8/7/2019 ISO Frameworks
1/26
1
ISO Frameworks
Overview
8/7/2019 ISO Frameworks
2/26
2
ISO
ISO (International Organization for Standardization) is theworld's largest developerand publisher ofInternationalStandards.
ISO is a network of the national standards institutes of 161countries, one member per country, with a Central Secretariat inGeneva, Switzerland, that coordinates the system.
ISO is a non-governmental organization that forms a bridgebetween the public and private sectors. On the one hand, many ofits member institutes are part of the governmental structure of theircountries, or are mandated by their government. On the other hand,other members have their roots uniquely in the private sector,having been set up by national partnerships of industry associations.
Therefore, ISO enables a consensus to be reached on solutionsthat meet both the requirements of business and the broaderneeds of society.
8/7/2019 ISO Frameworks
3/26
3
ISO History
In 1946, delegates from 25 countries met in London anddecided to create a new international organization, ofwhich the object would be "to facilitate the internationalcoordination and unification of industrial standards". Thenew organization, ISO, officially began operations on 23
February 1947, in Geneva, Switzerland. ISO is the world largest standards developing
organization. Between 1947 and the present day, ISOhas published more than 17500 International Standards,ranging from standards for activities such as agriculture
and construction, through mechanical engineering, tomedical devices, to the newest information technologydevelopments.
8/7/2019 ISO Frameworks
4/26
4
ISOs Name
Because "International Organization forStandardization" would have different acronyms
in different languages ("IOS" in English, "OIN" in
French forOrganisation internationale de
normalisation), its founders decided to give italso a short, all-purpose name. They chose
"ISO", derived from the Greek isos, meaning
"equal". Whatever the country, whatever the
language, the short form of the organization'sname is always ISO.
8/7/2019 ISO Frameworks
5/26
5
ISO Standards
ISO standards: make the development, manufacturing and supply of products and
services more efficient, safer and cleaner
facilitate trade between countries and make it fairer
provide governments with a technical base forhealth, safety andenvironmental legislation, and conformity assessment
share technological advances and good management practice
disseminate innovation
safeguard consumers, and users in general, of products andservices
make life simpler by providing solutions to common problems
8/7/2019 ISO Frameworks
6/26
6
ISO Standards Benefits
ISO standards provide technological, economic and societal benefits. For businesses, the widespread adoption of International Standards
means that suppliers can develop and offer products and services meetingspecifications that have wide international acceptance in their sectors.Therefore, businesses using International Standards can compete on manymore markets around the world.
For innovators of new technologies, International Standards on aspects
like terminology, compatibility and safety speed up the dissemination ofinnovations and their development into manufacturable and marketableproducts.
For customers, the worldwide compatibility of technology which isachieved when products and services are based on InternationalStandards gives them a broad choice of offers. They also benefit from theeffects of competition among suppliers.
For governments, International Standards provide the technological andscientific bases underpinning health, safety and environmental legislation.
For trade officials, International Standards create "a level playing field"for all competitors on those markets. The existence of divergent national orregional standards can create technical barriers to trade. InternationalStandards are the technical means by which political trade agreements canbe put into practice.
8/7/2019 ISO Frameworks
7/26
7
ISO Standards Benefits ..Contd.
For developing countries, International Standards that representan international consensus on the state of the art are an importantsource oftechnological know-how. By defining the characteristicsthat products and services will be expected to meet on exportmarkets, International Standards give developing countries a basisfor making the right decisions when investing their scarceresources and thus avoid squandering them.
For consumers, conformity of products and services to InternationalStandards provides assurance about their quality, safety andreliability.
For everyone, International Standards contribute to the quality oflife in general by ensuring that the transport, machinery and toolswe use are safe.
For the planet we inhabit, International Standards on air, water andsoil quality, on emissions of gases and radiation and environmentalaspects of products can contribute to efforts to preserve theenvironment.
8/7/2019 ISO Frameworks
8/26
8/7/2019 ISO Frameworks
9/26
9
ISO FrameworksThe major frameworks are currently:
ISO 9001:2008 Quality management systems Requirements ISO 14050:2009
Environmental management - Vocabulary
ISO/IEC 24727-3:2008
Identification cards - Integrated circuit card programming interfaces - Part3: Application interface
ISO/IEC Guide 98
-3:2008
Uncertainty of measurement - Part 3: Guide to the expression of uncertaintyin measurement (GUM:1995)
ISO 20000 - focusing upon IT service management
ITIL - a lower level framework again for ITSM
ISO 17799 / ISO 27001 - focusing upon information
Six Sigma - focusing upon operational performance and defect identification
COBIT - framework for information IT management risks Balanced Scorecard - a framework for measuring a company's activities in
terms of its vision and strategies
Prince2 - a project management method
ISO 14000 Environmental management standards collection
ISO 22000 Food safety management systems. An easy-to-use checklist forsmall business. Are you ready?
8/7/2019 ISO Frameworks
10/26
10
What's different about ISO 9001 and ISO 14001
The vast majority of ISO standards are highly specific toa particular product, material, or process.
However, ISO 9001 (quality) and ISO 14001(environment) are "generic management systemstandards".
"Generic" means that the same standard can be appliedto any organization, large or small, whatever its productor service, in any sector of activity, and whether it is abusiness enterprise, a public administration, or agovernment department.
ISO 9001 contains a generic set of requirements for
implementing a quality management system and ISO 14001 for an environmental management system.
Generic standards can be applied to anyorganization.
