The purpose of this paper is to examine the means by which one UK local authority obtained certification of its Bereavement Service against ISO9001, ISO14001, and ISO27001. It aims to explain the processes that were followed, highlight the problems that were encountered, and show how these were overcome.
The paper adopts a case study approach. The case study emerged from a broader grounded theory study which is outside the scope of this paper.
This paper demonstrates that ISO27001 can be fully integrated into a single management system with ISO9001 and ISO14001, and also illustrates that the various standards can be applied more flexibly than is often thought.
This study will be of significant benefit to bereavement professionals because it offers advice and guidance on addressing pitfalls that may be encountered when bereavement services wish to seek certification against international standards. It will also benefit quality, environmental, and information security professionals because it shows, in a practical way, how the three standards can be fully integrated.
The integration of ISO27001 into a comprehensive management system is an area which has previously been under‐researched. Furthermore, this paper takes an original perspective to information security, arguing that ISO27001 can be applied beyond an ICT environment, and this is demonstrated by considering the standard in the context of bereavement services.
CitationDownload as .RIS
Emerald Group Publishing Limited
Copyright © 2013, Emerald Group Publishing Limited