectively, allowing organizations to streamline their processes and enhance overall conformance.
Is Your System Integrated or Merged?
A common misconception throughout the ISO industry is that ISO Management Systems can be ‘merged’ because of the common 10 Clauses they share, provided by the harmonised structure. This is then mistakenly called a system integration.
The ‘merging’ of requirements is acceptable to some extent, particularly where clauses are similar in sections 4, 5, 6, 7, 9, and 10. However, requirements like that of Clause 8 should be dealt with by using these as conditions of work, applied to business processes.
Streamline your IMS Audit preparation! Download our FREE GUIDE “10 Steps to Prepare for Your IMS Certification Audit“. Simplify conformity, improve readiness, and achieve ISO certification success.
How does an Integrated ISO Management System work?
An IMS works by leveraging shared elements across standards to create a unified system. This can be achieved through using a process-based management approach, which focuses on managing and improving interconnected processes to achieve business objectives.
For instance, instead of having separate purchasing processes for ISO 9001, ISO 14001, and ISO 45001, an IMS would have a single, comprehensive purchasing process. This not only reduces duplication but also ensures that the stark differences in requirements of each standard are adequately attended to.
The clauses from each standard that would apply to the purchasing process are 6.2.2 Quality objectives and planning to achieve them in QMS, 6.2.2 Planning actions to achieve environmental objectives in EMS, and 6.2.2 Planning to achieve OH&S objectives in OHS.
The Guiding Principles of IMS
All standards developed using the harmonized structure are required to demonstrate outcomes such as leadership commitment, risk-based thinking and a process approach to management. Other expected outcomes include continual improvement, stakeholder engagement, compliance and governance.
Each mentioned outcome is fundamental to the success of an IMS. However, there are a few additional, recommended guiding principles which aid in an even more effective approach to IMS.
Important to keep in mind, when understanding ‘a process approach to management’, is that it isn’t the processes that are being integrated, it’s the applicable clauses that are simultaneously applied to the process that we refer to as integration. This is what allows for requirements of as many standards as desired to be applied to the same process. Each having its own conditions for conformance applied to the same process.
1. Standardise your approach
Establish a unified set of requirements that uphold the integrity of every individual requirement across the standards being implemented. This might mean writing your own ‘integrated standard’ before doing anything else.
Although the requirements of each clause may appear similar at a glance, they contain distinct nuances that become critical during audits. Every word within a clause holds significance, and a lack of understanding can result in noncompliance.
An ISO Management System Standard is not designed to be read like a typical storybook for general comprehension. Instead, it demands a thorough, word-by-word analysis to capture its full intent and meaning. Particular attention must be paid to verbs, as they define specific actions, responsibilities, and obligations. Missing even a single word can lead to misinterpretation and subsequent nonconformance.
Therefore, a meticulous approach is essential to ensure accurate implementation and compliance.
2. Align Your Terminology
As mentioned, while management concepts across different standards share similarities, the terminology used can vary significantly.
For instance, in clause 6 (Planning) of an Environmental Management System, the terms environmental aspects and environmental impacts are used to establish the EMS with preventive actions for environmental protection.
Conversely, in an Occupational Health And Safety context, the same clause addresses preventive actions through the terms hazard and risk to protect people from work-related health issues and injuries.
Despite the underlying cause-and-effect relationship being similar, the terminology must align with the specific context of each standard. The single term used for ‘cause’ that addresses the meaning of both environmental aspect and OHS Hazard will allow for efficiency and integration when establishing the system. Similarly, the term ‘effect’ could address the meaning of both environmental impact and OHS risk.
A central or harmonic approach should ensure that terms are appropriately selected and applied to facilitate seamless integration while maintaining clarity and relevance.
3. Integrate with Focus
A comprehensive, integrated risk register can be developed for the management system; however, it is critical to recognize that different receptors and pathways expose the business to distinct risks.
