Application of ISO 14000 To Information Technology Governance and Management

Computer Standards & Interfaces 65 (2019) 180–202
Contents lists available at ScienceDirect
Computer Standards & Interfaces

journal homepage: www.elsevier.com/locate/csi
Application of ISO 14000 to Information Technology Governance and T

Management
J. David Patón-Romeroa,b,c, , Maria Teresa Baldassarreb, Moisés Rodrígueza,c, Mario Piattinia
⁎
a
Alarcos Research Group, Institute of Technologies and Information Systems, University of Castilla-La Mancha, Paseo de la Universidad, 4, Ciudad Real 13071, Spain
b
Department of Informatics, University of Bari Aldo Moro, Via Edoardo Orabona, 4, Bari 70125, Italy
c
AQCLab (Intelligent Environments), Camino de Moledores, s/n, Ciudad Real 13051, Spain
ARTICLE INFO ABSTRACT
Keywords: Sustainability is a reality and a necessity for everyone in all areas. The changes that are taking place with respect
ISO 14000 to environmental sensitivity force organizations to adopt a new approach to this problem. This has led orga-
Sustainability nizations such as the International Organization for Standardization (ISO) to develop standards that help all
Information Technology types of organizations achieve sustainable development, such as the ISO 14000 family of standards. However,
Green IT
the ISO 14000 family of standards is too generic and does not address specific areas that are highly relevant for
Governance
Management
organizations in the search for sustainability, as is the case of the area of Information Technology (IT). From the
Audit area of IT, sustainability and, in particular, the Green IT philosophy have become slogans for executive, cor-
porate, and service management. Implementing Green IT initiatives has become a priority for the environmental
awareness of organizations that want to stay ahead of the curve. That is why, in this study, the application/
inclusion of the ISO 14000 family of standards to IT is carried out. The results obtained and the validation of this
proposal by experts show an adequate and consistent proposal, which covers all areas related to IT. All this
demonstrates the applicability of the ISO 14000 family of standards to IT through the Green IT and completes a
developed framework that is useful in practice when implementing the governance and management of Green
IT. Likewise, thanks to this proposal, organizations finally have a standardized guide when implementing Green
IT, as well as when seeking for international and recognized certifications in this field.
1. Introduction All this pressure for a healthier environment has forced organiza-
tions to modify their practices and to use less harmful methods with the
Since the “Brundtland Report” [1] appeared in 1987, defending the environment in their daily operations through different areas of busi-
idea of sustainable development, the ecological awareness in favor of ness [5–7]. In fact, it has been demonstrated that organizations that
caring for and preserving the environment has turn into an issue that is apply greener criteria in the development of their activities are not only
gaining more and more ground each day, becoming, as many think, in gaining an advantage in the material and economic saving of resources,
the beginning of a new “industrial revolution”. but they are also gaining a competitive advantage, differing to a large
This concern for the environment has transcended all kinds of extent from their competitors [8–11].
ideological, social and other frontiers, which has forced governments to That is why the ISO 14000 family of standards [12] has been de-
make important decisions on the area. Some examples of this are the veloped in this respect, to help accelerate the process of adhesion of
Agenda for the Sustainable Development for the year 2030 developed organizations to such ecological practices, through the efficient use of
by the United Nations (UN) [2] and the Circular Economy Action Plan resources and the reduction of the environmental impact.
developed by the European Commission [3]. While is true that this family of standards gives an overview to adapt
Also, in society, this ecological trend is becoming one of the factors to sustainable practices, it would be helpful to have specific guidelines
that contribute to an individual choosing the consumption of one pro- in certain areas that may have greater impact and/or help more in the
duct rather than another, i.e. so-called “green products” are becoming area of sustainability, such as the Information Technology (IT) area. An
increasingly attractive to consumers [4]. example of a similar application is the ISO/IEC 90003 standard [13],
Corresponding author at: University of Castilla-La Mancha, Paseo de la Universidad, 4, 13071 Ciudad Real, Spain.
⁎
E-mail addresses: josedavid.paton@gmail.com (J.D. Patón-Romero), mariateresa.baldassarre@uniba.it (M.T. Baldassarre), mrodriguez@aqclab.es (M. Rodríguez),
mario.piattini@uclm.es (M. Piattini).
https://doi.org/10.1016/j.csi.2019.03.007
Received 12 October 2018; Received in revised form 28 March 2019; Accepted 30 March 2019
Available online 01 April 2019
0920-5489/ © 2019 Elsevier B.V. All rights reserved.
J.D. Patón-Romero, et al. Computer Standards & Interfaces 65 (2019) 180–202
Table 1
ISO 14000 family of standards (published standards to the date of September 2018).
Standard Title
ISO 14001:2015 Environmental management systems – Requirements with guidance for use
ISO 14004:2016 Environmental management systems – General guidelines on implementation
ISO 14005:2010 Environmental management systems – Guidelines for the phased implementation of an environmental management system, including the use of
environmental performance evaluation
ISO 14006:2011 Environmental management systems – Guidelines for incorporating ecodesign
ISO 14015:2001 Environmental management – Environmental assessment of sites and organizations (EASO)
ISO 14020:2000 Environmental labels and declarations – General principles
ISO 14021:2016 Environmental labels and declarations – Self-declared environmental claims - Type II environmental labeling
ISO 14024:2018 Environmental labels and declarations – Type I environmental labeling - Principles and procedures
ISO 14025:2006 Environmental labels and declarations – Type III environmental declarations - Principles and procedures
ISO 14026:2017 Environmental labels and declarations – Principles, requirements and guidelines for communication of footprint information
ISO/TS 14027:2017 Environmental labels and declarations – Development of product category rules
ISO 14031:2013 Environmental management – Environmental performance evaluation - Guidelines
ISO/TS 14033:2012 Environmental management – Quantitative environmental information - Guidelines and examples
ISO 14034:2016 Environmental management – Environmental technology verification (ETV)
ISO 14040:2006 Environmental management – Life cycle assessment - Principles and framework
ISO 14044:2006 Environmental management – Life cycle assessment - Requirements and guidelines
ISO 14045:2012 Environmental management – Eco-efficiency assessment of product systems - Principles, requirements and guidelines
ISO 14046:2014 Environmental management – Water footprint - Principles, requirements and guidelines
ISO/TR 14047:2012 Environmental management – Life cycle assessment - Illustrative examples on how to apply ISO 14044 to impact assessment situations
ISO/TS 14048:2002 Environmental management – Life cycle assessment - Data documentation format
ISO/TR 14049:2012 Environmental management – Life cycle assessment - Illustrative examples on how to apply ISO 14044 to goal and scope definition and inventory analysis
ISO 14050:2009 Environmental management – Vocabulary
ISO 14051:2011 Environmental management – Material flow cost accounting - General framework
ISO 14052:2017 Environmental management – Material flow cost accounting - Guidance for practical implementation in a supply chain
ISO 14055-1:2017 Environmental management – Guidelines for establishing good practices for combatting land degradation and desertification - Part 1: Good practices
framework
ISO/TR 14062:2002 Environmental management – Integrating environmental aspects into product design and development
ISO 14063:2006 Environmental management – Environmental communication - Guidelines and examples
ISO 14064-1:2006 Greenhouse gases – Part 1: Specification with guidance at the organization level for quantification and reporting of greenhouse gas emissions and
removals
ISO 14064-2:2006 Greenhouse gases – Part 2: Specification with guidance at the project level for quantification, monitoring and reporting of greenhouse gas emission
reductions or removals enhancements
ISO 14064-3:2006 Greenhouse gases – Part 3: Specification with guidance for the validation and verification of greenhouse gas assertions
ISO 14065:2013 Greenhouse gases – Requirements for greenhouse gas validation and verification bodies for use in accreditation or other forms of recognition
ISO 14066:2011 Greenhouse gases – Competence requirements for greenhouse gas validation teams and verification teams
ISO/TS 14067:2013 Greenhouse gases – Carbon footprint of products - Requirements and guidelines for quantification and communication
ISO/TR 14069:2013 Greenhouse gases – Quantification and reporting of greenhouse gas emissions for organizations – Guidance for the application of ISO 14064-1
ISO/TS 14071:2014 Environmental management – Life cycle assessment - Critical review processes and reviewer competencies: Additional requirements and guidelines to ISO
14044:2006
ISO/TS 14072:2014 Environmental management – Life cycle assessment - Requirements and guidelines for organizational life cycle assessment
ISO/TR 14073:2017 Environmental management – Water footprint - Illustrative examples on how to apply ISO 14046
ISO Guide 64:2008 Guide for addressing environmental issues in product standards
ISO 19011:2018 Guidelines for auditing management systems
which establishes the guidelines to adapt/apply the ISO 9001 standard “Governance and Management Framework for Green IT” (from now on,
[14] to the software field. GMGIT) [22,23], offering a framework to all types of organizations able
Ever since the Industrial Revolution, and especially in the twentieth to carry out the implementation, audit/evaluation and improvement of
century, until today, technological advances have occurred with a the Green IT from the point of view of the governance and the man-
constant rapid pace, and humankind, in most cases, has failed to adapt agement of this area.
these advances with the conservation of the environment [15]. That is After validating the GMGIT through different case studies at several
why, in recent years, the idea of Green IT has emerged for the protec- organizations [24,23,22,20], demonstrating its usefulness and validity,
tion of the environment [16], through which it is intended to contribute we have obtained a series of lessons learned and observations from the
to sustainability in and by the area of IT, reducing or minimizing the organizations. Among these lessons learned, it is worth mentioning the
impact of IT over the environment and using IT as a means to optimize comment/demand from organizations about the importance of con-
the use of resources in other areas. tinuing to evolve and expanding the scope of the framework through
Over the last few years, Green IT has received multiple definitions the inclusion/adaptation of international standards that allow stan-
from different points of view [17]. Of all these definitions, one of the dardizing and offering through the framework a guide to organizations
ones that best describes this area (adapted from [18]), refers to the that seek to obtain some type of certification in this regard.
