We have already discussed what an integrated management system (IMS) is, and why you should consider integrating your management systems to create a centralised system for your business processes.
If you have processes that examine one aspect or risk - quality, for example - then you have already ticked the most difficult box. You have already ushered in the culture, as well as the requisite risk-based approach needed to get your management system functioning. Now, it's just a matter of encouraging the business to think about all aspects of the process, including environment, safety and information security in your processes and procedures.
However, many businesses start with only one management system, and add on the other standards. This leads us to the question of: How do you know when you are ready to integrate your management systems?
In essence, you should integrate your systems as soon as possible; even if you’re not becoming certified to the other standards.
Because encouraging your business to take a proactive approach to these risks will mean your business gets the bottom-line benefits. If your employees are considering the occupational health and safety risks inherent in their processes, they will remove, minimise or mitigate these and cost your business less in injury or illness. The same can be said for quality, environment and information security.
To offer up one example: if you have established the context of your organisation which entails determining internal and external issues, identifying the needs and expectations of interested parties, as well as the scope of your management system from a quality management perspective, then it is certainly beneficial to add any items related to Safety (AS/NZS 4801, ISO 45001 and OHSAS 18001), Environment (ISO 14001) or Information Security (ISO27001) instead of completing the process separately, or retrospectively.
Ensuring your business is considering all the relevant risks, as required in a risk-based approach, will ensure significant cost efficiencies.