Integrated audits and combined audit for organisations that want to be demonstrably compliant
A combined audit brings together several standards — such as ISO 27001, ISO 9001, ISO 27701 and NEN 7510 — within a single integrated audit schedule. Because these standards share the same management system structure, an integrated approach avoids duplicate interviews, duplicate document requests and fragmentation. You receive one coherent findings report and one improvement plan, with less burden on your organisation. This way, you move from separate certificates to one demonstrably working, integrated management system.
What is a combined audit?
A combined audit (integrated audit) assesses several standards at the same time within a single audit programme. The shared elements — context, risks, document management, internal audit, management review and improvement — are assessed once rather than separately for each standard.
Who is it for?
For organisations with multiple management systems, for example ISO 27001 + ISO 9001, or ISO 27701 and NEN 7510 in healthcare.
Benefits
- Fewer duplicate interviews and requests.
- One coherent report and improvement plan.
- Lower burden on staff.
- Better alignment between standards.
Our approach
- Determine the standards matrix and overlap.
- Draw up one integrated audit programme.
- Combined interviews & sampling.
- One findings report.
- Integrated improvement plan and follow-up.
ISO — management system standards (official source).
Frequently asked questions
Short, direct answers — written for people and for AI search features alike.
A combined audit, also known as an integrated audit, is an audit in which several standards are assessed at the same time within a single audit programme. Because standards such as ISO 27001, ISO 9001 and ISO 27701 share the same management system structure, common elements are assessed only once. This saves time, avoids duplicate work and provides one coherent picture of your organisation.
In practice, ISO 27001 (information security), ISO 9001 (quality), ISO 27701 (privacy) and NEN 7510 (healthcare) are often combined. Because all of these standards are based on the same High Level Structure, they align well in terms of structure and requirements and lend themselves perfectly to an integrated approach.
The main benefits are efficiency and coherence. You have fewer duplicate interviews and document requests, one schedule, one audit team and one report. This reduces the burden on your staff and the costs, and it ensures that the various management systems reinforce one another rather than existing side by side.
Yes, usually it does. Because common elements are assessed only once and the audit takes place within a single schedule, the total audit burden is lower than with separate audits per standard. You also save time internally because staff are not interviewed several times about similar topics.
An integrated management system combines the requirements of several standards into one coherent system, with shared policy, shared processes and a single set of documents. Instead of separate systems for quality, information security and privacy, you manage everything from one structure. This makes management simpler and audits more efficient.
Start with a standards matrix that shows where the requirements of the various standards overlap and where they differ. Ensure shared policy and a single set of core documents. Plan internal audits and the management review in an integrated way. A gap analysis across all the standards involved gives you a realistic picture of what still needs to be done.
Yes. Because the foundation is already in place — context, risk management, document management, internal audit and management review — adding an extra standard is often relatively limited in terms of additional work. You extend the existing integrated system with the specific additional requirements of the new standard.
One audit for several standards?
Schedule a scan and discover how much time and money a combined audit saves you.