Green IT as “the study and practice of design, build and use of hardware, Therefore, in the present study, we first analyze and classify the ISO
software and information technologies with a positive impact on the en- 14000 family of standards and, secondly, we carry out a proposal on
vironment”. how to adapt/include this ISO 14000 family of standards to the area of
This area of Green IT is a very young area that has rapidly gone from IT, through the GMGIT.
being just a trend followed by a few to a competitive need and ad- In order to carry out the analysis and classification of the ISO 14000
vantage followed by many. However, as it happens in all the begin- family of standards, we have decided to establish 3 classification di-
nings, Green IT area lacks standards and/or best practices (among mensions based on the stage of the life cycle affected, the objective and
others) that help organizations implement, evaluate and improve Green the scope of the standard. In this way we have obtained a more detailed
IT in their business models [17,19–21]. overview, which makes it easier to analyze the rules to adapt them to a
That is why we have carried out the development of the specific field.
181
On the other hand, to develop the proposal we have identified to the reputation of organizations due to sanctions, as well as helps
which standards are applicable to IT, through certain exclusion criteria, to build a very positive public image towards clients, regulatory
and we have analyzed in detail and applied each of these selected bodies and main stakeholders, increasing the confidence and com-
standards to the 35 processes of the GMGIT. We have also performed a mitment of all of these.
validation with experts to verify that the proposal of this study to adapt • Increase of competitive advantage: environmental awareness is
the ISO 14000 family of standards to IT is adequate and consistent. growing place in society and has become a determining factor in
The rest of the present study is organized as follows: Section 2 that organizations and consumers choose a particular product or
contains the background about ISO 14000, Green IT, and the GMGIT; service [4]. It has been demonstrated that carrying out sustainable
Section 3 shows the related works that currently exist in the Green IT practices with the environment in different areas of the business has
area (from the point of view of governance, management and auditing); an important competitive business advantage [8,9]. Therefore, fol-
Section 4 presents the proposal for the inclusion of ISO 14000 to the lowing this series of standards translates into an important compe-
area of IT, based on the integration of this family of standards within titive advantage, creating more and better business opportunities
the GMGIT; Section 5 shows the validation performed for the adapta- and relationships with customers, external organizations and sta-
tion of the ISO 14000 family of standards to IT proposed; finally, keholders.
Section 6 presents the conclusions and the proposals for future work. • Legislative compliance: the implementation of this series of stan-
Also, Appendix A shows in detail the inclusion of the ISO 14000 family dards serves to demonstrate that organizations comply with current
of standards in each of the processes included in the GMGIT. and future statutory and regulatory requirements with respect to the
environment and sustainability, helping to reduce the effort re-
2. Background quired to manage legal and administrative compliance (mitigating
trial risks, avoiding administrative sanctions, improving the position
2.1. ISO 14000 of organizations in tenders, etc.).
The ISO 14000 series of standards [12] (see Table 1) is a set of On the other hand, there are certain criticisms to this ISO 14000
international standards, developed by the International Organization for family of standards. There are several studies [25–27] that have ana-
Standardization (ISO) and published for the first time in 1996, through lyzed these criticisms and the benefits and reasons that lead organiza-
which it is offered to organizations of all types and sizes a set of tions to adopt the ISO 14000 family of standards. These studies em-
management tools to control their environmental aspects and improve phasize that the main reason is not based on being more
their environmental performance. environmentally sustainable, but in obtaining a better brand image that
The primary objective of the ISO 14000 family of standards is to attracts more clients and alliances with other organizations. Likewise,
support environmental protection and pollution prevention in harmony they also emphasize that the adoption of ISO 14000, most of the times,
with socio-economic needs. To this end, the standardization of ways to does not imply an improvement in environmental performance.
produce and provide services that protect the environment is promoted, However, despite these criticisms, we have decided to take this fa-
minimizing the harmful effects that organizational activities can cause. mily of standards as a reference to apply it to IT, since it is the only and
The ISO 14000 series of standards does not prescribe requirements the wide adopted international standard that addresses the issue of the
for environmental action, except for the requirement of commitment to implementation of sustainable practices in organizations that help to
continuous improvement and the obligation to comply with relevant the environmental performance. Likewise, these studies have not yet
legislation and regulations. The ISO 14000 does not declare the max- been carried out in organizations dedicated to IT area or organizations
imum allowable amount of carbon dioxide (CO2) emission, nor the of any kind that carry out Green IT practices. So, there could be a
maximum level of bacteriological content in the wastewater effluent, discrepancy with respect to the criticisms that are made in this regard.
among other pollutants. What ISO 14000 does specify are the require-
ments of an Environmental Management System (EMS), which, if properly 2.2. Green IT
maintained, will improve environmental performance by reducing im-
pacts, such as CO2 emissions and bacteriological effluents, among Since its inception, Green IT has received many definitions and has
others. referred to it using different terms [17]; Table 2 shows a compilation of
In this way, the ISO 14000 series of standards is specifically de- some of these terms and definitions that Green IT has received.
signed to provide organizations with all the necessary aspects to im- However, despite all these definitions, there is a lack of a global
plement and effectively manage an EMS. The EMS is intended to help definition of Green IT [28]. Therefore, carrying out an adaptation of
organizations identify those aspects of their business with a significant these definitions [18], in order to include the basic characteristics to
impact on the environment, and to comply with environmental objec- create a global definition, the simplest definition and that best describes
tives and goals to minimize them. what is the Green IT is:
The adoption of the ISO 14000 family of standards can provide a “Green IT is the study and practice of design, build and use of
number of fairly significant benefits to organizations, in addition to hardware, software and information technologies with a positive im-
their own benefits in terms of the environment, among which it is pact on the environment”
important to highlight: This definition is also accompanied by the idea that Green IT must
be understood and treated from two perspectives [29]:
• Cost savings/reduction: thanks to the reduction and more efficient
use of resources, to the reduction of waste generation and of the • Green by IT: in which IT is understood as a capacitator or enabler
costs of its disposal, to the improvement of efficiency in processes, (in the sense of Unhelkar [30]), providing the tools needed to allow
etc., a considerable savings in organizational costs is achieved. On tasks of diverse nature in diverse areas to be carried out in a sus-
the other hand, organizations that follow these sustainable stan- tainable manner for the environment.
dards are better placed to avoid possible fines and penalties for non- • Green in IT: in which IT is understood as a producer; that is, when
compliance with environmental legislation, as well as in obtaining IT itself has an impact on the environment due to its energy con-
potentially lower insurance premiums thanks to all of the above. sumption and the emissions it produces, which impact must there-
• Improvement of reputation and brand image: this family of fore be reduced.
standards helps reduce the risks associated with any cost or damage
182
Table 2
Terminologies and definitions of Green IT [6,18].
Terminology Definition Reference
Green IT “Green IT means using technology efficiently while taking into account the triple bottom line: economic viability, social Bachour and Chasteen
responsibility and environmental impact.” [31]
Eco-computing / Green computing “Set of best practices for the optimal use of computing resources. Green practices in technology can cover several Bachour [32]
phases of the product or service cycle: from acquisition to recycling and final disposal.”
Green IT “Green IT refers to the using of IT resources in an energy-efficient and cost-effective manner.” Bose and Luo [33]
Green IT / IT for Green “Green IT is the practice of designing, manufacturing, using and disposing of computer, servers and associated Cai et al. [34]
subsystems efficiently and effectively with minimal or no impact on the environment, with a strong focus on improving
energy efficiency and equipment utilization through steps such as designing energy efficient chips, virtualization,
reducing data center energy consumption, using renewable energy to power data centers, and reducing electronic
waste. IT for green is the use of information systems to enhance sustainability across the economy, with a focus on IT
as a solution.”
Green IS & IT “Green IS & IT refers to IS & IT products (e.g., software that manages an organization's overall emissions) and Chen et al. [35]
practices (e.g., disposal of IT equipment in an environmentally friendly way) that aims to achieve pollution prevention,
product stewardship, or sustainable development.”
Green IS / Green IT “Green IS refers to the use of information systems to achieve environmental objectives, while Green IT emphasizes Dedrick [36]
reducing the environmental impacts of IT production and use.”
Environmentally Sustainable ICT “The design, production, operation and disposal of ICT and ICT-enabled products and services in a manner that is not Elliot [37]
harmful and may be positively beneficial to the environment during the course of its whole-of-life.”
Environmental Sustainability of IT “Activities to minimize the negative impacts and maximize the positive impacts of human behavior on the environment Elliot [38]
through the design, production, application, operation, and disposal of IT and IT-enabled products and services
throughout their life cycle.”
Green IT “The aim of Green IT is to produce as little waste as possible during the whole IT lifecycle (development, operation and Erdélyi [29]
disposal).”
Green IT “Green IT is the systematic application of practices that enable the minimization of the environmental impact of IT, Erek et al. [39]
maximize efficiency and allow for company-wide emission reductions based on technology innovations.”
Green IT / IT for Green “Green IT defined as IT sectors own activity and its impact on environmental efficiency. Green applications of IT or IT Faucheux and Nicolaï [40]
