A
amelbel
hello everyone, our society already has an IMS which whitch contains a Quality Management System, Environmental Management System and Health and safety management system all three listed in a statement which defines the objectif of the IMS. The society wants to be ISO 27001 certified and so they published a policy for the SMSI implementation and setting its objectives. What I want to know is must we create a new management system for the information security or just integrate it with the other MS. I want to know so I can figure out where to put the IS process in the support process or the management process. Also I want to know who is responsible of the audit is it the quality auditors or must it be security professionnels