ISO Frameworks

8/7/2019 ISO Frameworks

1/26

1

ISO Frameworks

Overview


2/26

2

ISO

ISO (International Organization for Standardization) is theworld's largest developerand publisher ofInternationalStandards.

ISO is a network of the national standards institutes of 161countries, one member per country, with a Central Secretariat inGeneva, Switzerland, that coordinates the system.

ISO is a non-governmental organization that forms a bridgebetween the public and private sectors. On the one hand, many ofits member institutes are part of the governmental structure of theircountries, or are mandated by their government. On the other hand,other members have their roots uniquely in the private sector,having been set up by national partnerships of industry associations.

Therefore, ISO enables a consensus to be reached on solutionsthat meet both the requirements of business and the broaderneeds of society.


3/26

3

ISO History

In 1946, delegates from 25 countries met in London anddecided to create a new international organization, ofwhich the object would be "to facilitate the internationalcoordination and unification of industrial standards". Thenew organization, ISO, officially began operations on 23

February 1947, in Geneva, Switzerland. ISO is the world largest standards developing

organization. Between 1947 and the present day, ISOhas published more than 17500 International Standards,ranging from standards for activities such as agriculture

and construction, through mechanical engineering, tomedical devices, to the newest information technologydevelopments.


4/26

4

ISOs Name

Because "International Organization forStandardization" would have different acronyms

in different languages ("IOS" in English, "OIN" in

French forOrganisation internationale de

normalisation), its founders decided to give italso a short, all-purpose name. They chose

"ISO", derived from the Greek isos, meaning

"equal". Whatever the country, whatever the

language, the short form of the organization'sname is always ISO.


5/26

5

ISO Standards

ISO standards: make the development, manufacturing and supply of products and

services more efficient, safer and cleaner

facilitate trade between countries and make it fairer

provide governments with a technical base forhealth, safety andenvironmental legislation, and conformity assessment

share technological advances and good management practice

disseminate innovation

safeguard consumers, and users in general, of products andservices

make life simpler by providing solutions to common problems


6/26

6

ISO Standards Benefits

ISO standards provide technological, economic and societal benefits. For businesses, the widespread adoption of International Standards

means that suppliers can develop and offer products and services meetingspecifications that have wide international acceptance in their sectors.Therefore, businesses using International Standards can compete on manymore markets around the world.

For innovators of new technologies, International Standards on aspects

like terminology, compatibility and safety speed up the dissemination ofinnovations and their development into manufacturable and marketableproducts.

For customers, the worldwide compatibility of technology which isachieved when products and services are based on InternationalStandards gives them a broad choice of offers. They also benefit from theeffects of competition among suppliers.

For governments, International Standards provide the technological andscientific bases underpinning health, safety and environmental legislation.

For trade officials, International Standards create "a level playing field"for all competitors on those markets. The existence of divergent national orregional standards can create technical barriers to trade. InternationalStandards are the technical means by which political trade agreements canbe put into practice.


7/26

7

ISO Standards Benefits ..Contd.

For developing countries, International Standards that representan international consensus on the state of the art are an importantsource oftechnological know-how. By defining the characteristicsthat products and services will be expected to meet on exportmarkets, International Standards give developing countries a basisfor making the right decisions when investing their scarceresources and thus avoid squandering them.

For consumers, conformity of products and services to InternationalStandards provides assurance about their quality, safety andreliability.

For everyone, International Standards contribute to the quality oflife in general by ensuring that the transport, machinery and toolswe use are safe.

For the planet we inhabit, International Standards on air, water andsoil quality, on emissions of gases and radiation and environmentalaspects of products can contribute to efforts to preserve theenvironment.


8/26


9/26

9

ISO FrameworksThe major frameworks are currently:

ISO 9001:2008 Quality management systems Requirements ISO 14050:2009

Environmental management - Vocabulary

ISO/IEC 24727-3:2008

Identification cards - Integrated circuit card programming interfaces - Part3: Application interface

ISO/IEC Guide 98

-3:2008

Uncertainty of measurement - Part 3: Guide to the expression of uncertaintyin measurement (GUM:1995)

ISO 20000 - focusing upon IT service management

ITIL - a lower level framework again for ITSM

ISO 17799 / ISO 27001 - focusing upon information

Six Sigma - focusing upon operational performance and defect identification

COBIT - framework for information IT management risks Balanced Scorecard - a framework for measuring a company's activities in

terms of its vision and strategies

Prince2 - a project management method

ISO 14000 Environmental management standards collection

ISO 22000 Food safety management systems. An easy-to-use checklist forsmall business. Are you ready?


10/26

10

What's different about ISO 9001 and ISO 14001

The vast majority of ISO standards are highly specific toa particular product, material, or process.

However, ISO 9001 (quality) and ISO 14001(environment) are "generic management systemstandards".

"Generic" means that the same standard can be appliedto any organization, large or small, whatever its productor service, in any sector of activity, and whether it is abusiness enterprise, a public administration, or agovernment department.

