DraftInternalISO 9001ISO 14001ISO 27001

SW-IMS-MAN-001

IMS Manual - Introduction and Overview

Version

1.0

Owner

CEO

Effective Date

TBD

Review Date

TBD

IMS Manual - Introduction and Overview

Document Information

Document ID: SW-IMS-MAN-001
Version: 1.0
Status: Draft
Effective Date: [TBD]
Review Date: [TBD]
Owner: CEO
Approved by: [TBD]

1. Purpose of the IMS Manual

This Integrated Management System (IMS) Manual describes Swedwise AB's management system for quality, environmental management, and information security. It serves as the top-level document that:

1.1 Demonstrates Commitment

The manual demonstrates Swedwise's commitment to:

Quality Excellence: Consistently delivering high-quality products and services (ISO 9001:2015)
Environmental Responsibility: Protecting the environment and preventing pollution (ISO 14001:2015)
Information Security: Safeguarding information assets and ensuring confidentiality, integrity, and availability (ISO 27001:2022)

1.2 Provides Framework

The manual provides a framework for:

Understanding Swedwise's organizational context and stakeholder needs
Defining leadership roles and management commitment
Establishing integrated processes across quality, environmental, and security disciplines
Setting objectives and planning to achieve them
Implementing controls and operational processes
Monitoring performance and demonstrating compliance
Driving continuous improvement

1.3 Supports Certification

This manual supports Swedwise's pursuit of ISO certification:

ISO 9001:2015 - Quality Management System
ISO 14001:2015 - Environmental Management System
ISO 27001:2022 - Information Security Management System

1.4 Guides Implementation

The manual guides all Swedwise employees in understanding and implementing the IMS, clarifying:

What the IMS covers (scope and boundaries)
How processes work together
Who is responsible for what
Where to find detailed procedures and guidelines
How to contribute to system effectiveness

2. Scope of the IMS

2.1 Organizational Scope

The IMS applies to:

All Employees:

Full-time staff (~35 employees)
Contractors and consultants
Temporary staff
Remote workers

All Locations:

Karlstad (Head Office)
Stockholm office
Uddevalla office
Remote work locations (employee homes)
Customer sites (where consultants work)

All Organizational Units:

Customer Acquisition (sales and business development)
Customer Development (account management)
Customer Success (delivery, support, onboarding)
Resource Management (staffing, training coordination)
Discipline Forums (technical expertise areas)
PMO (Project Management Office)
Management Team (strategic leadership)
Support Functions (finance, HR, IT, administration)

2.2 Products and Services Scope

The IMS covers all Swedwise's products and services:

Software Licensing:

OpenText product licenses
Salesforce licenses
Other business-critical software platforms

Consulting and Implementation:

Requirements analysis and solution design
System implementation and configuration
Integration services
Custom development
Migration and upgrade projects
Change management and training

SaaS Services:

Swedwise Communications (OpenText Exstream + Notifications)
- Document generation and personalization
- Multi-channel communications (email, SMS, print, web)
- High-volume transactional communications
- Notifications and alerts
- Hosted on Swedish infrastructure (Entiros data center)
- Multi-tenant SaaS platform on Kubernetes

Support and Maintenance:

Technical support (L1, L2, L3)
Incident management
Problem resolution
Service Level Agreement (SLA) management
Proactive monitoring and maintenance
Software updates and patches

2.3 Management System Scope

The IMS integrates three management systems:

Quality Management System (QMS) - ISO 9001:2015:

Focus: Customer satisfaction, service quality, process effectiveness
Applies to: All products and services
Key outcomes: On-time delivery, defect reduction, customer satisfaction

Environmental Management System (EMS) - ISO 14001:2015:

Focus: Environmental impact reduction, sustainability, compliance
Applies to: Office operations, travel, IT infrastructure, service delivery
Key outcomes: Reduced carbon footprint, responsible resource use, environmental compliance

Information Security Management System (ISMS) - ISO 27001:2022:

Focus: Confidentiality, integrity, availability of information assets
Applies to: All information systems, customer data, intellectual property
Key outcomes: Zero material security breaches, GDPR compliance, secure SaaS operations

2.4 Physical and Technological Boundaries

Physical Boundaries:

Office facilities in Sweden (Karlstad, Stockholm, Uddevalla)
Data center facilities (Entiros, Sweden - for SaaS platform)
Remote work environments (controlled through policies)

Technological Boundaries:

Corporate IT infrastructure (laptops, servers, networks, cloud services)
SaaS platform (Kubernetes, OpenText Exstream, notification services)
Development and test environments
Customer-facing systems and integrations
Data storage and backup systems

2.5 Exclusions

No exclusions are currently claimed from ISO 9001, ISO 14001, or ISO 27001 requirements.