for green defined as the impact of IT on other sectors environmental productivity, particularly in terms of energy
efficiency and carbon footprint.”
Green IT “Green IT denotes all activities and efforts incorporating ecologically friendly technologies and processes into the entire Hedwig et al. [41]
life cycle of information and communication technology.”
Green IT / Green IS “Green IT is mainly focused on energy efficiency and equipment utilization.” “Green IS, in contrast, refers to the design Jenkin et al. [42]
and implementation of information systems that contribute to sustainable business processes.”
Green IT “Green IT considers the resource and energy consumption of ICT itself, induced during the whole life cycle, and tries to Kern et al. [43]
optimize it.”
Green IS “Green IS is defined as the IS or IT used to achieve environmental sustainability.” Lei and Ngai [44]
Green IT “Green IT refers to the practices and process enabled by information systems (IS) that can enhance the economic and Lei and Ngai [45]
environmental performance of an organization.”
Green computing “Green computing refers to environmentally sustainable computing which studies and practices virtually all computing Lo and Qian [46]
efficiently and effectively with the little or no impact on the environment.”
Green IT “Green IT refers to environmentally sound IT. It's the study and practice of designing, manufacturing, using, and Murugesan [47]
disposing of computers, servers, and associated subsystems… efficiently and effectively with minimal or no impact on
the environment.”
Green IT “Green IT is an organization's ability to systematically apply environmental sustainability criteria (such as pollution Molla [48]
prevention, product stewardship, use of clean technologies) to the design, production, sourcing, use and disposal of the
IT technical infrastructure as well as within the human and managerial components of the IT infrastructure.”
Green IT “Therefore, both IT hardware manufacturers and firms using IT need to apply principles of environmental Molla and Abareshi [49]
sustainability, which include pollution prevention, product stewardship and sustainable development in managing IT.
Green IT refers to such practices.”
Green IT “Green IT is a systematic application of ecological-sustainability criteria (such as pollution prevention, product Molla et al. [50]
stewardship, use of clean technologies) to the creation, sourcing, use, and disposal of the IT technical infrastructure as
well as within the IT human and managerial practices.”
Green IT / Green IS “In the practitioner literature, much of the current attention is devoted to “Green IT”. We argue that this exclusive Watson et al. [51]
focus on information technologies is too narrow and should be extended to information systems, which we define as an
integrated and cooperating set of people, processes, software, and information technologies to support individual,
organizational, or societal goals. To the commonly used Green IT expression, we thus prefer the more encompassing
Green IS one, as it incorporates a greater variety of possible initiatives to support sustainable business processes.
Clearly, Green IS is inclusive of Green IT.”
2.3. Governance and Management Framework for Green IT and related Technology) [52], a framework developed by ISACA (In-
formation Systems Audit and Control Association), that is the default
After carrying out different investigations and analyzing the current standard for the governance, management and auditing of the different
studies in relation to the Green IT area [17,19,20], we realized the lack areas related to IT [53,54].
of standards and/or best practices and the need to develop a common From COBIT 5 we have taken the structure of 7 enablers that this
framework that help organizations in this area of Green IT. framework established (1. Principles, polices and frameworks; 2.
With this objective in mind we have developed the “Governance and Processes; 3. Organizational structures; 4. Culture, ethics and behavior;
Management Framework for Green IT” (GMGIT) [22,23], through 5. Information; 6. Services, infrastructure and applications; 7. People,
which we have established the main characteristics to implement, skills and competencies). For each enabler, we have defined and de-
evaluate/audit and improve in a gradual and organized way the Green veloped the elements and characteristics of Green IT for the governance
IT at organizations from the point of view of the governance and and management of this area.
management of this area. Of these 7 enablers, it is important to highlight the processes en-
The GMGIT is based on COBIT 5 (Control Objectives for Information abler, since these are the processes that are evaluated in an audit and
183
through which the characteristics of the other enablers are identified • First dimension: the ISO 14000 family of standards has been de-
and audited. COBIT 5 establishes a total of 37 processes (5 of govern- signed according to the Plan-Do-Check-Act (PDCA) cycle [65].
ance and 32 of management) organized in 5 domains (1 for governance Therefore, the first dimension is to follow this cycle to classify each
and 4 for management). Of these processes, 35 have been included and standard according to what part of the PDCA cycle corresponds to its
adapted to the Green IT in the latest version of the GMGIT [23], cov- application. The ISO itself carries out this classification with some of
ering all the business areas that affect and can be affected by the Green the standards of this family [66–69].
IT. The 2 excluded processes are due to the fact that they are directly • Second dimension: analyzing the objective of each one of the
related to security (“APO13. Manage security” and “DSS05. Manage standards of the ISO 14000 family (as well as, analyzing in a general
security services”) and, in this case, this area is not related to sustain- way the structure of other families of standards developed by ISO),
ability and Green IT. we have come to the conclusion of the existence of four groups that,
Appendix A shows these 35 processes included in the GMGIT, as as has been said before, are related to the objective of the standards.
well as the inclusion of the ISO 14000 family of standards in each of These four groups are: 1. Guidelines and requirements; 2.
these processes. Techniques and practices; 3. Examples; 4. Terminology and con-
On the other hand, the GMGIT has a guide to audit the Green IT, in cepts.
which a total of 600 audit questions have been established (300 to audit • Third dimension: in this regard, it is necessary to establish a
the Green in IT and 300 to audit the Green by IT), based on the gov- classification based on the scope, that is, towards which area of
ernance and management processes of Green IT. application each standard is oriented. Thus, we have established a
Furthermore, it is also important to highlight that the latest version total of 10 areas of application of the ISO 14000 family of standards,
of the GMGIT has a maturity model [23] based on the ISO/IEC 33000 which have been represented using a color code, as shown as a le-
standard [55]. In this maturity model, the 35 processes of the GMGIT gend on the labels at the bottom of the Fig. 1.
are divided into 5 maturity levels, allowing to gradually implement and
evaluate Green IT at organizations. Secondly, after carrying out the classification of the ISO 14000 fa-
mily of standards, it is necessary to analyze this classification in order to
3. Related work determine which standards are applicable to IT and which are not. To
do this, considering the characteristics and scope of the IT area (among
As previously mentioned, we have performed different research, other aspects), we have established the following exclusion criteria:
based on Systematic Mapping Studies (SMS) [56,57], in order to ac-
knowledge the state of the art in the area of governance, management • E1: standards whose objective is to provide examples or define
and auditing of Green IT [19], as well as about maturity models of terminology, that is, standards included in the groups “Examples”
sustainability and Green IT [20]. and “Terminology and Concepts”.
The first SMS [19], demonstrates the novelty of the area of gov- • E2: standards whose scope is not related to the scope of IT, that is,
ernance, management and auditing of Green IT, due to the lack of standards included in the groups “Water Footprint”, “Greenhouse
studies, frameworks and standards in that area. This SMS highlights two Gases”, “Material Flow”, and “Land Degradation”.
studies: the first study [58] carries out an analysis of the state of the art
of Green IT area and highlights the novelty of the area; and the second Therefore, following the classification of the ISO 14000 family of
study [59] contains a survey performed with internal auditors from standards shown in Fig. 1 and applying the established exclusion cri-
different organizations about their experience and opinions in the teria, the standards of this family that are applicable to IT are: ISO
Green IT area. Also, as gray literature we have found two other studies: 14001, ISO 14004, ISO 14005, ISO 14006, ISO 14015, ISO 14020, ISO
the study [60] analyzes the practices of Green IT carried out by orga- 14021, ISO 14024, ISO 14025, ISO 14026, ISO/TS 14027, ISO 14031,
nizations nowadays and demonstrates the lack of experience in this area ISO/TS 14033, ISO 14034, ISO 14040, ISO 14044, ISO 14045, ISO/TS
(due to the early stages of development of this area); while the study 14048, ISO/TR 14062, ISO 14063, ISO/TS 14071, ISO/TS 14072, ISO
[61] identifies what auditors should take into account in the Green IT Guide 64, ISO 19011.
area and underlines the absence of standards and/or frameworks in this Finally, after classifying and selecting the standards of the ISO
area. 14000 family that are applicable to IT, we analyzed each standard one
On the other hand, the second SMS [20] demonstrates again and by one and applied them to each of the 35 processes of the GMGIT. This
reconfirms the novelty of Green IT area, in this case from the point of inclusion has been carried out considering the context, scope, objective,
view of maturity models of sustainability and of Green IT, as well as the goals and outputs of each process, as well as its practices and activities
non-existence of solid and properly validated maturity models of Green that are specific to Green IT.
IT. Of the 27 studies found, only 9 are related to the Green IT, and of Fig. 2 shows how the inclusion of the ISO 14000 family of standards
these only 3 are noteworthy [62–64]. has been carried out in the GMGIT, with the example of the EDM01
It is also important to highlight that, after a general search and (Ensure governance framework setting and maintenance) process.
analysis of the literature related between the ISO 14000 family of Likewise, Appendix A contains the inclusion of the ISO 14000 family of
standards and IT, we have not been able to find any relevant study in standards in each of the 35 processes of the GMGIT.
this regard. The EDM01 process is responsible for evaluating, directing and
Therefore, all this shows the lack of studies related to Green IT area monitoring the governance system, in this case, of Green IT. Therefore,
and the need to establish specific frameworks and/or standards of following the inclusion of the ISO 14000 family of standards in this
Green IT, which are related and supported by recognized international example of the EDM01 process shown in Fig. 2, the justification of each
standards (as proposed through the present study by applying the ISO of the standards that have been considered in this process is explained
14000 family of standards to IT). below:
4. Inclusion of ISO 14000 to Information Technology • ISO 14001, ISO 14004:

