Most articles on integrated management systems read like they were written by someone who's never actually audited one. I've spent years auditing companies with integrated management systems—some brilliant, most mediocre, and a few that were absolute disasters masquerading as efficiency gains.
On this page
Here's what integrated management systems actually are, when they make sense, and the mistakes I see businesses make when implementing them.
What Is an Integrated Management System?
An integrated management system (IMS) combines multiple ISO management standards into a single framework instead of running them as separate systems.
Rather than maintaining ISO 9001 for quality, ISO 14001 for environmental, and ISO 45001 for safety as three distinct systems, you merge the common elements such as policies, procedures, audits, management reviews into one cohesive structure.
The concept isn't complicated. Most ISO standards now follow the same high-level harmonised structure (Annex SL), which means they share identical clause structures and many common requirements.
An IMS capitalises on this overlap to eliminate duplication.
But here's the thing nobody mentions: just because you can integrate systems doesn't mean you should.
When Integrated Management Systems Actually Make Sense
I've audited over 500 organisations with various system configurations. The businesses that benefit most from IMS share specific characteristics.
You're already certified to one or more standards. Starting from scratch with a fully integrated system is painful. It's far easier to integrate when you've already got ISO 9001 in place and you're adding 14001 or 45001.
You understand how your first system works, where the documentation lives, and how audits flow.
You have overlapping responsibilities. If your quality manager also handles environmental and safety aspects (common in smaller businesses), an IMS eliminates the administrative nightmare of maintaining three separate policy documents, conducting three separate management reviews, and preparing for three separate audits.
Your processes naturally cross boundaries. Manufacturing operations are a prime example. Your production process affects product quality (ISO 9001), generates environmental aspects (ISO 14001), and creates OHS hazards (ISO 45001).
Managing these through separate systems creates artificial divisions that don't reflect reality.
I audited a mid-sized metal fabricator last year that had this sorted brilliantly. Their work instruction for welding operations included quality specifications, environmental controls for fume extraction, and safety requirements for PPE—all in one document.
No duplicate procedures, no confusion about which system they were working under. Just one clear set of requirements for doing the job right.
The Standards That Actually Get Integrated
The most common combination is the "triple certification"—ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (occupational health and safety). These three standards align well because they use the same structure and many businesses need all three.
ISO 27001 (information security) also integrates reasonably well, though it requires more specialised knowledge.
ISO 50001 (energy management) fits naturally with environmental systems since energy consumption is typically your largest environmental aspect.
Beyond these, you can technically integrate any ISO management system standard as they all use the same high-level structure.
I've seen businesses integrate ISO 13485 for medical devices, AS9100 for aerospace, and even ISO 42001 for artificial intelligence management. Whether that integration adds value depends entirely on your business context.
What Integration Actually Looks Like
Let me walk you through what integration means in practice because there's massive confusion about this.
Integrated policies. Instead of three separate policy statements, you have one integrated policy covering quality, environmental, and OHS commitments.
It's typically longer than individual policies but shorter than three separate documents. More importantly, it forces management to think holistically about their commitments.
Combined procedures. Core procedures like document control, internal audits, management review, corrective action, and risk management become single procedures covering all standards.
You don't have three document control procedures—you have one procedure that meets the requirements of all three standards.
Unified audits. Internal audits cover all standards simultaneously. External certification audits can be combined, which reduces the total audit days (though not as much as some consultants claim).
Instead of three separate two-day audits, you might have one four-day integrated audit.
Single management review. Top management reviews all systems together, examining quality objectives, environmental performance, and safety metrics in one meeting.
This actually makes more sense than reviewing them separately because these issues are interconnected.
The Real Benefits (Not the Marketing Fluff)
Let's talk about actual benefits I've observed, not the recycled claims you'll find everywhere.
Less time wasted on duplicate tasks. This is the biggest genuine benefit. You conduct one internal audit instead of three. You have one management review instead of three.
You maintain one set of core procedures instead of three. For businesses with limited administrative resources, this matters.
Better decision-making visibility. When everything sits in one system, management can see the full picture. They're not optimising quality at the expense of safety or improving environmental performance while compromising product quality.
Integrated risk assessments show how changes in one area affect others.