ISO 9001 contains a generic set of requirements for

implementing a quality management system and ISO 14001 for an environmental management system.

Generic standards can be applied to anyorganization.


11/26


12/26


13/26

13

Quality Management System

A quality management system is a commonsense and well documented system that ensuresconsistency and improvement of workingpractices.

This includes the products and servicesproduced. It is based on standards, whichspecify a procedure for achieving effectivequality management.

ISO 9000 is the most commonly usedinternational standard that provides a frameworkfor a quality management system.


14/26

14

What Is ISO 9000

ISO 9000 is essentially a generic name given toa family of standards developed to provide a

framework around which a quality management

system can effectively be based.

The ISO 9000 family comprises a number of

different standards (ISO 9000, ISO 9001 and

ISO 9004).

Each covers a different facet of the whole.


15/26

15

Process Model of ISO 9000:2000


16/26


17/26

17

Process and Product Quality

High quality processes are more likely todevelop high-quality products

This is especially true for manufactured goods

but also for software development where people

quality is another factor


18/26

18

Process Analysis and Modeling

Process analysis is the study of existingprocesses to

understand the relationships between parts of

the process and

to compare them with other processes.

Process modelingis the documentation of a

process which

records the tasks, the roles and the entities used


19/26

19

ISO 9001 Requirements

Requirements in ISO 9001 (which is one of thestandards in the ISO 9000 family) include

A set of procedures that cover all key processes in

the business;

Monitoring processes to ensure they are effective;

Keeping adequate records;

Checking output for defects, with appropriate and

corrective action where necessary;

Regularly reviewing individual processes and thequality system itself for effectiveness; and

Facilitating continual improvement


20/26

20

A five-step process to establishing a

simplified compliance program

Inventory and Risk Assessment: Identify your regulatoryenvironment and business drivers; your valuable data;and its information risk.

Policy and Classification Development: Develop asecurity policy based on best practice standards. Define

categories of data and outline controls for each. Data Discovery and Classification: Identify unacceptable

risks in how your data is actually stored, used andprotected. Devise a program of remediation.

Implementation of Controls: Implement the program.

Train data owners and users. Monitoring, Management and Improvement: Developongoing security programs to help ensure that policy andcontrols continue to be appropriate and effective.


21/26

21

ISO 20000

Derived from ITIL, the ISO 20000 (erstwhile BS15000) standarddescribes an integrated set of management processes and arecognized, tried and tested management system which allows an ITservice organization to plan, manage, deliver, monitor, report, reviewand improve its services and ensures effective delivery of servicesto the business and its customers.

QAI provides end-to-end handholding, guidance, and facilitationthrough periodic consulting for achieving the ISO 20000 (erstwhileBS15000) certification.

QAI's ITIL and ISO 20000 (erstwhile BS15000) implementation

methodology focuses on robust implementation andinstitutionalization of ITIL best practices and processes that delivervalue to your business, rather than just achieving the minimumcertification criteria of ISO 20000 (erstwhile BS15000) and gettingcertified.


22/26

22

ITIL

ITIL

The focus of IT management has been changing forsome time and in the future, management will be evenless focused on technology and more integrated with theoverall needs of the business management and

processes.

In essence, management systems will become:

More focused on business needs More closely alignedto business processes Less dependent on specifictechnology and more "service centric" More integratedwith other management tools and processes, as themanagement standards evolve


23/26

23

COBIT

The Control Objectives for Information and related Technology(COBIT) is a set of best practices (framework) for informationtechnology (IT) management created by the Information SystemsAudit and Control Association (ISACA), and the IT GovernanceInstitute (ITGI) in 1992. COBIT provides managers, auditors, and ITusers with a set of generally accepted measures, indicators,

processes and best practices to assist them in maximizing thebenefits derived through the use of information technology anddeveloping appropriate IT governance and control in a company.

The complete COBIT package consists of:

Executive Summary Governance and Control Framework ControlObjectives Management Guidelines Implementation Guide ITAssurance Guide


24/26

24

ISO 27001

ISO 27001, titled "Information Security Management -Specification With Guidance forUse", is the replacement

for the original document, BS7799-2. It is intended to

provide the foundation for third party audit, and is

'harmonized' with other management standards, such as

ISO 9001 and ISO 14001.

The basic objective of the standard is to help establish

and maintain an effective information management

system, using a continual improvement approach. Itimplements OECD (Organization for Economic

Cooperation and Development) principles, governing

security of information and network systems.


25/26

25

USABILITY DEFINITIONS

The capability of the software product to beunderstood, learned, used and attractive to theuser, when used under specified conditions.(ISO/IEC 9126-1, 2000)

The extent to which a product can be used byspecified users to achieve specified goals witheffectiveness, efficiency and satisfaction in aspecified context of use. (ISO9241-11, 1998)

The ease with which a user can learn tooperate, prepare inputs for, and interpret outputsof a system or component. (IEEE Std.610.12-1990)


26/26

THANKS

26

ISO Frameworks

Documents

Transcript of ISO Frameworks