○ 4. Context of the organization: the activities for evaluate the
First of all, before carrying out the inclusion of the ISO 14000 family governance system include the analysis and identification of the
of standards to IT, we had to collect, analyze and classify each of the internal and external factors of the context of the organization, as
standards of this family. To do this, we have established 3 classification well as the sustainability factors (legal, regulatory and con-
dimensions (as can be seen in Fig. 1): tractual requirements, trends…).
184
Fig. 1. Structure/classification of ISO 14000 family of standards.
○ 5.1. Leadership and commitment: when directing the governance content, as well as the documented information generated from
system, senior management must maintain its leadership (estab- these activities.
lishing the roadmap to follow and ensuring its compliance, ○ 9.3. Management review: during the monitoring of the govern-
among other activities), as well as must commit to the Green IT ance system, senior management must carry out an adequate
from the beginning. review that all aspects that concern the governance of Green IT
○ 7.4. Communication: communication is an essential aspect to be are being carried out and follow the established roadmap.
able to direct the governance system and make a correct decision- • ISO 14005:
making, systems of notification and communication must be es- ○ 5.1. Environmental communications: environmental commu-
tablished, assuring that these provide the proper information to nications are essential for the correct decision-making and di-
the appropriate people in positions of responsibility. rection of the governance system, so it is necessary to establish a
○ 7.5. Documented information: in order to evaluate, direct and correct communication system in this regard.
monitor the governance system it is necessary to have docu- ○ 5.2. Resources, roles, responsibility and authority: during the
mented information that is adequate in terms of format and management of the governance system, senior management must
Fig. 2. Example of inclusion at the GMGIT of ISO 14000 family of standards in the EDM01 (Ensure governance framework setting and maintenance) process.
185
assign responsibilities and authorities of Green IT. be considered and established to plan the phases of development,
○ 5.3. Competence, training and awareness: when assigning re- implementation, maintenance, and improvement of an environ-
sponsibilities and authorities of Green IT during the direction of mental management system. On the other hand, the EDM01 process
the governance system, senior management must know and es- also belongs to the “Plan” stage, since through this process the
tablish the necessary competences, as well as training and governance framework is established, identifying and planning the
awareness of the roles involved in the Green IT. necessary components (organizational structures, principles, pro-
○ 5.5. Documentation: throughout the process of evaluating, di- cesses, etc.) to start up the system of Green IT. Thus, in this first
recting and monitoring the governance system, environmental dimension both the standard and the process are within the same
documentation is generated and accessed, which must follow stage.
principles to ensure its correct adaptation depending on the • Second dimension (objective): the ISO 14005 standard belongs to
context, information, people to whom it is addressed, etc. the “Guidelines and Requirements” group, since it establishes the
○ 6.1. Identification of the organization's significant environmental guide that organizations must follow to carry out the planning of an
aspects: when evaluating the governance system, those factors/ environmental management system. For its part, the EDM01 process
aspects related to the environment have to be identified and also establishes a guide about the components that must be planned
analyzed, which allow establishing the appropriate road map. and established to implement a system of Green IT. Therefore, the
○ 6.2. Identification of the organization's legal and other require- standard and the process are guides that are related through the
ments: in the phase of evaluating the governance system, those different elements that they establish.
requirements related to the environment must be identified and • Third dimension (scope): the ISO 14005 standard is within the
analyzed (to establish the road map of Green IT), such as legal, scope of “Organizational Management”, since the planning guide
regulatory and contractual requirements, among others. that it establishes is framed within the decisions that are carried out
○ 6.3. Evaluation of compliance with the organization's legal and from the organizational governance and/or management. Likewise,
other requirements: during the monitoring of the governance the EDM01 process is within the scope of the governance, in this
system, senior management must evaluate that all the identified case, of Green IT, through which all the decision-making and
and established legal, regulatory and contractual requirements, planning at this organizational level is carried out. Therefore, both
among others, are met, in order to take appropriate actions that the standard and the process are within the same scope.
align the organization with said requirements.
○ 6.11. Management review of progress and performance: senior Thus, in this way, the ISO 14000 family of standards is applied to IT
management during the monitoring of the governance system through its inclusion to the 35 processes of the GMGIT, which are re-
must review and ensure the correct progress and performance of sponsible for covering all aspects and areas related to IT from the point
the aspects of Green IT that concern their governance. of view of how to bring sustainability to IT.
• ISO 14006:
○ 4. Role of top management in ecodesign: when directing the 5. Validation
governance system, senior management must have a well-defined
role in relation to ecodesign, since the activities derived from this To validate this proposal of applying the ISO 14000 family of
ecodesign must be supported by this senior management. standards to the area of IT (through the GMGIT), we took into con-
○ 5.6. Management review: senior management should review sideration a wide range of possible empirical studies [70–71] and ul-
during the evaluation, direction and monitoring of the govern- timately defined a questionnaire based on a Likert scale [72] which was
ance system that all aspects related to ecodesign are being ap- performed with 6 experts in the area.
plied correctly throughout the whole organization. First, as with the validations carried out with the GMGIT [24], we
• ISO/TR 14062: have decided to validate the application of ISO 14000 on the processes
○ 6. Management considerations: senior management from the of the first two maturity levels of the GMGIT [23]. This is because these
evaluation, direction and monitoring of the governance system processes are the ones that are being worked on most in the case studies
must establish, guide and supervise a series of considerations that are being carried out and, therefore, they are the ones with the
when integrating environmental aspects in the design and de- most experience and knowledge to carry out this kind of validation.
velopment of products and services. Second, regarding the questionnaire for the validation, following
• ISO 14063: the methodology established by this type of questionnaire based on the
○ 3. Principles of environmental communication: when directing Likert scale [72], a scale of 5 points has been established (−2: Strongly
the governance system, senior management must carry out an disagree; −1: Somewhat disagree; 0: Neither agree nor disagree; +1:
active and bidirectional communication of all aspects related to Somewhat agree; +2: Totally agree). Taking into account this scale, in
Green IT that are applicable, so the principles that guide this the questionnaire it has been requested that, for each process (including
communication must be established and followed. its specific practices and activities) and specific norm of the ISO 14000
○ 4.1. Management commitment: senior management must be family that has been applied in said process, the following question will
committed and aware of the environmental communication be answered based on the level in which the expert is within the es-
system, since the correct decision-making in the direction of the tablished scale: “Do you consider the part of the ISO 14000 family of
governance system depends on it. standards suitable for this process of the GMGIT?”.
Finally, the 6 selected experts correspond to the managers and re-
Likewise, it is important to highlight how the 3 classification di- presentatives of two Spanish organizations that have participated in the
mensions established to classify the ISO 14000 family standards (Fig. 1) case studies carried out with the GMGIT [24]. These experts have more
have been considered when carrying out the inclusion of the applicable than 15 years of experience in the area of IT and are proactively pur-
standards in the different processes of the GMGIT. Following the ex- suing a sustainable IT initiative within their organizations; so, their
ample of the EDM01 process, the justification that has been followed commitment and knowledge on issues related to sustainability (such as
for, for example, the inclusion of the ISO 14005 standard from the point the ISO 14000 family of standards) is also remarkable.
of view of the 3 classification dimensions is the following: Thus, once the questionnaire was performed with the different ex-
perts, an analysis of the results was carried out. Through this analysis,
• First dimension (PDCA): on the one hand, the ISO 14005 standard we have calculated the median (following the points established in the
belongs to the “Plan” stage, since it identifies the elements that must Likert scale) for each process and applicable standard (range of values
186
Table 3
Results of the evaluation questionnaire on the adequacy of the application of ISO 14000 family of standards to IT (processes of two first maturity levels of the
GMGIT).
BAI09 DSS01 APO01 APO02 APO06 APO08 APO10 BAI01 BAI02 BAI03
ISO 14001 +2 +2 +2 +2 +2 +2 +2 +2
ISO 14004 +2 +2 +2 +2 +2 +2 +2 +2
ISO 14005 +2 +2 +2 +2 +2 +2 +2 +2 +2 +2
ISO 14006 +2 +2 +2 +1 +2 +1 +2
ISO 14020 +1 +1
ISO 14021 +1 +1
ISO 14024 +2 +2
ISO 14025 +2 +2
ISO 14026 +2 +2
ISO/TS 14027 +1
ISO 14031 +1 +1 +1 +2
ISO/TS 14033 +1 +1 +1 +2
ISO 14040 +1
ISO 14044 +1
ISO 14045 +1
ISO/TR 14062 +2 +2
ISO 14063 +2 +2 +2
ISO/TS 14072 +2
ISO Guide 64 +2
from −2 “Strongly disagree” to +2 “Totally agree”). These results are just to name a few, have begun to establish regulations and roadmaps to
shown in Table 3, in which we can see that the experts are “Totally help and lead to all kind of organizations towards a sustainable de-
agree” and “Somewhat agree” about the application of the different velopment that protects the environment.
standards to the processes evaluated. Therefore, based on these results, Likewise, organizations like the International Organization for
it can be affirmed that the proposed application of the ISO 14000 family Standardization (ISO) have also realized the need to develop standards
of standards to IT that has been carried out in this study is adequate and dedicated to sustainability, and, in this respect, the ISO 14000 family of
consistent. standards has emerged. However, this ISO 14000 family of standards is
However, we are aware that the validation carried out only seeks to very generic, and it lacks an adaptation that provides the specific as-
know, as has been said, the consistency and adequacy of the application pects that guide in a more optimal and precise way the implementation
of certain standards of the ISO 14000 to IT. That is why there may be and development of sustainable practices, in this case, in the area of IT.
other standards (even from the same family that have been discarded in That is why, in the present study, we have carried out the appli-
Section 4) that have not been considered or analyzed and that can/ cation/inclusion of the ISO 14000 family of standards to the IT. For this
should be applied. Therefore, in future validations through case studies purpose, we have used as link/vehicle the “Governance and
it is intended, on the one hand, to continue the validation of the con- Management Framework for Green IT” [22,23], through which a guide
sistency and adequacy of the proposed application (mainly in order to is established to implement, audit and improve the governance and
validate based on experience the rest of the processes of the remaining management of Green IT in organizations.
maturity levels), and, on the other hand, identify and analyze new Through this proposal to adapt the ISO 14000 family of standards to
standards that can be applied in this context. IT, all business processes that are related to IT are covered, providing a
complete mapping regarding the standards of this family that must be
considered and applied in each of these processes. Thus, thanks to this
6. Conclusions and future work adaptation, the gap that existed in the ISO 14000 family of standards in
relation to IT is covered, allowing organizations of all types to directly
The changes that our society has experienced in recent years have access and have a comparison with a standardized guide when im-
been enormous. The vast majority of these changes have had their plementing the Green IT.
origin in the IT and the Technological Revolution that they have en- On the other hand, in contrast to the criticisms that exist towards
tailed. The rapid and vertiginous evolution of IT in recent decades has the ISO 14000 family of standards, during the empirical validations that
revolutionized not only organizations but also our lives in general. Our we have done with the GMGIT [24,23,22, 20], we have been able to
society, our jobs, our schools, our habits, and everything that surrounds verify that the organizations are more concerned about implementing
us in general has undergone a great evolution. Green IT practices that work properly and generate the expected ben-
A point of similarity could be established between the Technological efits, than to obtain a certification in the ISO 14000 family of standards.
Revolution and the Industrial Revolution, whose main difference lies in In fact, the organizations have been involved with the development and
the raw material of its machinery, that is, we go from a social hatching validation of the GMGIT before the ISO 14000 was applied/adapted to
based on the consumption of energy to a society whose fundamental this framework, and even before this idea arose. However, it is true that
good has become knowledge and information. the organizations have told us that the application of this family of
However, IT has not only become a determining and indispensable standards to the GMGIT would be an advance, since it would help to
area for society and organizations, but also an important and increas- make a more reliable and solid framework by having support in these
ingly strong enemy of the environment [73]. That is why the idea of standards. This alignment would also allow them in the future to con-
Green IT has arisen in order to stop this damaging advance of IT, re- sider the idea of being certified in the ISO 14000 series (something that
versing and turning IT into a beneficial asset for the environment. would make their involvement with sustainability visible and gain
The importance and relevance that sustainability and Green IT have popularity), but this objective is not what they currently have.
today in our society and for organizations, is growing to the point that So, from our experience, organizations that adopt Green IT practices
governmental organizations around the world, such as the Organization really seek to be sustainable in and by IT, adopting those standards/
for Economic Co-operation and Development (OECD) [74], the Eur- frameworks that are useful to them, without caring (at least for the
opean Economic Community (EEC) [3], the United Nations (UN) [2],
187
moment) the image they give in this regard. Likewise, we believe that We are at a crossroad for the future of our planet, our future and
the ISO 14000 family of standards is too generic, which causes that it that of our next generations, where sustainability has inevitably become
does not work and does not generate the expected results when applied the most important safe-conduct that we must defend and use wisely,
in certain areas. Thus, it is a useful family of standards, but specific since our lives are directly involved.
adaptations must be made to different areas, following the example of
ISO/IEC 90003 [13] that applies ISO 9001 [14] to software, and as Conflict of interest
proposed in this article in the application of ISO 14000 to IT.
In the same way, thanks to this advance, governors and managers of The authors declare no conflict of interest.
IT in organizations will obtain a great benefit in the areas for which
they are responsible and in their own work. As we have observed in the Acknowledgments
validations and results obtained with the GMGIT [24, 23, 22, 20], this is
a valid, useful, and applicable framework that helps and guides orga- We kindly thank the anonymous reviewers for their valuable com-
nizations when implementing the governance and management of ments, as well as the experts who have participated in validating this
Green IT, and through which they obtain better results regarding en- proposal. This work is the result of a PhD co-tutele agreement between
vironmental performance. Now, thanks to the adaptation of the ISO the University of Castilla-La Mancha and the University of Bari “Aldo
14000 family of standards to the GMGIT, governors and managers of IT Moro”. This work is part of the Industrial PhD DI-17-09612, funded by
will not only have a Green IT implementation guide, but they can also the Spanish Ministry of Science, Innovation and Universities; of the
integrate best practices (validated and internationally recognized) of project GINSENG (TIN2015-70259-C2-1-R), funded by the Spanish
the ISO 14000 series as they follow this guide. Ministry of Economy, Industry and Competitiveness and the ERDF
However, the work does not end here, since, currently and as a (European Regional Development Fund); of the project ECD (PTQ-16-
future work, we are working on validating this proposed adaptation of 08504), funded by the “Torres Quevedo” Program of the Spanish
the ISO 14000 family of standards to IT through several case studies at Ministry of Economy, Industry and Competitiveness; and of the project
international level with involvement of industry and stakeholders SOS (SBPLY/17/180501/000364), funded by the Ministry of
[70,71]. In turn, these new case studies will allow us to continue va- Education, Culture and Sports of the JCCM (Regional Government of
lidating and refining the GMGIT, now with a great evolution thanks to Castilla-La Mancha) and the ERDF (European Regional Development
the extension of the ISO 14000 family of standards. Fund).
Supplementary material
Supplementary material associated with this article can be found, in the online version, at doi:10.1016/j.csi.2019.03.007.
Appendix A. Inclusion of ISO 14000 in the GMGIT processes
A.1. EDM01. Ensure governance framework setting and maintenance
Table 4
Inclusion of ISO 14000 family of standards in EDM01 (Ensure governance framework setting and
maintenance) process.
Related standard Detailed reference
ISO 14001, ISO 14004 • 4. Context of the organization.

