ISO Frameworks

Overview

1
ISO
• ISO (International Organization for Standardization) is the
world's largest developer and publisher of International
Standards.
• ISO is a network of the national standards institutes of 161
countries, one member per country, with a Central Secretariat in
Geneva, Switzerland, that coordinates the system.
• ISO is a non-governmental organization that forms a bridge
between the public and private sectors. On the one hand, many of
its member institutes are part of the governmental structure of their
countries, or are mandated by their government. On the other hand,
other members have their roots uniquely in the private sector,
having been set up by national partnerships of industry
associations.
• Therefore, ISO enables a consensus to be reached on solutions
that meet both the requirements of business and the broader
needs of society.

2
ISO History
• In 1946, delegates from 25 countries met in London and
decided to create a new international organization, of
which the object would be "to facilitate the international
coordination and unification of industrial standards". The
new organization, ISO, officially began operations on 23
February 1947, in Geneva, Switzerland.
• ISO is the world largest standards developing
organization. Between 1947 and the present day, ISO
has published more than 17500 International Standards,
ranging from standards for activities such as agriculture
and construction, through mechanical engineering, to
medical devices, to the newest information technology
developments.

3
ISO’s Name
• Because "International Organization for
Standardization" would have different acronyms
in different languages ("IOS" in English, "OIN" in
French for Organisation internationale de
normalisation), its founders decided to give it
also a short, all-purpose name. They chose
"ISO", derived from the Greek isos, meaning
"equal". Whatever the country, whatever the
language, the short form of the organization's
name is always ISO.

4
ISO Standards
ISO standards:
• make the development, manufacturing and supply of products and
services more efficient, safer and cleaner
• facilitate trade between countries and make it fairer
• provide governments with a technical base for health, safety and
environmental legislation, and conformity assessment
• share technological advances and good management practice
• disseminate innovation
• safeguard consumers, and users in general, of products and
services
• make life simpler by providing solutions to common problems

5
ISO Standards Benefits
• ISO standards provide technological, economic and societal benefits.
• For businesses, the widespread adoption of International Standards means
that suppliers can develop and offer products and services meeting
specifications that have wide international acceptance in their sectors.
Therefore, businesses using International Standards can compete on many
more markets around the world.
• For innovators of new technologies, International Standards on aspects like
terminology, compatibility and safety speed up the dissemination of
innovations and their development into manufacturable and marketable
products.
• For customers, the worldwide compatibility of technology which is achieved
when products and services are based on International Standards gives
them a broad choice of offers. They also benefit from the effects of
competition among suppliers.
• For governments, International Standards provide the technological and
scientific bases underpinning health, safety and environmental legislation.
• For trade officials, International Standards create "a level playing field"
for all competitors on those markets. The existence of divergent national or
regional standards can create technical barriers to trade. International
Standards are the technical means by which political trade agreements can
be put into practice.

6
ISO Standards Benefits ..Contd.
• For developing countries, International Standards that represent
an international consensus on the state of the art are an important
source of technological know-how. By defining the characteristics
that products and services will be expected to meet on export
markets, International Standards give developing countries a basis
for making the right decisions when investing their scarce
resources and thus avoid squandering them.
• For consumers, conformity of products and services to
International Standards provides assurance about their quality,
safety and reliability.
• For everyone, International Standards contribute to the quality of
life in general by ensuring that the transport, machinery and tools
we use are safe.
• For the planet we inhabit, International Standards on air, water and
soil quality, on emissions of gases and radiation and environmental
aspects of products can contribute to efforts to preserve the
environment.  

7
ISO Scope
• ISO has more than 17500 International
Standards and other types of normative
documents in its current portfolio. ISO's work
programme ranges from standards for traditional
activities, such as agriculture and construction,
through mechanical engineering, manufacturing
and distribution, to transport, medical devices,
information and communication technologies,
and to standards for good management practice
and for services.

8
ISO Frameworks
The major frameworks are currently:
• ISO 9001:2008 Quality management systems – Requirements
• ISO 14050:2009
Environmental management - Vocabulary
• ISO/IEC 24727-3:2008
Identification cards - Integrated circuit card programming interfaces - Part 3:
Application interface
• ISO/IEC Guide 98-3:2008
Uncertainty of measurement - Part 3: Guide to the expression of uncertainty
in measurement (GUM:1995)
• ISO 20000 - focusing upon IT service management
• ITIL - a lower level framework again for ITSM
• ISO 17799 / ISO 27001 - focusing upon information
• Six Sigma - focusing upon operational performance and defect identification
• COBIT - framework for information IT management risks
• Balanced Scorecard - a framework for measuring a company's activities in
terms of its vision and strategies
• Prince2 - a project management method
• ISO 14000 Environmental management standards collection
• ISO 22000 Food safety management systems. An easy-to-use checklist for
small business. Are you ready?
9
What's different about ISO 9001 and ISO 14001
• The vast majority of ISO standards are highly specific to
a particular product, material, or process.
• However, ISO 9001 (quality) and ISO 14001
(environment) are "generic management system
standards".
• "Generic" means that the same standard can be applied
to any organization, large or small, whatever its product
or service, in any sector of activity, and whether it is a
business enterprise, a public administration, or a
government department.
• ISO 9001 contains a generic set of requirements for
implementing a quality management system and
• ISO 14001 for an environmental management system.
• Generic standards can be applied to any
organization.

10
Why conformity assessment is important
• "Conformity assessment" means checking that products,
materials, services, systems, processes or people
measure up to the specifications of a relevant
standard or specification.
• Today, many products require testing for conformity with
specifications or compliance with safety, or other
regulations before they can be put on many markets.
• ISO guides and standards for conformity assessment
represent an international consensus on best practice.
• Their use contributes to the consistency of conformity
assessment worldwide and so facilitates trade.