For example, a toxic substance may pose a health hazard through inhalation (pathway), affecting human well-being, while simultaneously impacting the environment by altering atmospheric conditions. Although both risks can be recorded in the same register, their effects must be assessed independently.
For this reason, we find that when utilizing a risk matrix (or heat map) to evaluate risks related to health and environmental aspects, the descriptors and criteria on the matrix/heatmap should reflect the unique characteristics of each domain.
A more practical approach would involve maintaining separate matrices for health and environmental risks, respectively. Ensuring that assessments remain precise and actionable.
Streamline your IMS Audit preparation! Download our FREE GUIDE “10 Steps to Prepare for Your IMS Certification Audit“. Simplify conformity, improve readiness, and achieve ISO certification success.
Who should consider an Integrated ISO Management System?
An IMS is suitable for any organisation managing multiple ISO Management System Standards, particularly those in industries where conformance with quality, safety, and environmental standards is critical. Examples include:
- Manufacturing: Where quality, environmental, and safety standards often overlap.
- Construction: Where workplace safety and environmental sustainability are key priorities.
- Healthcare: Where stringent quality and safety standards are essential.
Which companies currently make use of an ISO IMS?
Several global organisations, like IBM and even McDonald’s, make use of Integrated ISO Management Systems. We also have a handful within Wynleigh International’s portfolio, showcasing that an IMS isn’t just for use in large, global conglomerates.
Who is responsible for an Integrated ISO Management System?
An IMS involves collaboration across key roles:
- Top Management: Sets the vision, policies, culture and resources, ensuring strategic alignment with business goals.
- SHEQ Managers*: Specialised positions for each respective standard reporting into the IMS Manager.
- IMS Manager*: Oversees implementation, compliance, conformance, audits, and continual improvement.
- Process Owners: Manage specific processes, ensuring conformance and performance.
- Employees: Follow procedures, report issues, and support improvement initiatives.
- Internal Auditors: Evaluate conformance and identify opportunities for improvements.
- External Auditors: Evaluate IMS conformance against the requirements of the ISO standard/s and the internal arrangements of the management system.
- Certification Body: Issue a certificate that verifies IMS conformance, known as ISO Certification.
*Note to reader: Best practice sees specialised positions for each respective standard (SHEQ Managers) reporting into the IMS Manager. This is typically only the case if the business is large enough to accommodate the resource requirement.
Why an integrated approach to ISO Management Systems?
Benefits of a successful IMS
1. Efficiency and cost-effectiveness
IMS often reduces duplication of processes and documentation, saving time and resources. For example:
- A single internal audit that covers multiple standards, streamlining conformity efforts.
- A single incident reporting system that covers both safety and environmental impacts.
- A single document control process.
- A single management review process.
- Integrated training programs that address multiple standards at once, reducing learning time.
2. Enhanced governance, risk, and opportunity management
Although a unified framework enables organisations to address risks and opportunities comprehensively, the true integration of the management system into the methods of governance is more than the technicality of having a unified framework. The integrated approach contributes to true enterprise-wide risk management.
For example:
- A centralized risk assessment tool that evaluates risks across different operational areas.
- Monthly reviews that align risks and opportunities with strategic business goals.
3. Sustainability and corporate social responsibility
ISO Standards align business practices with sustainable development goals, addressing issues such as climate change and social responsibility. Each ISO Standard addresses a specific, related issue that is either exacerbated by or influences the outcomes of the organisation.
For example:
- Implementation of energy-efficient practices that improve and reduce carbon footprints, and operational costs.
- Community engagement initiatives that address social issues while promoting corporate values.
4. Improved organisational performance
By focusing on strategic objectives, IMS tend to improve overall performance and ensure that considerations for whatever standards are being integrated are embedded into daily operations.
For example:
- Regular quality audits that monitor conformance with safety and environmental standards simultaneously.
- Cross-departmental objectives that ensure collaboration between teams on sustainability and performance goals.