• 5.1. Leadership and commitment.
• 7.4. Communication.
• 7.5. Documented information.
• 9.3. Management review.
ISO 14005 • 5.1. Environmental communications.

• 5.2. Resources, roles, responsibility and authority.
• 5.3. Competence, training and awareness.
• 5.5. Documentation.
• 6.1. Identification of the organization's significant
environmental aspects.
• 6.2. Identification of the organization's legal and other
requirements.
• 6.3. Evaluation of compliance with the organization's
legal and other requirements.
• 6.11. Management review of progress and
performance.
ISO 14006 • 4. Role of top management in ecodesign.

ISO/TR 14062 • 6. Management considerations.
ISO 14063 • 3. Principles of environmental communication.

• 4.1. Management commitment.
188
A.2. EDM02. Ensure benefits delivery
Table 5
Inclusion of ISO 14000 family of standards in EDM02 (Ensure benefits delivery) process.
ISO 14001, ISO 14004 • 5.1. Leadership and commitment.

ISO 14005 • 6.11. Management review of progress and
performance.
ISO 14006 • 5.6. Management review.
ISO/TS 14033 • 4. Use of quantitative environmental information.
• 6. Guidelines.
A.3. EDM03. Ensure risk optimization
Table 6
Inclusion of ISO 14000 family of standards in EDM03 (Ensure risk optimization) process.

• 6.1. Actions to address risks and opportunities.
ISO 14005 • 6.11. Management review of progress and
performance.
A.4. EDM04. Ensure resource optimization
Table 7
Inclusion of ISO 14000 family of standards in EDM04 (Ensure resource optimization) process.

• 7.1. Resources.
ISO 14005 • 5.2. Resources, roles, responsibility and authority.
• 6.11. Management review of progress and
performance.
189
A.5. EDM05. Ensure stakeholder transparency
Table 8
Inclusion of ISO 14000 family of standards in EDM05 (Ensure stakeholder transparency) process.
ISO 14001, ISO 14004 • 4.2. Understanding the need and expectations of
interested parties.
• 5.1. Leadership and commitment.
ISO 14015 • 5. Reporting.
• 7. Critical review.
• 6.3. Critical review by panel of interested parties.
ISO 14045 • 6. Reporting and disclosure of results.
• 7.3. Critical review by panel of interested parties.
ISO/TS 14048 • 4. Formatting and reporting.
• 5. Specification of the data documentation format.
• 6. Data types.
• 7. Choice of nomenclature.
ISO 14063 • 5. Environmental communication strategy.
• 6. Environmental communication activities.
ISO/TS 14071 • 4. Critical review process and tasks.
• 5. Reviewer(s) competencies.
ISO/TS 14072 • 6. Reporting.
A.6. APO01. Manage the IT management framework
Table 9
Inclusion of ISO 14000 family of standards in APO01 (Manage the IT management framework)
process.
ISO 14001, ISO 14004 • 5.2. Environmental policy.

• 5.3. Organizational roles, responsibilities and
authorities.
• 7.2. Competence.
• 7.3. Awareness.
• 9.1. Monitoring, measurement, analysis and
evaluation.
• 10. Improvement.
• 5.2. Resources, roles, responsibility and authority.
• 6.4. Preparation and implementation of an
environmental policy.
• 6.10. Managing when things do not go as planned.
ISO 14006 • 5.2. Environmental policy.
• 5.4. Implementation and operation.
• 5.5. Checking.
• 5. Principles for generating and providing
quantitative environmental information.
• 6. Guidelines.
ISO 14063 • 4. Environmental communication policy.
190
A.7. APO02. Manage strategy
Table 10
Inclusion of ISO 14000 family of standards in APO02 (Manage strategy) process.
ISO 14001, ISO 14004 • 6.2. Environmental objectives and planning to

achieve them.
• 9.1. Monitoring, measurement analysis and
evaluation.
ISO 14005 • 6.5. Setting objectives and targets and establishing
program(s).
• 6.8. Environmental performance evaluation,
including monitoring and measurement.
ISO 14006 • 5.3. Planning.
• 5.5. Checking.
ISO 14031 • 4.3. Using data and information (Do).
ISO/TR 14062 • 5. Strategic considerations.
A.8. APO03. Manage enterprise architecture
Table 11
Inclusion of ISO 14000 family of standards in APO03 (Manage enterprise architecture) process.
ISO 14001, ISO 14004 • 6.2. Environmental objectives and planning to achieve them.
ISO 14005 • 6.5. Setting objectives and targets and establishing program(s).
A.9. APO04. Manage innovation
Table 12
Inclusion of ISO 14000 family of standards in APO04 (Manage innovation) process.
ISO 14001, ISO 14004 • 6.2. Environmental objectives and planning to achieve them.
ISO 14005 • 6.5. Setting objectives and targets and establishing program(s).
A.10. APO05. Manage portfolio
Table 13
Inclusion of ISO 14000 family of standards in APO05 (Manage portfolio) process.
ISO 14001, ISO 14004 • 7.5. Documented information.

evaluation.
ISO 14005 • 5.5. Documentation.
191
A.11. APO06. Manage budget and costs
Table 14
Inclusion of ISO 14000 family of standards in APO06 (Manage budget and costs) process.
ISO 14005 • 6.10. Managing when things do not go as planned.
A.12. APO07. Manage human resources
Table 15
Inclusion of ISO 14000 family of standards in APO07 (Manage human resources) process.
ISO 14001, ISO 14004 • 7.2. Competence.

• 7.3. Awareness.
evaluation.
ISO 14006 • 5.4. Implementation and operation.
ISO 14015 • 3. Roles and responsibilities.
A.13. APO08. Manage relationships
Table 16
Inclusion of ISO 14000 family of standards in APO08 (Manage relationships) process.
ISO 14001, ISO 14004 • 4.1. Understanding the organization and its context.
• 4.2. Understanding the need and expectations of
interested parties.
• 6.1. Actions to address risks and opportunities.
• 7.3. Awareness.
• 10.3. Continual improvement.
ISO 14063 • 5. Environmental communication strategy.
192
A.14. APO09. Manage service agreements
Table 17
Inclusion of ISO 14000 family of standards in APO09 (Manage service agreements) process.
ISO 14001, ISO • 7.5. Documented information.