11
What "international standardization" means
• When the large majority of products or services in a
particular business or industry sector conform to
International Standards, a state of industry-wide
standardization exists.
• The economic stakeholders concerned agree on
specifications and criteria to be applied consistently in
the classification of materials, in the manufacture and
supply of products, in testing and analysis, in
terminology and in the provision of services.
• In this way, International Standards provide a reference
framework, or a common technological language,
between suppliers and their customers.
• This facilitates trade and the transfer of technology.

12
Quality Management System
• A quality management system is a common
sense and well documented system that ensures
consistency and improvement of working
practices.
• This includes the products and services
produced. It is based on standards, which
specify a procedure for achieving effective
quality management.
• ISO 9000 is the most commonly used
international standard that provides a framework
for a quality management system.

13
What Is ISO 9000
• ISO 9000 is essentially a generic name given to
a family of standards developed to provide a
framework around which a quality management
system can effectively be based.
• The ISO 9000 family comprises a number of
different standards (ISO 9000, ISO 9001 and
ISO 9004).
• Each covers a different facet of the whole.

14
Process Model of ISO 9000:2000

15
Software Process Improvement
• Software process improvement involves
understanding
• existing processes and introducing changes to
improve product
• quality, reduce costs, or accelerate schedules.
• Process improvement is a cycle of:
– Measuring current process outputs and other metrics
– Analyzing the metrics to discover areas of
improvement
– Changing the existing process to improve its output

16
Process and Product Quality
• High quality processes are more likely to
develop high-quality products
• This is especially true for manufactured goods
but also for software development where people
quality is another factor

17
Process Analysis and Modeling
• Process analysis is the study of existing
processes to
• understand the relationships between parts of
the process and
• to compare them with other processes.
• Process modeling is the documentation of a
process which
• records the tasks, the roles and the entities used

18
ISO 9001 Requirements
• Requirements in ISO 9001 (which is one of the
standards in the ISO 9000 family) include
– A set of procedures that cover all key processes in
the business;
– Monitoring processes to ensure they are effective;
– Keeping adequate records;
– Checking output for defects, with appropriate and
corrective action where necessary;
– Regularly reviewing individual processes and the
quality system itself for effectiveness; and
– Facilitating continual improvement

19
A five-step process to establishing a
simplified compliance program
• Inventory and Risk Assessment: Identify your regulatory
environment and business drivers; your valuable data;
and its information risk.
• Policy and Classification Development: Develop a
security policy based on best practice standards. Define
categories of data and outline controls for each.
• Data Discovery and Classification: Identify unacceptable
risks in how your data is actually stored, used and
protected. Devise a program of remediation.
• Implementation of Controls: Implement the program.
Train data owners and users.
• Monitoring, Management and Improvement: Develop
ongoing security programs to help ensure that policy and
controls continue to be appropriate and effective.

20
ISO 20000
• Derived from ITIL®, the ISO 20000 (erstwhile BS15000) standard
describes an integrated set of management processes and a
recognized, tried and tested management system which allows an
IT service organization to plan, manage, deliver, monitor, report,
review and improve its services and ensures effective delivery of
services to the business and its customers.

QAI provides end-to-end handholding, guidance, and facilitation

through periodic consulting for achieving the ISO 20000 (erstwhile
BS15000) certification.

QAI's ITIL® and ISO 20000 (erstwhile BS15000) implementation

methodology focuses on robust implementation and
institutionalization of ITIL® best practices and processes that deliver
value to your business, rather than just achieving the minimum
certification criteria of ISO 20000 (erstwhile BS15000) and getting
certified.

21
ITIL
• ITIL®
The focus of IT management has been changing for
some time and in the future, management will be even
less focused on technology and more integrated with the
overall needs of the business management and
processes.
In essence, management systems will become:
More focused on business needs More closely aligned
to business processes Less dependent on specific
technology and more "service centric" More integrated
with other management tools and processes, as the
management standards evolve

22
COBIT
• The Control Objectives for Information and related Technology
(COBIT) is a set of best practices (framework) for information
technology (IT) management created by the Information Systems
Audit and Control Association (ISACA), and the IT Governance
Institute (ITGI) in 1992. COBIT provides managers, auditors, and IT
users with a set of generally accepted measures, indicators,
processes and best practices to assist them in maximizing the
benefits derived through the use of information technology and
developing appropriate IT governance and control in a company.

The complete COBIT package consists of:

Executive Summary Governance and Control Framework Control

Objectives Management Guidelines Implementation Guide IT
Assurance Guide

23
ISO 27001
• ISO 27001, titled "Information Security Management -
Specification With Guidance for Use", is the replacement
for the original document, BS7799-2. It is intended to
provide the foundation for third party audit, and is
'harmonized' with other management standards, such as
ISO 9001 and ISO 14001.

The basic objective of the standard is to help establish

and maintain an effective information management
system, using a continual improvement approach. It
implements OECD (Organization for Economic
Cooperation and Development) principles, governing
security of information and network systems.

24
USABILITY DEFINITIONS

• “The capability of the software product to be

understood, learned, used and attractive to the
user, when used under specified conditions.”
(ISO/IEC 9126-1, 2000)
• “The extent to which a product can be used by
specified users to achieve specified goals with
effectiveness, efficiency and satisfaction in a
specified context of use.” (ISO9241-11, 1998)
• “The ease with which a user can learn to
operate, prepare inputs for, and interpret outputs
of a system or component.” (IEEE Std.610.12-
1990)

25
THANKS

26