Part 6 - IMS Integration

🔹 IMS Series – Part 6: Integration vs Separation in an IMS This is where the Integrated Management System really matures. 📄 The presentation slides are also available here:https://www.linkedin.com/posts/alison-wickens-641b893_ims-integration-part-6-activity-7447587756048039936-9QqL?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAC1PFEBZ3u-y7vxiToCmB_MgO3SKydN6jE A lot of organisations focus on integration — one framework, one system, one set of processes. But the real challenge is understanding: 👉 what must remain separate Because in practice, not everything should be standardised. Using the PDCA cycle, this becomes clear: PLAN → Different risks (security, privacy, AI) DO → Controls align, but execution differs CHECK → What is measured is not the same ACT → Improvements target different outcomes The shift in an IMS is towards: One integrated framework One consistent structure One way of working But with: • Security → focused on systems and CIA • Privacy → focused on individuals and compliance • AI → focused on decisions, bias, and outcomes This enables: Clear separation of risk while maintaining integration Better decision-making across domains Stronger traceability through the Statement of Applicability More effective and audit-ready systems And most importantly — integration is structural, but separation is operational. 📌 Detailed appendices are included in the presentation for a deeper clause-by-clause and control-level view. 🎥 Part of the IMS Series covering integration of: ISO 27001 ISO 27701 ISO 42001 👉 Next: Integrated Audit and Assurance Disclaimer: This content is based on my interpretation and practical experience. I’m continuously learning and exploring how these standards integrate, and I welcome different perspectives.