INFORMATION SECURITY AND QUALITY MANAGEMENT SYSTEMS INTEGRATION: CHALLENGES AND CRITICAL FACTORS

Abstract

Implementing a new management system in organizations that already have a certified management system can be challenging. This research discussed enabler factors that influence the integration of an information security management system certified following ISO 27001 with a quality management system certified following ISO 9001. Five factors were identified as the basis of this research: Implementation Model, Human Resources, Resources Availability, Standard Issues, and Standards Integration. Four factors were validated through the qualitative study with consultants specialized in implementing and integrating these standards. Then, by prioritizing these factors through the Analytic Hierarchy Process method, it was found that the most relevant aspect is Standards Integration for the managers from the institution object of study. For specialist consultants, the most pertinent factor is Human Resources.