If exclusions are identified in the future:

They must be justified based on organizational context
They cannot affect Swedwise's ability to deliver conforming products/services
They cannot absolve Swedwise from meeting customer or legal requirements
They must be approved by management and documented in this manual

3. How to Use This Manual

3.1 Manual Structure

The IMS Manual is organized following the ISO high-level structure (Clauses 4-10):

Section	ISO Clause	Content
SW-IMS-MAN-001	Introduction	This document: Purpose, scope, definitions, how to use
SW-IMS-MAN-004	Clause 4	Context of the Organization
SW-IMS-MAN-005	Clause 5	Leadership
SW-IMS-MAN-006	Clause 6	Planning (objectives, risk management)
SW-IMS-MAN-007	Clause 7	Support (resources, competence, awareness, communication, documentation)
SW-IMS-MAN-008	Clause 8	Operation (service delivery, change control, supplier management)
SW-IMS-MAN-009	Clause 9	Performance Evaluation (monitoring, audit, management review)
SW-IMS-MAN-010	Clause 10	Improvement (nonconformity, corrective action, continual improvement)

3.2 Audience and Usage

For All Employees:

Read Sections 1-3 (Introduction, Scope, Structure) to understand the IMS
Read SW-IMS-MAN-005 (Leadership) to understand roles and responsibilities
Refer to specific sections relevant to your role
Use as a guide to find detailed procedures and policies

For Management:

Use as a strategic overview of the IMS
Reference when making decisions affecting quality, environment, or security
Use in management reviews and strategic planning
Demonstrate to external auditors and customers

For Auditors (Internal and External):

Use as the primary reference for understanding Swedwise's IMS
Cross-reference to detailed policies and procedures
Verify alignment between manual and implementation

For New Employees:

Part of onboarding to understand how Swedwise manages quality, environment, and security
Reference for understanding organizational structure and processes

3.3 Document Hierarchy

The IMS documentation follows a hierarchical structure:

Level 1: IMS Manual (this document)
           |
           ├─ Describes overall system, scope, structure
           |
Level 2: Policies
           |
           ├─ High-level statements of intent
           ├─ Examples: SW-IMS-POL-001 (IMS Policy), SW-ISMS-POL-002 (Information Security Policy)
           |
Level 3: Procedures
           |
           ├─ Step-by-step "what" and "who"
           ├─ Examples: SW-IMS-PRO-001 (Document Control), SW-IMS-PRO-002 (Risk Assessment)
           |
Level 4: Guidelines, Forms, Templates
           |
           ├─ Detailed "how-to" and tools
           ├─ Examples: Forms, checklists, work instructions
           |
Level 5: Records
           |
           └─ Evidence of system operation
               Examples: Audit reports, training records, risk registers

Navigation:

This manual references policies and procedures by document ID (e.g., SW-IMS-POL-001)
Policies and procedures are accessible via the IMS Repository (SharePoint/intranet)
Cross-references are hyperlinked in digital versions

3.4 Keeping the Manual Current

The IMS Manual is a controlled document:

Version Control:

Current version is maintained in the IMS Repository
Previous versions are archived for reference
Version history is tracked in Document Control section

Review Cycle:

Reviewed annually by IMS Owner and Management Team
Updated when significant changes occur (new services, organizational changes, standard revisions)
Changes approved by CEO before release

Communication of Changes:

Major updates communicated to all staff via email and team meetings
Change summary included in each new version
Training provided on significant changes

Accessing the Manual:

Digital version: IMS Repository on company intranet
Print version: Controlled copies issued only when necessary (marked as controlled)
Uncontrolled copies (e.g., for external parties): Marked "UNCONTROLLED - FOR REFERENCE ONLY"

4. Normative References

This IMS Manual is based on the following international standards:

4.1 ISO Standards

ISO 9001:2015 - Quality Management Systems - Requirements

Published by: International Organization for Standardization (ISO)
Latest edition: 2015 (confirmed 2021)
Scope: Requirements for a quality management system

ISO 14001:2015 - Environmental Management Systems - Requirements with Guidance for Use

Published by: International Organization for Standardization (ISO)
Latest edition: 2015 (confirmed 2021)
Scope: Requirements for an environmental management system

ISO 27001:2022 - Information Security, Cybersecurity and Privacy Protection - Information Security Management Systems - Requirements

