What is the difference between ISO 9001 and ISO 27001?

ISO 9001 and ISO 27001 are both management systems that follow Annex SL and focus on continual improvement. They can be applied to organisations of all sizes. ISO 9001:2015 focuses on improving quality within an organisation whilst ISO 27001 focuses on information security.  The standard, or standards, implemented within an organisation will depend on the aims of the company. For example, an e-commerce organisation may wish to implement ISO 9001 to assist with enhancing customer satisfaction and implement ISO 27001 to identify and manage risks relating to customer data.

ISO 9001 specifies the requirements for a quality management system (QMS). The standard focuses on consistently providing products and services which meet customer requirements and comply with the relevant regulatory requirements. In addition, the standard focuses on the continual improvement of the management system and aims to improve customer satisfaction, for example through obtaining customer feedback is obtained.

ISO 27001 specifics the requirements for an information security management system (ISMS). The standard focuses on establishing, implementing, maintaining and continually improving the security management system. ISO 27001 is designed to assist the organisation to manage risks relating to information security, in turn providing confidence to interested parties that risks are managed. The standard considers risks relating to information security such as mobile devices, the disposal of media and network access.

Copies of ISO 27001 and ISO 9001 are available to purchase online at the ISO Store.

We offer ISO 9001 and ISO 27001 training courses, including CQI and IRCA Lead Auditor training courses.