Easier to maintain consistency. Three separate systems inevitably drift. One uses a specific document template, another uses something different.
One has corrective actions recorded in one format, another uses a different process. Integration forces consistency, which reduces errors and confusion.
Lower certification costs. This benefit exists but it's overstated. Yes, combined audits cost less than separate audits, but you don't save 66% just because you're combining three standards.
Expect savings of maybe 20-30% on certification costs. Better than nothing, but don't make financial decisions based solely on certification savings.
What Doesn't Work (And Why Consultants Won't Tell You)
I need to be honest about integration failures because nobody else seems willing to discuss them.
Integrating too early. The worst IMS implementations I've seen were businesses that tried to integrate while implementing their first standard.
They ended up with a confused mess that satisfied neither standard properly. Get your first system working smoothly before you think about integration.
Forcing integration where it doesn't fit. Some business functions genuinely benefit from separate treatment. I audited a pharmaceutical company where the quality team needed highly detailed procedures for GMP compliance while the environmental and safety systems could work with simpler documentation.
Forcing everything into identical formats created unnecessary complexity in their quality system.
Using integration to hide weak systems. Some businesses integrate because their individual systems are poorly maintained and they think combining them will reduce the scrutiny. It doesn't work. Auditors can still identify system weaknesses whether they're integrated or not.
Assuming integration means less work overall. Integration reduces duplicate administrative tasks. It doesn't reduce the actual work of meeting standard requirements.
You still need to conduct risk assessments, manage changes, train personnel, measure performance, and continually improve. Those requirements don't disappear because you've integrated.
Implementation: What Actually Needs to Happen
Here's the practical reality of implementing an integrated management system based on what I've seen work.
Start with gap analysis. If you're already certified to one or more standards, identify where requirements overlap and where they differ.
The common elements like context of the organisation, leadership commitment, planning, support resources, operation, performance evaluation, and improvement these integrate easily. The specific requirements... particular measurements, specific documentation needs, standard-specific terminology.. these need careful handling.
Integrate progressively. Don't try to integrate everything simultaneously. Start with the easiest elements—policies, core procedures, internal audits. Leave the complex operational procedures until later when you've figured out what works.
Maintain standard-specific elements where needed. Some requirements are genuinely unique to specific standards. ISO 9001 requires particular attention to customer property and external provider controls.
ISO 14001 needs specific focus on environmental aspects and life cycle thinking. ISO 45001 demands worker consultation and participation. Don't lose these specific requirements in your quest for integration.
Ensure competence across all standards. This is critical. Your internal auditors need to understand all integrated standards, not just their favourite one.
I've audited businesses where the internal auditor understood quality requirements brilliantly but had no clue about environmental legislation or safety hazards. That undermines the entire system.
I audited a construction company last year where this was handled perfectly. They had a core team of three internal auditors.
Each had deep expertise in one area (quality, environmental, or safety) but all were trained to a working knowledge level in the other two areas. They audited in pairs, ensuring both breadth and depth in every audit.
The Documents You Actually Need
There's enormous confusion about documentation for integrated systems. Here's what you actually need.
Integrated policy. One policy document covering all standards. Keep it to two pages maximum. Nobody reads long policies.
Integrated core procedures. Single procedures for document control, records management, internal audit, management review, corrective action, preventive action (if you're using OHSAS 18001 rather than ISO 45001), risk management, and change management. These procedures need to explicitly state which standard requirements they address.
Standard-specific procedures where necessary. You'll still need some procedures that are specific to individual standards.
Quality plans for ISO 9001, emergency response procedures for ISO 14001, incident investigation procedures for ISO 45001. That's fine. Integration doesn't mean everything must be identical.
Integrated IMS manual (optional). ISO standards no longer mandate a documented manual, but many businesses find it useful. An integrated manual describes how your IMS works and maps your processes to standard requirements across all integrated standards.
Combined risk register. One master risk register covering quality risks, environmental aspects, and OHS hazards. This is where integration provides genuine value—you can see how risks interact and prioritise resources accordingly.
Common Integration Mistakes I See Repeatedly
After auditing hundreds of these systems, certain mistakes appear repeatedly.
Creating an IMS on paper only. The documents claim everything is integrated but the reality is three separate systems operating independently. Integration must be operational, not just documentation.
