Integrated Information Management System

Align your management systems to realise their objectives

As organisations grow, the number of standards and management systems they must support grows with them. By unifying your management systems into an integrated whole, you reduce their overheads, complexity and competing priorities.

Vital Advisory offer an Integrated Information Management System service which can help you realise the benefits standards compliance was meant to bring

Challenges of Maintaining Information Management Systems

Whether through their desire to mature business processes or fulfil compliance obligations, organisations are increasingly challenged by the overheads of maintaining multiple management systems and retaining their certifications. The seemingly administrative task of managing document sets is complicated by the differing lenses – risk, cyber governance, information lifecycle, privacy, quality, etc. – through which different information management systems view the same core policies and processes.

Management System Obstacles

Our clients frequently describe near-future compliance requirements as the main driver in adoption of a management system. The close horizon for these projects often produces a management system which is insular and focused solely on a specific customer compliance requirement. Supporting broader business objectives can be an afterthought.

As the organisation grows, additional management systems are added, but the lack of communication and coordination between these systems results in duplication of processes and documentation, and confusion as to precedence and scope.

Systems are frequently developed and managed by separate business teams, resulting in increasingly costly fiefdoms which duplicate effort and inflate the costs of maintenance.

Common Challenges

We have found that clients experience similar hurdles in operating multiple management systems and retaining their certifications:
+ Relinquishing certifications due to costs and complexity
+ Duplicated and conflicting documentation, processes and policies
+ Inflated audit costs and associated downtime
+ Management systems locked into organisational silos
+ Little appetite to adopt new standards due to existing overheads
+ Poor staff engagement due to a jigsaw of unconnected processes
+ Lack of clarity as to the capabilities each system governs
+ Focus is on keeping the plates spinning, rather than advancing

Pain Points

The lack of coordination across multiple systems, or the failure to future-proof a single system in an organisation wanting to expand, results in common pain points:

Duplication of effort, processes and documentation

Costs of repeated auditing of common process areas

Start-from-scratch approach to adopting new standards

Unrealised Opportunities

Paradoxically, organisations can be overwhelmed by maintaining multiple systems when their purpose is to improve business operations, quality and security. The upside from bringing systems into harmony with each other, and with your business practice, is to realise expected business outcomes. An Integrated Infomation Management Systems offers outcomes greater than the sum of its parts:

Processes and policies are synchronised across business systems

Administration and audit costs are reduced

Staff understand and can utilise the collected system toolsets

Vital Advisory’s Approach

Integrated Information Management System

To address the difficulties in maintaining a suite of management systems and then stretching to adopt further standards, we recommend an Integrated Information Management System (IIMS), which synchronises all your activities.

Firstly we work with you to understand your business and its objectives. Once this context is analysed, we review your system suite to identify:
+ Existing capabilities
+ Common processes
+ Duplicated policies and documentation
+ How staff resources are applied to system maintenance
+ Existing audit structures
+ Current benefit realisation

Capability Framework

A core component of our Integrate Management System approach is a Capability Framework. The capabilities framework maps and details the business functions in each system: processes, controls, services, knowledge sets. This then becomes the common reference point for each management system to describe key functions.

Maturity Model

Paired with the Capability Framework is a Maturity Model. This provides an at-a-glance assessment for each capability of its:
+ Implementation status
+ Efficiency
+ Effectiveness
+ Calculated maturity level

The maturity model provides management with an easy to understand view of the strengths and weaknesses in your business processes and controls. This simplifies decision making on where to invest resources to strengthen your business.

Best Practise Foundations

Vital Advisory’s IIMS, capability framework and Maturity Model have been developed in alignment with  aligned with best practise models, such as ISACA’s COBIT model, to ensure that effective governance structures are in place, regardless of the business line you are in.

Supporting Services

Connecting management systems into an integrated whole is only part of the support Vital Advisory can bring to your information governance approach. We offer a number of supporting services to assist in implementation, review and preparation for certification:

Framework implementations for ISO standards like 27001, 27701 9001, as well as other standards like CPS 234 and the VPDSF.

We provide internal audit services for multiple standards. Our audit personnel have a combined experience measured in decades.

We have extensive training options to ensure your staff fully understand the aims and mechanisms of your management systems.

Realised Outcomes

Business Benefits Realisation

A fully realised Integrated Management System brings significant ongoing benefits to its organisation:
+ streamline existing management system operations
+ simplify and accelerate the adoption of new standards
+ cost reductions from merging common systems, processes and standards
+ greater maturity in existing management systems and processes
+ reduce audit costs by assessing shared components once only
+ centralise system administration out of departmental silos
+ provide a wholistic view of management system activity

Feedback from clients of our IIMS service reported benefits across multiple audiences:

Executive and Senior Management

An Integrated Information Management System, combined with a Capabilities Framework and Maturity Model, provides easy assessment of:
+ the status of controls and capabilities
+ weaknesses in implementation and effectiveness
+ potential failure points in compliance
+ where to focus resources and investment
+ blindspots in your capabilities mix

Information Security and IT Operations

The IIMS, Capabilities Framework and Maturity Model help information security and IT initiatives by:
+ mapping the status of control and capability initiatives
+ ensuring uniform application of policies and processes across the organisation
+ documenting control suites for certification support
+ simplifying and minimising audits

Business Teams

Managers and frontline staff can benefit from:
+ a single source of truth for policy and process documentation
+ clarity on how certifications and management systems relate to their roles
+ removal of duplicated, out-of-date and conflicting policy and process

Client Base and Partners

The true aim of any management system is the improvement of products and services delivered to clients. Clients, customers and partners can expect:
+ improved data protection
+ easier paths to new service contracts

Regulators and Auditors

In interactions with regulators and auditors, the IIMS will provide:
+ clear documentary evidence of compliance
+ a smaller, hierarchal documentation set
+ common process areas need only be audited once

Supported ISO Standards

An Integrated Information Management System can be built to accomodate many different standards (talk to us about your requirements), but is easily applied to standards based upon MSS (Type A), following Annex SL. A selection of the primary candidate standards follows:

  • The international standard for the governance of information security and cyber security initiatives.

  • Provides guidance for policies and processes for connected information security and quality management standards.

Examples of further ISO standards which are candidates to be included within an IIMS are:

  • Governance standard for environmental protections management, for use by organisations seeking to manage environmental responsibilities in a systematic manner.


To discuss how Vital Advisory can assist with an Integrated Information Management System, phone +61 420 978 258.