Published by: International Organization for Standardization (ISO)
Latest edition: 2022
Scope: Requirements for an information security management system

ISO 19011:2018 - Guidelines for Auditing Management Systems

Provides guidance for internal and external audits

4.2 Legal and Regulatory References

European Union:

GDPR (General Data Protection Regulation) - EU 2016/679
- Applies to: Personal data processing
- Relevance: Data protection, privacy, security controls

Swedish Law:

Work Environment Act (Arbetsmiljölagen 1977:1160)
- Applies to: Workplace health and safety
- Relevance: Physical and psychosocial work environment
Environmental Code (Miljöbalken 1998:808)
- Applies to: Environmental protection (limited applicability to office-based company)
- Relevance: Waste management, resource use
Data Protection Act (Dataskyddslagen 2018:218)
- Applies to: Personal data processing (supplements GDPR)

Public Procurement:

Public Procurement Act (Lag om offentlig upphandling 2016:1145)
- Applies to: Tenders for public sector contracts
- Relevance: Quality, environmental, and security requirements in procurement

4.3 Industry Standards and Best Practices

Information Security:

ISO 27002:2022 - Information Security Controls (guidance for controls in ISO 27001)
NIST Cybersecurity Framework - Voluntary framework for improving cybersecurity

Cloud Security:

ISO 27017 - Cloud security controls
ISO 27018 - Protection of personally identifiable information (PII) in public clouds

Service Management:

ISO 20000 - IT Service Management (reference for service delivery processes)

5. Terms and Definitions

5.1 General Management System Terms

Term	Definition
Management System	Set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives.
Integrated Management System (IMS)	Single management system that integrates quality, environmental, and information security management disciplines.
Policy	Intentions and direction of an organization as formally expressed by top management.
Objective	Result to be achieved; can be strategic, tactical, or operational.
Requirement	Need or expectation that is stated, generally implied, or obligatory.
Competence	Ability to apply knowledge and skills to achieve intended results.
Documented Information	Information required to be controlled and maintained; includes documents and records.
Process	Set of interrelated or interacting activities that use inputs to deliver intended result.
Procedure	Specified way to carry out an activity or a process.
Outsource	Arrange for an external organization to perform part of an organization's function or process.
Top Management	Person or group of people who directs and controls an organization at the highest level (CEO and Management Team at Swedwise).

5.2 Quality Management Terms (ISO 9001)

Term	Definition
Quality	Degree to which a set of inherent characteristics of an object fulfills requirements.
Quality Management System (QMS)	Management system with regard to quality.
Customer	Person or organization that receives a product or service (clients purchasing Swedwise services).
Customer Satisfaction	Customer's perception of the degree to which customer expectations have been fulfilled.
Conformity	Fulfillment of a requirement.
Nonconformity	Non-fulfillment of a requirement.
Defect	Nonconformity related to an intended or specified use.
Corrective Action	Action to eliminate the cause of a nonconformity and prevent recurrence.
Continual Improvement	Recurring activity to enhance performance.
Effectiveness	Extent to which planned activities are realized and planned results achieved.
Efficiency	Relationship between result achieved and resources used.

5.3 Environmental Management Terms (ISO 14001)

Term	Definition
Environment	Surroundings in which an organization operates, including air, water, land, natural resources, flora, fauna, humans, and their interrelation.
Environmental Management System (EMS)	Management system with regard to the environment.
Environmental Aspect	Element of an organization's activities, products, or services that can interact with the environment (e.g., energy consumption, business travel, waste generation).
Environmental Impact	Change to the environment, whether adverse or beneficial, wholly or partially resulting from environmental aspects (e.g., carbon emissions from travel, e-waste).
Environmental Policy	Intentions and direction related to environmental performance, formally expressed by top management.
Environmental Objective	Result to be achieved related to environmental performance.
Pollution Prevention	Use of processes, practices, techniques, materials, products, or energy to avoid, reduce, or control creation, emission, or discharge of any type of pollutant or waste.
Compliance Obligation	Legal requirement or other requirement that an organization has to comply with or chooses to comply with (e.g., environmental regulations, commitments to customers).