8/7/2019 ISO Frameworks
11/26
8/7/2019 ISO Frameworks
12/26
8/7/2019 ISO Frameworks
13/26
13
Quality Management System
A quality management system is a commonsense and well documented system that ensuresconsistency and improvement of workingpractices.
This includes the products and servicesproduced. It is based on standards, whichspecify a procedure for achieving effectivequality management.
ISO 9000 is the most commonly usedinternational standard that provides a frameworkfor a quality management system.
8/7/2019 ISO Frameworks
14/26
14
What Is ISO 9000
ISO 9000 is essentially a generic name given toa family of standards developed to provide a
framework around which a quality management
system can effectively be based.
The ISO 9000 family comprises a number of
different standards (ISO 9000, ISO 9001 and
ISO 9004).
Each covers a different facet of the whole.
8/7/2019 ISO Frameworks
15/26
15
Process Model of ISO 9000:2000
8/7/2019 ISO Frameworks
16/26
8/7/2019 ISO Frameworks
17/26
17
Process and Product Quality
High quality processes are more likely todevelop high-quality products
This is especially true for manufactured goods
but also for software development where people
quality is another factor
8/7/2019 ISO Frameworks
18/26
18
Process Analysis and Modeling
Process analysis is the study of existingprocesses to
understand the relationships between parts of
the process and
to compare them with other processes.
Process modelingis the documentation of a
process which
records the tasks, the roles and the entities used
8/7/2019 ISO Frameworks
19/26
19
ISO 9001 Requirements
Requirements in ISO 9001 (which is one of thestandards in the ISO 9000 family) include
A set of procedures that cover all key processes in
the business;
Monitoring processes to ensure they are effective;
Keeping adequate records;
Checking output for defects, with appropriate and
corrective action where necessary;
Regularly reviewing individual processes and thequality system itself for effectiveness; and
Facilitating continual improvement
8/7/2019 ISO Frameworks
20/26
20
A five-step process to establishing a
simplified compliance program
Inventory and Risk Assessment: Identify your regulatoryenvironment and business drivers; your valuable data;and its information risk.
Policy and Classification Development: Develop asecurity policy based on best practice standards. Define
categories of data and outline controls for each. Data Discovery and Classification: Identify unacceptable
risks in how your data is actually stored, used andprotected. Devise a program of remediation.
Implementation of Controls: Implement the program.
Train data owners and users. Monitoring, Management and Improvement: Developongoing security programs to help ensure that policy andcontrols continue to be appropriate and effective.
8/7/2019 ISO Frameworks
21/26
21
ISO 20000
Derived from ITIL, the ISO 20000 (erstwhile BS15000) standarddescribes an integrated set of management processes and arecognized, tried and tested management system which allows an ITservice organization to plan, manage, deliver, monitor, report, reviewand improve its services and ensures effective delivery of servicesto the business and its customers.
QAI provides end-to-end handholding, guidance, and facilitationthrough periodic consulting for achieving the ISO 20000 (erstwhileBS15000) certification.
QAI's ITIL and ISO 20000 (erstwhile BS15000) implementation
methodology focuses on robust implementation andinstitutionalization of ITIL best practices and processes that delivervalue to your business, rather than just achieving the minimumcertification criteria of ISO 20000 (erstwhile BS15000) and gettingcertified.
8/7/2019 ISO Frameworks
22/26
22
ITIL
ITIL
The focus of IT management has been changing forsome time and in the future, management will be evenless focused on technology and more integrated with theoverall needs of the business management and
processes.
In essence, management systems will become:
More focused on business needs More closely alignedto business processes Less dependent on specifictechnology and more "service centric" More integratedwith other management tools and processes, as themanagement standards evolve
8/7/2019 ISO Frameworks
23/26
23
COBIT
The Control Objectives for Information and related Technology(COBIT) is a set of best practices (framework) for informationtechnology (IT) management created by the Information SystemsAudit and Control Association (ISACA), and the IT GovernanceInstitute (ITGI) in 1992. COBIT provides managers, auditors, and ITusers with a set of generally accepted measures, indicators,
processes and best practices to assist them in maximizing thebenefits derived through the use of information technology anddeveloping appropriate IT governance and control in a company.
The complete COBIT package consists of:
Executive Summary Governance and Control Framework ControlObjectives Management Guidelines Implementation Guide ITAssurance Guide
8/7/2019 ISO Frameworks
24/26
24
ISO 27001
ISO 27001, titled "Information Security Management -Specification With Guidance forUse", is the replacement
for the original document, BS7799-2. It is intended to
provide the foundation for third party audit, and is
'harmonized' with other management standards, such as
ISO 9001 and ISO 14001.
The basic objective of the standard is to help establish
and maintain an effective information management
system, using a continual improvement approach. Itimplements OECD (Organization for Economic
Cooperation and Development) principles, governing
security of information and network systems.
8/7/2019 ISO Frameworks
25/26
25
USABILITY DEFINITIONS
The capability of the software product to beunderstood, learned, used and attractive to theuser, when used under specified conditions.(ISO/IEC 9126-1, 2000)
The extent to which a product can be used byspecified users to achieve specified goals witheffectiveness, efficiency and satisfaction in aspecified context of use. (ISO9241-11, 1998)
The ease with which a user can learn tooperate, prepare inputs for, and interpret outputsof a system or component. (IEEE Std.610.12-1990)
8/7/2019 ISO Frameworks
26/26
THANKS
26