14004
• 9.1. Monitoring, measurement, analysis and evaluation.
• 6.8. Environmental performance evaluation, including
monitoring and measurement.
ISO 14020 • 4. General principles.
ISO 14021 • 5. Requirements applying to all self-declared
environmental claims.
• 6. Evaluation and claim verification requirements.
• 7. Specific requirements for selected claims.
ISO 14024 • 5. Principles.
• 6. Procedures.
• 7. Certification and compliance.
• 7. Declaration requirements.
• 8. Verification.
• 6. Communication requirements.
• 7. Requirements for the use of data to support the
communication.
• 9. Verification requirements.
ISO/TS 14027 • 5. Principles.
• 6. PCR development.
• 7. PCR review.
• 8. PCR identification and registration.
• 9. Updating, revision, and expiration of PCR.
ISO 14031 • 4. Environmental performance evaluation.
• 5. Principles for generating and providing quantitative
environmental information.
• 6. Guidelines.
ISO/TR 14062 • 7. Product considerations.
• 8. Product design and development process.
ISO Guide 64 • 3. Basic principles and approaches.
• 4. Environmental aspects to be considered for
systematically addressing environmental issues in
product standards.
• 5. Identifying product environmental aspects using a
systematic approach.
• 6. Guidance for integrating environmental provisions in
the product standards.
A.15. APO10. Manage suppliers
Table 18
Inclusion of ISO 14000 family of standards in APO10 (Manage suppliers) process.
ISO 14001, ISO 14004 • 6.1. Actions to address risks and opportunities.
evaluation.
• 6. Guidelines.
ISO 14063 • 6. Environmental communication activities.
193
A.16. APO11. Manage quality
Table 19
Inclusion of ISO 14000 family of standards in APO11 (Manage quality) process.
ISO 14001, ISO 14004 • 6.2. Environmental objectives and planning to

achieve them.
evaluation.
ISO 14005 • 6.8. Environmental performance evaluation,
• 5.5. Checking.
• 6. Guidelines.
A.17. APO12. Manage risk
Table 20
Inclusion of ISO 14000 family of standards in APO12 (Manage risk) process.
evaluation.
ISO 14005 • 6.10. Managing when things do not go as planned.
A.18. BAI01. Manage programs and projects
Table 21
Inclusion of ISO 14000 family of standards in BAI01 (Manage programs and projects) process.
ISO 14001, ISO • 6.1. Actions to address risks and opportunities.

14004
• 9.1. Monitoring, measurement, analysis and evaluation.
ISO 14005 • 4. Undertaking and environmental-related project to
secure management support and commitment to begin the
phased implementation of an EMS.
• 5.5. Checking.
• 6. Guidelines.
194
A.19. BAI02. Manage requirements definition
Table 22
Inclusion of ISO 14000 family of standards in BAI02 (Manage requirements definition) process.
ISO 14005 • 6.2. Identification of the organization's legal and
other requirements.
A.20. BAI03. Manage solutions identification and build
Table 23
Inclusion of ISO 14000 family of standards in BAI03 (Manage solutions identification and build)
process.
ISO 14001, ISO • 9.1. Monitoring, measurement, analysis and evaluation.

14004
ISO 14005 • 6.3. Evaluation of compliance with the organization's
ISO 14006 • 5.5. Checking.
• 6. Ecodesign activities in product design and
development.
ISO 14021 • 5. Requirements applying to all self-declared
environmental claims.
• 6. Procedures.
• 7. Certification and compliance.
• 8. Verification.
• 6. Communication requirements.
• 7. Requirements for the use of data to support the
communication.
• 9. Verification requirements.
• 7. PCR review.
ISO/TR 14062 • 7. Product considerations.
• 8. Product design and development process.
ISO Guide 64 • 3. Basic principles and approaches.
• 4. Environmental aspects to be considered for
systematically addressing environmental issues in
product standards.
• 5. Identifying product environmental aspects using a
systematic approach.
• 6. Guidance for integrating environmental provisions in
the product standards.
195
A.21. BAI04. Manage availability and capacity
Table 24
Inclusion of ISO 14000 family of standards in BAI04 (Manage availability and capacity) process.

evaluation.
• 10.2. Nonconformity and corrective action.
• 6. Guidelines.
A.22. BAI05. Manage organizational change enablement
Table 25
Inclusion of ISO 14000 family of standards in BAI05 (Manage organizational change enablement)
process.

• 5.3. Organizational roles, responsibilities and
authorities.
• 7.2. Competence.
• 7.3. Awareness.
A.23. BAI06. Manage changes
Table 26
Inclusion of ISO 14000 family of standards in BAI06 (Manage changes) process.

evaluation.
• 5.5. Checking.
A.24. BAI07. Manage change acceptance and transitioning
Table 27
Inclusion of ISO 14000 family of standards in BAI07 (Manage change acceptance and transitioning)
process.

evaluation.
196
A.25. BAI08. Manage knowledge
Table 28
Inclusion of ISO 14000 family of standards in BAI08 (Manage knowledge) process.
Related standard Detailed seference
ISO 14001, ISO 14004 • 7.2. Competence.

• 7.3. Awareness.
ISO 14005 • 5.3. Competence, training and awareness.
• 5.4. Records.
• 5.6. Document control.
A.26. BAI09. Manage assets
Table 29
Inclusion of ISO 14000 family of standards in BAI09 (Manage assets) process.
ISO 14005 • 5.4. Records.

ISO 14021 • 5. Requirements applying to all self-declared environmental
claims.
• 6. Procedures.
• 7. PCR review.
ISO 14040 • 5. Methodological framework.
ISO 14044 • 4. Methodological framework for LCA.
ISO 14045 • 5. Methodological framework.
ISO/TS 14072 • 5. Organizational Life Cycle Assessment.
A.27. BAI10. Manage configuration
Table 30
Inclusion of ISO 14000 family of standards in BAI10 (Manage configuration) process.

197
A.28. DSS01. Manage operations
Table 31
Inclusion of ISO 14000 family of standards in DSS01 (Manage operations) process.

• 8.1. Operational planning and control.
evaluation.
• 6.6. Operational control.
• 5.5. Checking.
• 6. Guidelines.
A.29. DSS02. Manage service requests and incidents
Table 32
Inclusion of ISO 14000 family of standards in DSS02 (Manage service requests and in-
cidents) process.

• 8.2. Emergency preparedness and response.
A.30. DSS03. Manage problems
Table 33
Inclusion of ISO 14000 family of standards in DSS03 (Manage problems) process.

• 8.2. Emergency preparedness and response.
198
A.31. DSS04. Manage continuity
Table 34
Inclusion of ISO 14000 family of standards in DSS04 (Manage continuity) process.
ISO 14001, ISO 14004 • 8.2. Emergency preparedness and response.

• 6.7. Planning for and responding to emergencies.
A.32. DSS06. Manage business process controls
Table 35
Inclusion of ISO 14000 family of standards in DSS06 (Manage business process controls) process.

• 8.1. Operational planning and control.
• 5.5. Checking.
A.33. MEA01. Monitor, evaluate and assess performance and conformance
Table 36
Inclusion of ISO 14000 family of standards in MEA01 (Monitor, evaluate and assess performance and
conformance) process.
ISO 14001, ISO 14004 • 6.2. Environmental objectives and planning to achieve
them.
evaluation.
• 5.5. Checking.
• 6. Guidelines.
ISO 14063 • 6. Environmental communication activities
199
A.34. MEA02. Monitor, evaluate and assess the system of internal control
Table 37
Inclusion of ISO 14000 family of standards in MEA02 (Monitor, evaluate and assess the system of
internal control) process.
ISO 14001, ISO 14004 •7.2. Competence.

•7.4. Communication.
•7.5. Documented information.
•8.1. Operational planning and control.
• 9.2. Internal audit.
• 6.9. Internal audits.
• 5.5. Checking.
ISO 14015 • 3. Roles and responsibilities.
• 4. Assessment process.
• 5. Reporting.
• 6. Guidelines.
ISO 14034 • 4. General principles and requirements.
• 5. Environmental technology verification.
ISO 14040 • 7. Critical review.
ISO 14044 • 6.2. Critical review by internal or external expert.
ISO 14045 • 7.2. Critical review by internal or external expert.
ISO 14063 • 6. Environmental communication activities.
ISO/TS 14071 • 4. Critical review process and tasks.
• 5. Reviewer(s) competencies.
ISO 19011 • 4. Principles of auditing.
• 5. Managing an audit program.
• 6. Conducting an audit.
• 7. Competence and evaluation of auditors.
35. MEA03. Monitor, evaluate and assess compliance with external requirements
Table 38
Inclusion of ISO 14000 family of standards in MEA03 (Monitor, evaluate and assess compliance with
external requirements) process.
ISO 14001, ISO 14004 • 4. Context of the organization.

