Integrated Information Management System
Align your management systems to realise their objectives
As organisations grow, the number of standards and management systems they must support grows with them. By unifying your management systems into an integrated whole, you reduce their overheads, complexity and competing priorities.
Vital Advisory offer an Integrated Information Management System service which can help you realise the benefits standards compliance was meant to bring
Challenges of Maintaining Information Management Systems
Whether through their desire to mature business processes or fulfil compliance obligations, organisations are increasingly challenged by the overheads of maintaining multiple management systems and retaining their certifications. The seemingly administrative task of managing document sets is complicated by the differing lenses – risk, cyber governance, information lifecycle, privacy, quality, etc. – through which different information management systems view the same core policies and processes.
Management System Obstacles
Our clients frequently describe near-future compliance requirements as the main driver in adoption of a management system. The close horizon for these projects often produces a management system which is insular and focused solely on a specific customer compliance requirement. Supporting broader business objectives can be an afterthought.
As the organisation grows, additional management systems are added, but the lack of communication and coordination between these systems results in duplication of processes and documentation, and confusion as to precedence and scope.
Systems are frequently developed and managed by separate business teams, resulting in increasingly costly fiefdoms which duplicate effort and inflate the costs of maintenance.
We have found that clients experience similar hurdles in operating multiple management systems and retaining their certifications:
+ Relinquishing certifications due to costs and complexity
+ Duplicated and conflicting documentation, processes and policies
+ Inflated audit costs and associated downtime
+ Management systems locked into organisational silos
+ Little appetite to adopt new standards due to existing overheads
+ Poor staff engagement due to a jigsaw of unconnected processes
+ Lack of clarity as to the capabilities each system governs
+ Focus is on keeping the plates spinning, rather than advancing
The lack of coordination across multiple systems, or the failure to future-proof a single system in an organisation wanting to expand, results in common pain points:
Duplication of effort, processes and documentation
Costs of repeated auditing of common process areas
Start-from-scratch approach to adopting new standards
Paradoxically, organisations can be overwhelmed by maintaining multiple systems when their purpose is to improve business operations, quality and security. The upside from bringing systems into harmony with each other, and with your business practice, is to realise expected business outcomes. An Integrated Infomation Management Systems offers outcomes greater than the sum of its parts:
Processes and policies are synchronised across business systems
Administration and audit costs are reduced
Staff understand and can utilise the collected system toolsets
Vital Advisory’s Approach
Integrated Information Management System
To address the difficulties in maintaining a suite of management systems and then stretching to adopt further standards, we recommend an Integrated Information Management System (IIMS), which synchronises all your activities.
Firstly we work with you to understand your business and its objectives. Once this context is analysed, we review your system suite to identify:
+ Existing capabilities
+ Common processes
+ Duplicated policies and documentation
+ How staff resources are applied to system maintenance
+ Existing audit structures
+ Current benefit realisation
A core component of our Integrate Management System approach is a Capability Framework. The capabilities framework maps and details the business functions in each system: processes, controls, services, knowledge sets. This then becomes the common reference point for each management system to describe key functions.
Paired with the Capability Framework is a Maturity Model. This provides an at-a-glance assessment for each capability of its:
+ Implementation status
+ Calculated maturity level
The maturity model provides management with an easy to understand view of the strengths and weaknesses in your business processes and controls. This simplifies decision making on where to invest resources to strengthen your business.
Best Practise Foundations
Vital Advisory’s IIMS, capability framework and Maturity Model have been developed in alignment with aligned with best practise models, such as ISACA’s COBIT model, to ensure that effective governance structures are in place, regardless of the business line you are in.
Connecting management systems into an integrated whole is only part of the support Vital Advisory can bring to your information governance approach. We offer a number of supporting services to assist in implementation, review and preparation for certification:
We provide internal audit services for multiple standards. Our audit personnel have a combined experience measured in decades.
We have extensive training options to ensure your staff fully understand the aims and mechanisms of your management systems.
Business Benefits Realisation
A fully realised Integrated Management System brings significant ongoing benefits to its organisation:
+ streamline existing management system operations
+ simplify and accelerate the adoption of new standards
+ cost reductions from merging common systems, processes and standards
+ greater maturity in existing management systems and processes
+ reduce audit costs by assessing shared components once only
+ centralise system administration out of departmental silos
+ provide a wholistic view of management system activity
Feedback from clients of our IIMS service reported benefits across multiple audiences:
Executive and Senior Management
An Integrated Information Management System, combined with a Capabilities Framework and Maturity Model, provides easy assessment of:
+ the status of controls and capabilities
+ weaknesses in implementation and effectiveness
+ potential failure points in compliance
+ where to focus resources and investment
+ blindspots in your capabilities mix
Information Security and IT Operations
The IIMS, Capabilities Framework and Maturity Model help information security and IT initiatives by:
+ mapping the status of control and capability initiatives
+ ensuring uniform application of policies and processes across the organisation
+ documenting control suites for certification support
+ simplifying and minimising audits
Managers and frontline staff can benefit from:
+ a single source of truth for policy and process documentation
+ clarity on how certifications and management systems relate to their roles
+ removal of duplicated, out-of-date and conflicting policy and process
Client Base and Partners
The true aim of any management system is the improvement of products and services delivered to clients. Clients, customers and partners can expect:
+ improved data protection
+ easier paths to new service contracts
Regulators and Auditors
In interactions with regulators and auditors, the IIMS will provide:
+ clear documentary evidence of compliance
+ a smaller, hierarchal documentation set
+ common process areas need only be audited once
Supported ISO Standards
An Integrated Information Management System can be built to accomodate many different standards (talk to us about your requirements), but is easily applied to standards based upon MSS (Type A), following Annex SL. A selection of the primary candidate standards follows:
ISO 27001 - Information security management systems
The international standard for the governance of information security and cyber security initiatives.
ISO 27701 - Privacy Information Management
ISO 9001 - Quality Management Systems
ISO 20000-1 - Information technology - Service management
Provides guidance for policies and processes for connected information security and quality management standards.
ISO 22301 - Business continuity management systems
ISO 31000 - RiskManagement
ISO 38500 - Information Technology - Governance
ISO 24143 - Information and documentation - Information Governance
Examples of further ISO standards which are candidates to be included within an IIMS are:
ISO 14001 - Environmental management systems
Governance standard for environmental protections management, for use by organisations seeking to manage environmental responsibilities in a systematic manner.
ISO 45001 - Occupational health and safety management systems
ISO 55001 - Asset management - Management systems