Streamline your IMS Audit preparation! Download our FREE GUIDE “10 Steps to Prepare for Your IMS Certification Audit“. Simplify conformity, improve readiness, and achieve ISO certification success.
Challenges of separate management systems
When organisations manage multiple ISO systems independently, inefficiencies often arise.
If the requirements of a management system are not presented in an integrated manner, the person responsible for implementation will need to mentally consolidate the distinct requirements of each standard and related system before they can be effectively applied.
Separate documentation and processes for each standard can lead to siloed operations, increased costs, and reduced employee engagement. Employees may view the systems as too much and this can in turn hinder the acceptance and effectiveness.
Benefits of Integrated ISO Management Systems
Policy and procedure alignment
An IMS offers consistency across all Management Systems while addressing the unique requirements of each ISO Standard. This means that appropriate resource allocation will all requirements rather than favouring one standard over another.
Competency building
In a process-centric integration, individuals only need to understand the requirements relevant to the processes they are responsible for.
Rather than becoming ISO experts on all standards, they can focus on performing their tasks, with the necessary requirements seamlessly embedded into their work methods as part of standard operating conditions.
They should however be clear on the intended outcomes of the IMS and about their role in effectively contributing to the success of the IMS.
Change Management
Internal pushback might be a concern, when considering that leadership and employees must adapt to new or integrated documentation and reporting processes. Rest assured that in our experience, this is not generally a common challenge.
From a human change perspective, an IMS is more readily accepted because its content and language align closely with individuals’ familiar points of reference. People already understand how to perform the activities within their processes, so adding a few specific conditions to these processes is much easier to adopt than expecting them to grasp the full complexity of an ISO standard.
Learn more about Change Management in our blog post “How To Transform Your ISO Management System With Change Management”
Auditing complexities
Be certain that the audit team have the necessary expertise to evaluate all ISO Standards included in the integrated management system. Much like having strong internal competency, Supplier and Certification audit teams should have strong competencies in all ISO Standards that are being assessed.
Having strong competencies in only one ISO standard could mean that the team favours that set of requirements and outcomes instead of considering the holistic picture. It’s important to include members with varied skillsets, to cover all bases.
How to achieve IMS Certification
Whether you’re starting afresh or you already have an ISO Management System in place, you’ll want to consider several key steps to ensure that System Integration is the right move for you.
These steps also offer an effective plan of action that reduces waste of resources.
ISO have released “The Integrated Use of Management System Standards (IUMSS)” – the second edition of the handbook that helps organisations to integrate requirements of multiple Management System Standards (MSS) into their management systems. In addition to practical guidance, the handbook features case studies in real-world organizational contexts.
You can also take a read through their post “Guidance on integrated management system standards just updated” to gain further insights.
Certification for an IMS
Certification Bodies are guided by two documents published by the International Accreditation Forum:
- IAF MD 11 Audits of Integrated Management Systems, and
- IAF ID14 Determination of Audit Time for Integrated audit of multi-site management systems.
IAF MD 11 provides mandatory guidelines for Certification Bodies (CBs) on how to plan, conduct, and manage audits of Integrated Management Systems (IMS). Its primary purpose is to ensure that audits of IMS are conducted consistently, effectively, and in accordance with international best practices. The document helps CBs deliver audits that consider the interrelationships between different management system standards (such as ISO 9001, ISO 14001, ISO 45001, etc.) while avoiding unnecessary duplication of efforts.
IAF ID 14 is an informative document that outlines requirements for determining the appropriate audit time when conducting integrated audits of multi-site management systems. Its main goal is to ensure that audit duration is sufficient to cover all relevant standards across multiple sites while maintaining consistency, effectiveness, and impartiality.
Challenges with IMS Certification
Some certification bodies choose to verify conformance with each standard separately. However, they often conduct integrated audits, examining overlapping processes and requirements in a single, streamlined visit.