Losing the standard-specific requirements. In the push to integrate, businesses sometimes lose sight of unique requirements from individual standards. ISO 45001's worker consultation requirements are not the same as ISO 9001's customer focus requirements. Both are essential.
Inadequate training. Staff who were trained only on ISO 9001 suddenly find themselves responsible for an integrated system covering environmental and safety aspects they don't understand. This creates confusion and increases non-conformances.
Poor change management. Moving from separate systems to an integrated system is a significant organisational change. Businesses underestimate the communication and training required to make this transition successfully.
Expecting integration to fix underlying problems. If your quality system was poorly managed, integrating it with environmental and safety systems won't magically improve it. Fix the fundamental system weaknesses first, then integrate.
The Certification Reality
Let me clear up some confusion about IMS certification because there's a lot of misinformation circulating.
There's no such thing as an IMS certificate. The certification body doesn't issue a single "integrated management system" certificate. You receive separate certificates for ISO 9001, ISO 14001, ISO 45001, or whichever standards you're certified against. What changes is the audit approach, not the certification outcome.
Integrated audits take less time than separate audits, but not dramatically less. If you're adding a second or third standard to your existing certification, expect the combined audit to be longer than your current audit but shorter than conducting completely separate audits.
The time saving comes from examining common elements (like management review) once rather than multiple times.
You can phase certification. Many businesses get certified to ISO 9001 first, integrate ISO 14001 into their system and get certified to that, then add ISO 45001 later. There's no requirement to certify all standards simultaneously. This phased approach often makes more practical sense.
Not all certification bodies handle integrated audits equally well. Some have excellent integrated audit processes with auditors competent across multiple standards.
Others send separate auditors for each standard who happen to be on site at the same time but don't actually conduct an integrated audit. Choose your certification body carefully.
When to Keep Systems Separate
Sometimes integration isn't the right answer. Here are situations where separate systems might make more sense.
You're in a highly regulated industry with prescriptive quality requirements. Pharmaceutical, medical device, aerospace, and automotive industries often have quality requirements that go far beyond ISO 9001. In these cases, the quality system might need to remain distinct from environmental and safety systems.
Different parts of your organisation have vastly different needs. If your manufacturing operations need tight integration between quality, environmental, and safety, but your office operations only need basic quality procedures, forcing a one-size-fits-all integrated system might create unnecessary complexity.
You have separate management for different system aspects. If your quality function reports to operations, environmental management reports to engineering, and safety reports to HR, with minimal overlap in responsibilities, integration might create more confusion than it solves.
Your organisation is going through significant change. If you're implementing your first management system, dealing with a major restructure, or navigating a merger or acquisition, adding the complexity of integration might not be wise. Get things stable first.
The Future: Where IMS Is Heading
Based on what I'm seeing in audits and discussions with certification bodies, several trends are emerging.
More standards being added to IMS scope. Businesses are increasingly integrating ISO 27001 (information security) alongside traditional quality, environmental, and safety standards.
ISO 42001 (artificial intelligence management systems) is starting to appear in some forward-thinking organisations.
Greater emphasis on risk-based thinking across all systems. The shift to risk-based thinking in ISO 9001:2015 has influenced how organisations approach integration. Integrated risk registers that capture quality, environmental, safety, security, and even AI risks are becoming common.
Digital tools enabling better integration. Software platforms designed specifically for integrated management systems make it easier to maintain cross-references, track integrated audits, and analyse performance across multiple standards.
This is making integration more practical for mid-sized businesses that previously found it too complex.
Increased stakeholder pressure for integrated thinking. Customers, investors, and regulators increasingly expect businesses to demonstrate how they manage quality, environmental impact, workplace safety, and information security in a coordinated way.
ESG (environmental, social, and governance) reporting requirements are accelerating this trend.
Is an Integrated Management System Right for Your Business?
Here's a straightforward assessment framework based on my audit experience.