• 6.2. Identification of the organization's legal and
other requirements.
• 6.3. Evaluation of compliance with the organization's
• 5.5. Checking.
References the Regions on the Implementation of the Circular Economy Action Plan, European
Commission, Brussels, BR, Belgium, 2017.
[4] J.A. Cazier, B.E. Hopkins, Doing the Right Thing for the Environment Just Got
[1] G. Brundtland, M. Khalid, S. Agnelli, S. Al-Athel, B. Chidzero, L. Fadika, ... S. Okita, Easier with a Little Help from Information Systems, SIGGreen Workshop. Sprouts:
Our Common Future (“Brundtland Report”), Oxford University Press, Oxford, OX, Working Papers on Information Systems, 11 (10) 2011.
United Kingdom, 1987. [5] J. Brodkin, Economy Driving Green IT Initiatives, Netw. World 25 (49) (2008) 16.
[2] United Nations, Transforming Our World: The 2030 Agenda for Sustainable [6] Q. Deng, S. Ji, Organizational Green IT Adoption: concept and Evidence,
Development, Seventieth Session of the United Nations General Assembly, 2015 Sustainability 7 (12) (2015) 16737–16755 https://dx.doi.org/10.3390/
Resolution A/RES/70/1. su71215843.
[3] European Commission, Report from the Commission to the European Parliament, [7] T.A. Jenkin, L. McShane, J. Webster, Green Information Technologies and Systems:
the Council, the European Economic and Social Committee and the Committee of Employees’ Perceptions of Organizational Practices, Bus. Soc. 50 (2) (2011)
200
266–314 https://dx.doi.org/10.1177/0007650311398640. [37] S. Elliot, Environmentally ICT: A Critical Topic for IS Research? 11th Pacific Asia
[8] W. Wimmer, K.M. Lee, F. Quella, J. Polak, ECODESIGN. The Competitive Conference on Information Systems (PACIS 2007), 2007, p. 114.
Advantage, Springer Netherlands, Dordrecht, ZH, The Netherlands, 2010https://dx. [38] S. Elliot, Transdisciplinary Perspectives on Environmental Sustainability: A
doi.org/10.1007/978-90-481-9127-7. Resource Base and Framework for IT-Enabled Business Transformation, MIS Q. 35
[9] D.M. Simmonds, A. Bhattacherjee, Green IT Adoption and Sustainable Value (1) (2011) 197–236 https://dx.doi.org/10.2307/23043495.
Creation, 20th Americas Conference on Information Systems (AMCIS 2014), 2014, [39] K. Erek, F. Loeser, N.H. Schmidt, R. Zarnekow, L.M. Kolbe, Green IT Strategies: a
pp. 2550–2565. Case Study-Based Framework for Aligning Green IT with Competitive
[10] M. Hertel, J. Wiesent, Investments in information systems: a contribution towards Environmental Strategies, 15th Pacific Asia Conference on Information Systems
sustainability, Inf. Syst. Front. 15 (5) (2013) 815–829 https://doi.org/10.1007/ (PACIS 2011), 2011, p. 59.
s10796-013-9417-x. [40] S. Faucheux, I. Nicolaï, IT for Green and Green IT: a Proposed Typology of Eco-
[11] M.J. Epstein, A.R. Buhovac, Making Sustainability Work: Best Practices in Innovation, Ecol. Econ. 70 (11) (2011) 2020–2027 https://dx.doi.org/10.1016/j.
Managing and Measuring Corporate Social, Environmental, and Economic Impacts, ecolecon.2011.05.019.
2nd Edition, Berrett-Koehler Publishers, San Francisco, CA, USA, 2014. [41] M. Hedwig, S. Malkowski, D. Neumann, Taming Energy Costs of Large Enterprise
[12] ISO, ISO 14000, Environmental Management Systems, International Organization Systems through Adaptive Provisioning, 30th International Conference on
for Standardization, Geneva, CH, Switzerland, 2015. Information Systems (ICIS 2009), 2009.
[13] ISO, ISO/IEC 90003 (Software Engineering – Guidelines for the Application of ISO [42] T.A. Jenkin, J. Webster, L. McShane, An Agenda for “Green” Information
9001:2008 to Computer Software), International Organization for Standardization, Technology and Systems Research, Inf. Organ. 21 (1) (2011) 17–40 https://dx.doi.
Geneva, CH, Switzerland, 2014. org/10.1016/j.infoandorg.2010.09.003.
[14] ISO, ISO 9001 (Quality Management Systems – Requirements), International [43] E. Kern, M. Dick, S. Naumann, A. Guldner, T. Johann, Green Software and Green
Organization for Standardization, Geneva, CH, Switzerland, 2015. Software Engineering – Definitions, Measurements, and Quality Aspects, First
[15] K. Schwab, The Fourth Industrial Revolution, The Crown Publishing Group, International Conference on ICT for Sustainability (ICT4S 2013), 2013, pp. 87–94
Danvers, MA, USA, 2017. https://dx.doi.org/10.3929/ethz-a-007337628.
[16] Green Information Technology: A Sustainable Approach, in: M. Dastbaz, [44] C.F. Lei, E.W.T. Ngai, Green IS Assimilation: a Theoretical Framework and Research
C. Pattinson, B. Akhgar (Eds.), Green Information Technology: A Sustainable Agenda, 18th Americas Conference on Information Systems (AMCIS 2012), 2012,
Approach, Morgan Kaufmann, Waltham, MA, USA, 2015. p. 2.
[17] C. Calero, M. Piattini, Puzzling out Software Sustainability, Sustainable Computing: [45] C.F. Lei, E.W.T. Ngai, Green IT Adoption: an Academic Review of Literature, 17th
Informatics and Systems 16 (2017) 117–124 https://dx.doi.org/10.1016/j.suscom. Pacific Asia Conference on Information Systems (PACIS 2013), 2013, p. 95.
2017.10.011. [46] C.T.D. Lo, K. Qian, Green Computing Methodology for Next Generation Computing
[18] Green in Software Engineering, in: C. Calero, M. Piattini (Eds.), Green in Software Scientists, IEEE 34th Annual Computer Software and Applications Conference
Engineering, Springer International Publishing AG, Cham, ZG, Switzerland, 2015. (COMPSAC 2010), 2010, pp. 250–251 https://dx.doi.org/10.1109/COMPSAC.
[19] J.D. Patón-Romero, M. Piattini, Indicators for Green in IT Audits: A Systematic 2010.31.
Mapping Study, 3rd International Workshop on Measurement and Metrics for Green [47] S. Murugesan, Harnessing Green IT: principles and Practices, IT Prof. 10 (1) (2008)
and Sustainable Software Systems (MeGSuS’16), 2016, pp. 4–12. 24–33 https://dx.doi.org/10.1109/MITP.2008.10.
[20] J.D. Patón-Romero, M.T. Baldassarre, M. Rodríguez, M. Piattini, Green IT [48] A. Molla, Organizational Motivations for Green IT: exploring Green IT Matrix and
Governance and Management based on ISO/IEC 15504, Comput. Stand. Interfaces Motivation Models, 13th Pacific Asia Conference on Information Systems (PACIS
60 (2018) 26–36 https://dx.doi.org/10.1016/j.csi.2018.04.005. 2009), 2009, p. 13.
[21] G.A. García-Mireles, M.A. Moraga, F. García, C. Calero, M. Piattini, Interactions [49] A. Molla, A. Abareshi, Green IT Adoption: a Motivational Perspective, 15th Pacific
between Environmental Sustainability Goals and Software Product Auality: A Asia Conference on Information Systems (PACIS 2011), 2011, p. 137.
Mapping Study, Inf. Softw. Technol. 95 (2018) 108–129 https://dx.doi.org/10. [50] A. Molla, V. Cooper, S. Pittayachawan, The Green IT Readiness (G-readiness) of
1016/j.infsof.2017.10.002. Organizations: an Exploratory Analysis of a Construct and Instrument, Commun.
[22] J.D. Patón-Romero, M.T. Baldassarre, M. Piattini, I. García Rodríguez de Guzmán, A Assoc. Inf. Syst. 29 (1) (2011) 67–96.
Governance and Management Framework for Green IT, Sustainability 9 (10) (2017) [51] R.T. Watson, M. Boudreau, A.J. Chen, Information Systems and Environmentally
1761 https://dx.doi.org/10.3390/su9101761. Sustainable Development: Energy Informatics and New Directions for the IS
[23] J.D. Patón-Romero, M.T. Baldassarre, M. Rodríguez, M. Piattini, A Revised Community, MIS Q. 34 (1) (2010) 23–38 https://dx.doi.org/10.2307/20721413.
Framework for the Governance and Management of Green IT, J. Univers. Comput. [52] ISACA, COBIT 5: A Business Framework for the Governance and Management of
Sci. (Under Peer Review). Enterprise IT, ISACA, Rolling Meadows, IL, USA, 2012.
[24] J.D. Patón-Romero, M.T. Baldassarre, M. Rodríguez, M. Piattini, Governance and [53] ISACA, COBIT Global Regulatory and Legislative Recognition, ISACA, Rolling
Management of Green IT: A Multi-Case Study, Empir. Softw. Eng. (Under Peer Meadows, IL, USA, 2014 Available online at https://www.isaca.org/COBIT/
Review). Documents/Recognition-table.pdf.
[25] V.F. Vílchez, The Dark Side of ISO 14001: the Symbolic Environmental Behavior, [54] Wikipedia, Corporate Governance of Information Technology. Available online at
Eur. Res. Manag. Bus. Econ. 23 (1) (2017) 33–39 https://dx.doi.org/10.1016/j. https://en.wikipedia.org/wiki/Corporate_governance_of_information_technology.
iedeen.2016.09.002. [55] ISO, ISO/IEC 33000 (Information Technology — Process Assessment), International
[26] L.L. Benites-Lazaro, L. Giatti, A. Giarolla, Sustainability and Governance of Organization for Standardization, Geneva, CH, Switzerland, 2015.
Sugarcane Ethanol Companies in Brazil: topic Modeling Analysis of CSR Reporting, [56] D. Budgen, M. Turner, P. Brereton, B. Kitchenham, Using Mapping Studies in
J. Clean. Prod. 197 (2018) 583–591 https://dx.doi.org/10.1016/j.jclepro.2018.06. Software Engineering, 20th Annual Meeting of the Psychology of Programming
212. Interest Group (PPIG 2008), 2008, pp. 195–204.
[27] D. Aravind, P. Christmann, Decoupling of Standard Implementation from [57] B. Kitchenham, Guidelines For Performing Systematic Literature Reviews in
Certification: does quality of ISO 14001 implementation affect facilities’ environ- Software Engineering, Version 2.3, Keele, UK, 2007 EBSE Technical Report.
mental performance? Bus. Ethics Q. 21 (1) (2011) 73–102 https://dx.doi.org/10. [58] C. Gabriel, Why it's not naive to be green, Bus. Inf. Rev. 25 (4) (2008) 230–237
5840/beq20112114. https://dx.doi.org/10.1177/0266382108098865.
[28] T. Velte, A. Velte, R.C. Elsenpeter, Green IT:, Reduce Your Information System's [59] G.L. Gray, W.G. No, D.W. Miller, Internal Auditors’ Experiences and Opinions
Environmental Impact While Adding to the Bottom Line, McGraw-Hill, Inc, New Regarding Green IT: Assessing the Gap in Normative and Positive Perspectives, J.
York, NY, USA, 2008. Inf. Syst. 28 (1) (2014) 75–109 https://dx.doi.org/10.2308/isys-50694.
[29] K. Erdélyi, Special factors of development of green software supporting eco sus- [60] G.L. Gray, Green IT Opportunities for Internal Auditors, The Institute of Internal
tainability, IEEE 11th International Symposium on Intelligent Systems and Auditors Research Foundation (IIARF), Altamonte Springs, FL, USA, 2011.
Informatics (SISY 2013), 2013, pp. 337–340. [61] E.L. Ambtman, Green IT Auditing, Post-graduate Thesis Vrije Universiteit
[30] B. Unhelkar, Green IT Strategies and Applications: Using Environmental Amsterdam, Amsterdam, NH, The Netherlands, 2011.
Intelligence, CRC Press, Boca Raton, FL, USA, 2011. [62] A. Buchalcevova, Green ICT Maturity Model for Czech SMEs, J. Syst. Integr. 6 (1)
[31] N. Bachour, L. Chasteen, Optimizing the Value of Green IT Projects within (2015) 24–36 https://dx.doi.org/10.20470/jsi.v6i1.220.
Organizations, 2010 IEEE Green Technologies Conference, 2010, pp. 1–10 https:// [63] M. Curley, J. Kenneally, M. Carcary, IT Capability Maturity Framework (IT-CMF).
dx.doi.org/10.1109/GREEN.2010.5453804. The Body of Knowledge Guide, Second Edition, Van Haren Publishing, Zaltbommel,
[32] N. Bachour, Green IT Project Management: optimizing the Value of Green IT GE, The Netherlands, 2016, pp. 103–118.
Projects within Organizations, in: W. Hu, N. Kaabouch (Eds.), Sustainable ICTs and [64] A. Hankel, L. Oud, M. Saan, P. Lago, A Maturity Model for Green ICT: the case of the
Management Systems For Green Computing, IGI Global, Hershey, PA, USA, 2012, SURF Green ICT Maturity Model, 28th EnviroInfo 2014 Conference, 2014, pp.
pp. 146–178 https://dx.doi.org/10.4018/978-1-4666-1839-8.ch007. 33–40.
[33] R. Bose, X. Luo, Integrative Framework for Assessing Firms’ Potential to Undertake [65] N.R. Tague, Plan–Do–Study–Act Cycle, The Quality Toolbox, 2nd Edition, ASQ
Green IT Initiatives via Virtualization – A Theoretical Perspective, J. Strat. Inf. Syst. Quality Press, Milwaukee, WI, USA, 2005, pp. 390–393.
20 (1) (2011) 38–54 https://dx.doi.org/10.1016/j.jsis.2011.01.003. [66] ISO, Environmental Management - The ISO 14000 Family of International
[34] S. Cai, X. Chen, I. Bose, Exploring the Role of IT for Environmental Sustainability in Standards, International Organization for Standardization, Geneva, CH,
China: an Empirical Analysis, Int. J. Prod. Econ. 146 (2) (2013) 491–500 https://dx. Switzerland, 2009 Available online at https://www.iso.org/files/live/sites/isoorg/
doi.org/10.1016/j.ijpe.2013.01.030. files/archive/pdf/en/theiso14000family_2009.pdf.
[35] A.J. Chen, R.T. Watson, M.C. Boudreau, E. Karahanna, Organizational Adoption of [67] C. Pardo, F.J. Pino, F. García, M. Piattini, M.T. Baldassarre, S. Lemus,
Green IS & IT: an Institutional Perspective, 30th International Conference on Homogenization, Comparison and Integration: a Harmonizing Strategy for the
Information Systems (ICIS 2009), 2009. Unification of Multi-models in the Banking Sector, 12th International Conference on
[36] J. Dedrick, IS Green, Concepts and Issues for Information Systems Research, Product-Focused Software Development and Process Improvement (PROFES 2011),
Commun. Assoc. Inf. Syst. 27 (1) (2010) 173–184. 2011, pp. 59–72 https://dx.doi.org/10.1007/978-3-642-21843-9_7.
201
[68] C. Pardo, F. Pino, F. García, F.R. Romero, M. Piattini, M.T. Baldassarre, [71] P. Ardimento, D. Caivano, M. Cimitile, G. Visaggio, Empirical Investigation of the
HProcessTOOL: a Support Tool in the Harmonization of Multiple Reference Models, Efficacy and Efficiency of Tools for Transferring Software Engineering Knowledge,
2011 International Conference on Computational Science and Its Applications Journal of Information and Knowledge Management 7 (3) (2008) 197–207 https://
(ICCSA 2011), 2011, pp. 370–382 https://dx.doi.org/10.1007/978-3-642-21934- dx.doi.org/10.1142/S0219649208002081.
4_30. [72] R. Likert, A Technique for the Measurement of Attitudes, Archives of Psychology 22
[69] M.T. Baldassarre, M. Piattini, F.J. Pino, G. Visaggio, Comparing ISO/IEC 12207 and (140) (1932) 1–55.
CMMI-DEV: towards a Mapping of ISO/IEC 15504-7, Workshop of Software Quality [73] Ericsson, Ericsson Energy and Carbon Report: On the Impact of the Networked
at 31st International Conference on Software Engineering (ICSE 2009), 2009, pp. Society, Ericsson AB, Stockholm, AB, Sweden, 2013https://www.ericsson.com/res/
59–64 https://dx.doi.org/10.1109/WOSQ.2009.5071558. docs/2013/ericsson-energy-and-carbon-report.pdf.
[70] M.T. Baldassarre, D. Caivano, G. Visaggio, Empirical Studies for Innovation [74] A. Mickoleit, Greener and Smarter: ICTs, the Environment and Climate Change,
Dissemination: ten Years of Experience, 17th International Conference on 2010 OECD Green Growth Papers 2010/01 https://dx.doi.org/10.1787/
Evaluation and Assessment in Software Engineering (EASE 2013), 2013, pp. 5k9h3635kdbt-en.
144–152 https://dx.doi.org/10.1145/2460999.2461020.
202