If the Certification Body or auditors lack the expertise or experience, the “integrated” approach may revert to parallel audits that negate many of the benefits of IMS.
Key Steps to IMS Certification
1. Select a Competent Certification Body
- Ensure the Certification Body has accreditation scope and internal policies that lend sufficient expertise to cover every standard in your IMS (e.g., quality, environment, OH&S, etc.).
- Clarify whether they issue one integrated certificate or maintain separate ones for each standard.
- Establish if they offer integrated audits or if they are conducted in parallel.
2. Consolidate Your Audit Schedule
- Plan a single audit cycle, covering all standards. This might include an integrated Stage 1 (review of documentation across all standards) and an integrated Stage 2 (on-site verification for the collective scope).
- Establish what your Surveillance Audit Schedule will entail. How will your full scope receive an adequate and ongoing assessment for verification and improvement?
3. Prepare the Integrated Management System
- Make sure policies, procedures, and documented information reflect unified management system processes, from risk assessment to corrective actions.
- Communicate to employees that one set of procedures addresses multiple ISO requirements.
4. Engage Your Auditors Early
Provide clear scope and evidence of how you’ve integrated the standards. Request any specific checklists or guidance they use so your internal teams can prepare effectively.
Audit duration is calculated using the following variables.
- Level of integration: The less integration the longer the duration needed to audit.
- Auditor Competency: The number of auditors in the audit team with competence in one or more standards. The fewer auditors with integrated competency the longer the duration.
What’s important to note is that Audit duration when compared to audits of distinct systems can be reduced by up to 20%.
5. Audit Execution & Findings
Auditors will look for commonalities, such as unified risk management processes, document controls, and internal audits that cover each standard’s focus. They are obliged to determine if associated standards are nonconforming when a nonconformity is found against one standard.
That being said, nonconformities might still be assigned under a specific standard if they relate uniquely to its requirements.
6. Certificate Issuance & Maintenance
- Depending on the CB’s practice, you may receive one certificate listing all integrated standards or multiple certificates referencing an integrated audit.
- You’ll undergo combined annual surveillance audits to maintain each standard’s validity, with a major re-certification typically every three years.
By understanding these nuances and choosing a reputable, well-accredited Certification Body, organisations can enjoy a smoother, more cohesive approach to ISO conformance—reaping significant savings in time and resources while strengthening their overall management system performance.
Streamline your IMS Audit preparation! Download our FREE GUIDE “10 Steps to Prepare for Your IMS Certification Audit“. Simplify conformity, improve readiness, and achieve ISO certification success.
The move towards Integrated ISO Certification
ISO Management System Integration is a big step toward aligning business processes, ensuring conformance, and driving sustainability. Organisations adopting an IMS approach can streamline operations, improve efficiency, and stay ahead in the global push for unified certification practices. It’s important, however, that it’s done correctly.
Despite the cost savings, organisations must ensure that Certification Bodies possess the ability and the auditor expertise to evaluate all integrated standards effectively. At the end of the day, ISO Certification aims to promote the integrity of the management system and, in turn, the value of the certification process.
Unhappy with your Certification Body?
If you’re already certified but considering a change, here’s something you should know: Wynleigh International Certification Services makes the process of transferring your certification straightforward.
For organizations moving from one accredited certification body to another—like Wynleigh—the transition is seamless. We pick up where your current CB left off, continuing the three-year cycle without missing a beat.
What if your current CB isn’t accredited? Don’t worry! While this means the certification is not globally recognized, it simply requires starting the process from a Stage 1 audit. If your system is conforming and non-conformities are under control, it’s a manageable transition.
Experience the difference in our approach and discover the ease of transferring your certificate to Wynleigh.
Looking for help with your ISO Management System?
Visit our Industry Expert Directory to find assistance from ISO Consultants and Training Businesses.
Get in touch with us at +44 (0) 203 926 6507 or +27 (0) 31 941 4790, or email us at info@wynleigh.com to pursue Certification success today.