You're probably a good candidate for IMS if:
- You're already certified to one ISO standard and adding another
- You have a small team managing multiple system aspects
- Your processes naturally cross quality, environmental, and safety boundaries
- You struggle with maintaining separate documentation for similar processes
- You want to reduce audit costs and administrative overhead
You should probably wait if:
- You're implementing your first management system
- Different standards have drastically different documentation needs in your industry
- You have separate teams with little overlap managing different aspects
- Your organisation is undergoing major change or restructuring
- You haven't fully established your first system yet
Integration might not suit you if:
- Your industry has prescriptive requirements that don't integrate well
- You operate in multiple jurisdictions with varying regulatory requirements
- You have a very large, complex organisation where integration creates more confusion than clarity
- Your certification bodies can't provide genuinely integrated audits
Final Thoughts
Integrated management systems can simplify your life if implemented thoughtfully for the right reasons in the right circumstances. They can also create complicated messes if forced onto organisations that aren't ready or don't actually benefit from integration.
The key is understanding that integration is a tool, not a goal. The goal is to manage your quality, environmental, safety, and other system aspects effectively. If integration helps achieve that goal, pursue it. If it doesn't, don't.
After auditing hundreds of these systems, the businesses that get it right share one characteristic: they focused on making their systems useful for running their business rather than just satisfying standard requirements.
The integrated management system emerged naturally from that focus.
FAQ: Integrated Management Systems
What is an integrated management system?
An integrated management system combines multiple ISO management standards (typically ISO 9001, ISO 14001, and ISO 45001) into a single framework rather than maintaining them as separate systems. It eliminates duplication by using common policies, procedures, and audit processes to meet the requirements of all integrated standards.
What are the benefits of an integrated management system?
The main benefits are reduced administrative overhead (one internal audit instead of three, one management review instead of three), better decision-making through holistic risk assessment, improved consistency across different system aspects, and lower certification costs. However, these benefits only materialise if integration suits your organisational structure and needs.
Which ISO standards can be integrated?
Any ISO management system standards can technically be integrated since they all use the same high-level structure (Annex SL). The most commonly integrated standards are ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (occupational health and safety), ISO 27001 (information security), and ISO 50001 (energy management).
How long does it take to implement an integrated management system?
Implementation time depends on your starting point. If you're already certified to one or more standards and adding others to create an IMS, expect 6-12 months for each additional standard. If you're building an integrated system from scratch with no existing certifications, allow 12-18 months for a dual system or 18-24 months for triple certification.
Do I get a single certificate for an integrated management system?
No. Certification bodies issue separate certificates for each standard (ISO 9001, ISO 14001, ISO 45001, etc.) even when audited as an integrated system. There is no single "IMS certificate." What changes is the audit approach, not the certification outcome.
Does an integrated audit cost less than separate audits?
Yes, but the savings aren't as dramatic as some consultants suggest. Combining audits eliminates duplication in examining common elements like management review and document control. Expect certification cost savings of 20-30% compared to completely separate audits, not the 50-66% some claim.
Can I integrate standards progressively or must I do them all at once?
You can absolutely integrate progressively. Many businesses get certified to ISO 9001 first, then add ISO 14001 and integrate it, then add ISO 45001 later. There's no requirement to certify all standards simultaneously. Phased implementation often makes more practical and financial sense.
What's the difference between IMS and QMS?
A QMS (quality management system) is a single system focused on quality management, typically conforming to ISO 9001. An IMS (integrated management system) combines multiple management systems—QMS plus environmental management (ISO 14001), safety management (ISO 45001), and potentially others—into one framework.
How do I know if my business needs an integrated management system?
Your business likely benefits from IMS if you're already certified to one ISO standard and adding another, you have overlapping responsibilities for different system aspects, your processes naturally cross quality/environmental/safety boundaries, or you struggle with duplicate documentation. Wait if you're implementing your first system, undergoing major change, or have very separate teams managing different aspects.
What are the most common mistakes businesses make with IMS?
The most frequent mistakes are integrating too early (before the first system is stable), forcing integration where it doesn't fit, using integration to hide weak underlying systems, inadequate training on integrated requirements, and expecting integration to reduce the actual work of meeting standard requirements (it only reduces administrative duplication).
Need help finding verified ISO consultants for your integrated management system? CertBetter connects you with background-checked, insurance-verified consultants experienced in IMS implementation. Get quotes from multiple consultants, compare approaches, and choose the expertise that matches your integration needs.
