Mapping ISO 9001 with Key IMS Standards: A Practical Reference Table"
Clause No. Sub-Clause Requirement Description ISO 9001:2015 (QMS) ISO 14001:2015 (EMS) ISO 45001:2018 (OH&SMS) ISO 27001:2022 (ISMS) ISO 41001:2018 (FMS) ISO 55001:2014 (AMS) ISO 31000:2018 (RM)*
Specifies QMS Environmental
Information security for
requirements for management for OH&S risk prevention and Facility performance, Asset value realization Framework for managing
1 1 Scope confidentiality, integrity,
consistent environmental worker safety efficiency, and value and lifecycle control risk applicable to all orgs
availability
product/service quality performance
ISO 9000:2015 (Terms & ISO 45001 only; references ISO 41011 (Facility Mgmt ISO 55000 (Overview, ISO Guide 73:2009 for
2 2 Normative References ISO 14050:2009 ISO/IEC 27000 series
definitions) ISO/IEC Guide 83 Vocabulary) principles, vocabulary) terms
Within the standard; refers to ISO/IEC 27000 provides ISO 41011 defines FM ISO 55000 provides ISO Guide 73 provides risk
3 3 Terms and Definitions Defined in ISO 9000 Included in ISO 14050
general ISO terms terminology terms definitions terms
Analyze internal & Understand
Understanding the Consider OH&S context Identify ISMS relevant Define FM organizational Analyze internal/external Define context to
4 4.1 external factors environmental
organization & context including legal, cultural issues context factors for asset mgmt manage risk effectively
impacting QMS conditions
Identify interested
Needs & expectations of Stakeholder Workers and other interested Stakeholders like clients, Users, clients, service Stakeholders impacting Understand stakeholders
4.2 parties and their QMS
stakeholders environmental concerns parties regulators providers asset value to manage uncertainty
needs
Determining the scope of Define boundaries and Risk scope definition for
4.3 Boundaries of EMS Boundaries for OH&SMS Scope of ISMS coverage Scope for FM activities Asset system boundaries
the system applicability of QMS organizational context
Establish, implement,
Asset management Define structured risk
4.4 System and processes maintain, and improve Same approach for EMS Same for OH&SMS Define ISMS processes FM system management
system implementation management system
QMS
Top management Focused on leadership Management responsible Senior management Asset management Leadership integrates risk
5 5.1 Leadership & commitment Same for EMS
accountability for QMS commitment to OH&S culture for ISMS drives FM system policy commitment into decision-making
Quality policy aligned OH&S policy with hierarchy of Information security Asset management Risk management policy
5.2 Policy Environmental policy FM policy objectives
with strategic direction controls policy policy principles
Same with
Organizational roles & Roles, responsibilities, Worker participation Security responsibilities Define risk roles and
5.3 environmental Roles in FM execution Asset roles clarified
responsibilities authorities defined emphasized assigned responsibilities
responsibilities
Actions to address risks & Risk-based thinking for Identify environmental Assess OH&S risks, legal Risk assessment and FM risks to service Asset-related risk Core principle of risk
6 6.1
opportunities process effectiveness risks & opportunities compliance treatment planning delivery identification management framework
Objectives and planning to Quality objectives with InfoSec objectives & FM objectives aligned Objectives to improve Objectives derived from
6.2 Environmental objectives OH&S performance objectives
achieve them metrics measurement with business needs asset performance risk context
Changes managed to Environmental change Change control in OH&S Change management of Asset-related changes Adaptation planning for
6.3 Planning of changes FM service change plans
preserve QMS integrity planning systems ISMS controls managed emerging risks
Determine and provide Resources for improving
Resources for OH&S hazard Resources for ISMS Resources for FM Resources for asset Resources needed for risk
7 7.1 Resources resources to implement environmental
controls operation activities management management
QMS performance
Ensure competence of
Environmental Competence to perform Competence for InfoSec FM staff training and Competence for asset Training to build risk
7.2 Competence personnel performing
competence training OH&S activities roles certification managers capability
tasks
Employees aware of
Awareness of Awareness of OH&S hazards Awareness of ISMS Awareness of FM goals Awareness of asset Awareness of risk and
7.3 Awareness QMS relevance and
environmental impacts and controls policies and procedures and services management policies responsibilities
importance
� Internal and external
Communication of ISMS internal and external Communication Communication with Communication of risk
7.4 Communication communication Communication of OH&S risks
environmental info communications framework in FM asset stakeholders context and strategies
management
Documented asset Maintain documentation
Control documented Document control for Documented procedures and Control of ISMS Documentation of FM
7.5 Documented Information management of risk management
information for QMS EMS records for OH&S documented information processes
information processes
Operational Planning and Plan and control QMS Controls for FM service delivery Asset lifecycle
8 8.1 OH&S operational controls ISMS security controls Operational risk controls
Control processes environmental aspects controls management planning
Requirements for products Determine customer
8.2 — — — — — —
and services requirements
Control product/service
Environmental design FM system design and Asset management
8.3 Design and Development design and Design impacting OH&S Security by design —
considerations delivery design
development
Control of externally Supplier evaluation and Supplier environmental Supplier security Supplier management Supplier-related risk
8.4 Supplier OH&S criteria Outsourcing FM activities
provided processes control criteria assessment for assets management
Production and Service Controlled conditions for Control to reduce Secure service/data
8.5 Safe execution of OH&S tasks FM service delivery Asset service execution —
Provision production and services environmental impact provision
Release of products and FM performance
Verify product/service Control environmental Incident management and Security incident
8.6-8.7 control of nonconforming evaluation and Asset corrective actions Control of risk events
conformity release parameters control response
outputs correction
Monitor risk
Monitoring, Measurement, Monitor and measure Environmental OH&S performance Monitor security controls FM performance
9 9.1 Asset management KPIs management
Analysis, and Evaluation QMS performance performance monitoring monitoring and events monitoring
effectiveness
Conduct internal audits Asset management Audits to evaluate risk
9.2 Internal Audit Internal EMS audits OH&S audit programs ISMS internal audits FM system audits
to verify QMS conformity audits management processes
Top management
Management reviews of Management review of Asset management Risk management
9.3 Management Review reviews QMS OH&S system review FM leadership review
EMS ISMS strategic review framework review
effectiveness
Identify, control, and Security breach
Nonconformity and Correct environmental Incident investigation and Asset-related corrective Corrective actions to
10 10.1 correct QMS correction and FM incident resolution
Corrective Action incidents corrective action measures mitigate risks
nonconformities prevention
Improve QMS
Environmental continual OH&S performance and Improve ISMS Asset management Risk framework maturity
10.2 Continual Improvement effectiveness FM service improvement
improvement culture improvement effectiveness optimization and learning
continually
