Product & Regulatory

IMS — one system, three certifications.

A single integrated management system that satisfies ISO 9001, ISO 14001, and ISO 45001 — documentation, audit, and management review conducted once, certified three times.

Request a readiness assessment Our approach

What it is

A single management system that satisfies multiple standards.

An Integrated Management System (IMS) is not a separate standard. It is a way of implementing two or more management-system standards as one system rather than as parallel silos. The harmonised high-level structure shared by ISO 9001, ISO 14001, ISO 45001, ISO 27001, ISO 22301, and other modern management-system standards is designed to enable this integration.

Done well, an IMS means one policy set, one risk and opportunities register, one documented information architecture, one internal audit programme, one management review, and one corrective-action discipline — covering quality, environment, health and safety, and any other standards in scope. Done badly, it is three parallel systems bolted together with a single cover page. The difference is engineering, not paperwork.

Who needs it

Organisations pursuing two or more management-system standards — now or shortly.

Manufacturers and EPC contractors pursuing the classical 9001/14001/45001 trio; technology firms adding ISO 22301 or ISO 20000-1 to an existing ISO 27001 ISMS; food businesses running ISO 9001 alongside ISO 22000 and FSSC; and operations-intensive service firms looking at 9001 plus 14001 plus 45001 as a procurement ticket. The economics of an IMS tip decisively in its favour from the second standard onwards.

Benefits

What a well-built BIFMA system earns you.

Single management review.

One meeting covering quality, environment, and safety — led by the senior leadership team — rather than three half-attended reviews per year.

Consolidated internal audit.

A combined audit programme that audits once, tests against three standards, and produces a single set of findings to be addressed by process owners.

Lower certification cost.

Combined Stage 1 and Stage 2 audits with a single certification body reduce audit days materially compared with three parallel certifications.

Unified risk and opportunities.

Risk assessments address quality, environmental, and OH&S risks together, revealing interdependencies that single-standard systems miss.

Clearer ownership.

Process owners accept a single process control covering all three dimensions. Siloed QA/EHS teams often find this is the largest cultural change of the programme.

Documentation reduction.

One procedure per process rather than three near-identical variants. Document control, a classic IMS failure mode, becomes manageable.

Requirements, in outline

What the standard actually asks of you.

An IMS satisfies the full requirements of each standard in scope. There is no concession from "integration" — auditors assess the system against each standard's requirements in turn, but are entitled to a single coherent system.

Practically, this means one context-of-the-organisation analysis addressing quality, environmental, and OH&S interested parties; one leadership policy integrating the three (or three policies with a single integrated governance structure); one risk and opportunity register covering all three domains with proper identification of whose risk each item is; operational controls that explicitly address the relevant dimensions of the activity they control; and performance evaluation, internal audit, and management review structured around integrated scope. The harmonised high-level structure makes all of this straightforward; the failure mode in most unaided IMS programmes is producing three parallel systems with the labels changed.

Our approach

Five stages, from discovery to certificate.

Scope & architecture

Agree the standards in scope, the organisational scope, and the architecture of the IMS — document hierarchy, process ownership, and integration of context, risk, and audit.

Integrated documentation

Single policy set, one risk register spanning quality/environment/safety, one documented information structure. We design to collapse overlap rather than duplicate it.

Process-owner implementation

Process owners accept controls covering all dimensions of their process. Training and workshops focus on ownership transfer, not siloed compliance.

Integrated audit & review

A unified internal audit programme, a single management review, and integrated corrective-action discipline. Designed to operate as the default rhythm, not as a compliance overlay.

Combined certification audit

Stage 1 and Stage 2 audits conducted as a combined audit, typically by a single certification body with auditors competent across the standards. Single certificate with multiple standards listed, or parallel certificates as the client prefers.

Timeline & investment

Honest ranges, not placeholder pricing.

An organisation already certified to one of the three standards typically reaches combined IMS certification in twelve to eighteen weeks. Organisations pursuing all three from scratch typically run to five to seven months — a materially shorter timeline than sequential certifications would require.

Fees depend on organisational scope, site count, and the standards in scope. Certification body fees for combined audits are typically twenty to thirty percent lower than three separate audits. We quote after the gap analysis once the organisational scope is set.

Frequently asked

Questions we answer on most BIFMA calls.

Yes. We regularly build IMS programmes that add ISO 27001, ISO 22301, ISO 20000-1, or ISO 50001 to the classical trio. The harmonised high-level structure supports integration across any of the management-system standards.

Either, depending on certification body practice and your preference. Most clients take a single combined certificate listing the standards in scope; some prefer separate certificates because certain customers expect to see a named 9001 or 14001 certificate. Either is available.

Usually yes. Adding 14001 and 45001 to an existing 9001 system is a natural moment to re-architect the system as an IMS — the marginal cost is substantially lower than setting up two parallel new systems.

The IMS stays intact. Removing a standard from scope is an administrative change with the certification body; the underlying integrated system continues to run. The reverse — adding a standard later — is equally straightforward.

Possibly, but the question misdirects. The IMS should be owned by the business, not by a compliance function. Integration reduces parallel administrative burden; it does not reduce the domain expertise required across the three disciplines.

Related services

Get a readiness assessment for an integrated management system.

Half a day with a senior consultant, a clause-level gap report, and a candid timeline. No commitment beyond the assessment itself.

Request assessment