Part 7 - IMS Integration

🎥 Part 7: Integrated Operations, Audit & Assurance From execution to assurance in an integrated management system 📄 The presentation slides are also available here:https://www.linkedin.com/posts/alison-wickens-641b893_ims-integration-part-7-activity-7449033063101210624-024w?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAC1PFEBZ3u-y7vxiToCmB_MgO3SKydN6jE In this part of the series, we move beyond design and into how an integrated management system actually operates in practice. The focus shifts to: Clause 8 (Operations) – how controls are executed across security, privacy, and AI Clause 9 (Performance Evaluation) – how monitoring, audit, and assurance come together 🔍 What this video covers ✔️ How to operate once across multiple domains ✔️ The difference between integration vs separation in operations ✔️ What a unified control looks like in practice (with real examples) ✔️ How to design a single, risk-based audit programme ✔️ The difference between audit and assurance ✔️ What integrated assurance really means ✔️ How monitoring, audit, and risk link together into one assurance view 🧠 Key insight An integrated management system allows you to: Operate once Audit once Assure across multiple domains But integration does not remove complexity — it structures it. Controls may be shared, but they are still applied differently across: Security (ISO 27001) Privacy (ISO 27701) AI (ISO 42001) ⚙️ Why this matters Without integration: Operations become siloed Audits are duplicated Assurance is fragmented With integration: You gain clear visibility across all domains Reduce duplication and audit fatigue Strengthen governance and decision-making 🔗 Where this fits in the series This is Part 7 of the Integrated Management System series: Introduction Annex SL Clause Alignment Risk Controls & SoA Integration vs Separation Operations, Audit & Assurance (this video) 👉 Next: Part 8 – Integrated Management Reviews ⚠️ Disclaimer This content is based on my experience and interpretation of implementing and auditing integrated management systems across security, privacy, and AI. It is intended for learning and practical insight, not as formal certification guidance.