5.4 Information Security Terms (ISO 27001)

Term	Definition
Information Security	Preservation of confidentiality, integrity, and availability of information.
Information Security Management System (ISMS)	Management system with regard to information security.
Confidentiality	Property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
Integrity	Property of accuracy and completeness.
Availability	Property of being accessible and usable upon demand by an authorized entity.
Information Asset	Any information or related asset that has value to the organization (e.g., customer data, source code, credentials, business plans).
Risk	Effect of uncertainty on objectives; information security risk is potential for threats to exploit vulnerabilities, causing harm to assets.
Risk Assessment	Process of identifying, analyzing, and evaluating risk.
Risk Treatment	Process to modify risk (avoid, accept, reduce, transfer).
Control	Measure that maintains and/or modifies risk (also called safeguard or countermeasure).
Security Incident	Single or series of unwanted or unexpected information security events that have significant probability of compromising business operations or threatening information security.
Vulnerability	Weakness that can be exploited by a threat.
Threat	Potential cause of an unwanted incident that may result in harm.

5.5 Swedwise-Specific Terms

Term	Definition
Swedwise Communications	SaaS service offering combining OpenText Exstream (document generation) and Notifications (multi-channel delivery) hosted on Swedish infrastructure.
The Machine	Swedwise's organizational framework emphasizing learning organization principles, agility, and autonomy.
Discipline Forum	Cross-functional group focused on a specific technology or expertise area (e.g., OpenText Forum, Salesforce Forum).
Customer Acquisition	Organizational unit responsible for new customer sales and business development.
Customer Development	Organizational unit responsible for account management and growth of existing customer relationships.
Customer Success	Organizational unit responsible for service delivery, customer onboarding, and ongoing support.
Resource Management	Function responsible for staff allocation, capacity planning, and training coordination.
PMO (Project Management Office)	Function responsible for project governance, methodology, and internal project delivery.
IMS Owner	Role responsible for coordinating and maintaining the Integrated Management System (may be combined with Quality Lead or other IMS role).
Interested Party	Person or organization that can affect, be affected by, or perceive itself to be affected by Swedwise's decisions or activities (also called stakeholder).

5.6 Acronyms

Acronym	Full Term
IMS	Integrated Management System
QMS	Quality Management System
EMS	Environmental Management System
ISMS	Information Security Management System
ISO	International Organization for Standardization
GDPR	General Data Protection Regulation
SaaS	Software as a Service
SLA	Service Level Agreement
CISO	Chief Information Security Officer
CEO	Chief Executive Officer
DPO	Data Protection Officer
PDCA	Plan-Do-Check-Act (continuous improvement cycle)
KPI	Key Performance Indicator
PESTLE	Political, Economic, Social, Technological, Legal, Environmental (analysis framework)
SWOT	Strengths, Weaknesses, Opportunities, Threats (analysis framework)
L1/L2/L3	Support levels (Level 1 = basic, Level 2 = advanced, Level 3 = expert)
IMY	Integritetsskyddsmyndigheten (Swedish Authority for Privacy Protection)

6. Document Control

6.1 Document Information

Attribute	Value
Document ID	SW-IMS-MAN-001
Title	IMS Manual - Introduction and Overview
Owner	CEO
Approver	CEO
Classification	Internal
Review Frequency	Annual

6.2 Version History

Version	Date	Author	Changes	Approved By
1.0	[TBD]	[IMS Owner name]	Initial creation for ISO certification	[CEO name]

6.3 Distribution

This document is:

Published in IMS Repository (SharePoint/intranet)
Accessible to all Swedwise employees
Available to external auditors and customers upon request
Controlled - only current version in IMS Repository is valid

6.4 Review and Approval

Next Review Date: [TBD - typically 12 months from effective date]

Approval:

Role	Name	Signature	Date
CEO	[TBD]
IMS Owner	[TBD]

IMS Manual Sections (Clauses 4-10):

SW-IMS-MAN-004: Context of the Organization
SW-IMS-MAN-005: Leadership
SW-IMS-MAN-006: Planning
SW-IMS-MAN-007: Support
SW-IMS-MAN-008: Operation
SW-IMS-MAN-009: Performance Evaluation
SW-IMS-MAN-010: Improvement

Top-Level Policies:

SW-IMS-POL-001: Integrated Management System Policy
SW-QMS-POL-001: Quality Policy
SW-EMS-POL-001: Environmental Policy
SW-ISMS-POL-001: Information Security Policy

Core Procedures:

SW-IMS-PRO-001: Document Control Procedure
SW-IMS-PRO-002: Risk Assessment Procedure
SW-IMS-PRO-003: Internal Audit Procedure
SW-IMS-PRO-004: Management Review Procedure
SW-IMS-PRO-005: Corrective Action Procedure

This document is approved by Swedwise AB management and is effective from the date specified above. All employees are required to read and understand this manual.