Application of ISO 14000 To Information Technology Governance and Management

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Application of ISO 14000 To Information Technology Governance and Management

Uploaded by

Copyright:

Available Formats

Computer Standards & Interfaces 65 (2019) 180–202

Contents lists available at ScienceDirect

Computer Standards & Interfaces

Application of ISO 14000 to Information Technology Governance and T

ARTICLE INFO ABSTRACT

4. Inclusion of ISO 14000 to Information Technology • ISO 14001, ISO 14004:

Fig. 1. Structure/classification of ISO 14000 family of standards.

Appendix A. Inclusion of ISO 14000 in the GMGIT processes

A.1. EDM01. Ensure governance framework setting and maintenance

ISO 14001, ISO 14004 • 4. Context of the organization.

ISO 14005 • 5.1. Environmental communications.

ISO 14006 • 4. Role of top management in ecodesign.

ISO 14063 • 3. Principles of environmental communication.

A.2. EDM02. Ensure benefits delivery

ISO 14001, ISO 14004 • 5.1. Leadership and commitment.

A.3. EDM03. Ensure risk optimization

ISO 14001, ISO 14004 • 5.1. Leadership and commitment.

A.4. EDM04. Ensure resource optimization

ISO 14001, ISO 14004 • 5.1. Leadership and commitment.

A.5. EDM05. Ensure stakeholder transparency

A.6. APO01. Manage the IT management framework

ISO 14001, ISO 14004 • 5.2. Environmental policy.

A.7. APO02. Manage strategy

ISO 14001, ISO 14004 • 6.2. Environmental objectives and planning to

A.8. APO03. Manage enterprise architecture

A.9. APO04. Manage innovation

A.10. APO05. Manage portfolio

ISO 14001, ISO 14004 • 7.5. Documented information.

A.11. APO06. Manage budget and costs

ISO 14005 • 6.10. Managing when things do not go as planned.

A.12. APO07. Manage human resources

ISO 14001, ISO 14004 • 7.2. Competence.

A.13. APO08. Manage relationships

A.14. APO09. Manage service agreements

ISO 14001, ISO • 7.5. Documented information.

A.15. APO10. Manage suppliers

A.16. APO11. Manage quality

ISO 14001, ISO 14004 • 6.2. Environmental objectives and planning to

A.17. APO12. Manage risk

A.18. BAI01. Manage programs and projects

ISO 14001, ISO • 6.1. Actions to address risks and opportunities.

A.19. BAI02. Manage requirements definition

A.20. BAI03. Manage solutions identification and build

ISO 14001, ISO • 9.1. Monitoring, measurement, analysis and evaluation.

A.21. BAI04. Manage availability and capacity

ISO 14001, ISO 14004 • 7.5. Documented information.

A.22. BAI05. Manage organizational change enablement

ISO 14001, ISO 14004 • 5.1. Leadership and commitment.

A.23. BAI06. Manage changes

ISO 14001, ISO 14004 • 7.5. Documented information.

A.24. BAI07. Manage change acceptance and transitioning

ISO 14001, ISO 14004 • 7.5. Documented information.

A.25. BAI08. Manage knowledge

ISO 14001, ISO 14004 • 7.2. Competence.

A.26. BAI09. Manage assets

ISO 14005 • 5.4. Records.

A.27. BAI10. Manage configuration

ISO 14001, ISO 14004 • 7.5. Documented information.

A.28. DSS01. Manage operations

ISO 14001, ISO 14004 • 7.5. Documented information.

A.29. DSS02. Manage service requests and incidents

ISO 14001, ISO 14004 • 7.5. Documented information.

A.30. DSS03. Manage problems