Posts Tagged ‘ISO’
Quality and PDCA
PDCA ini digunakan dimana-mana. Menarik juga mencoba menjembatani antara ISO 27001 keamanan, ISO 22301 continuity. Jargon Continuous Improvement yang iterative ini belum sepenuhnya bisa dipahami.
Business Continuity Management (BCM)
Ini sebenarnya concept yang sudah lama sekali saya pelajari, BCP/BCM, sama seperti ITSP/ITMP. Dari jaman BS25999 hingga sekarang ISO22301:2012; ISO22301:2019
Process Based Audit
Sustainability/ESG approach: Quality, Waste, Hazard
Just realized that there are several areas that I did not look into that detail which are: Occupational Health and Safety (OHSA) or some say HSE (Health and Safety). This is different, it is more operation improvement. This also goes the same with Waste Management.
Interesting, this usually combined as 9000 (quality), 14000 (environment) and 18000 (health safety).
The triple bottom line (or otherwise noted as TBL or 3BL) is an accounting framework with three parts: social, environmental (or ecological) and economic. Some organizations have adopted the TBL framework to evaluate their performance in a broader perspective to create greater business value. Business writer John Elkington claims to have coined the phrase in 1994
I think all this keyword should be part of greater Business Servicess Improvement jargon: IT Governance (Security, Privacy, Risk); ESG (Waste, Social, Governance); Quality Management System (TQM, Six Sigma, Lean).
Jumlah Perusahaan bersertifikat ISO di Indonesia
Menarik sebenarnya, karena ISO standard ini terkait historis yang ada, tidak bisa dipisahkan popularitasnya.
ISO 9000: sekitar 8,600+ perusahaan (tahun 2015)
ISO 14000: sekitar 2,000+ perusahaan (tahun 2019)
ISO 27001: sekitar 127 perusahaan (tahun 2017)
ISO 50001: sekitar 90+ perusahaan (tahun 2022)
ISO 45001:2018 ada 32 perusahaan
ISO 45001 Occupational Health and Safety / Kesehatan dan Keselamatan Kerja
Interesting
ISO 14001 is a framework not requirements
ISO 14001 defines criteria for an EMS. It does not state requirements for environmental performance but rather maps out a framework that a company or organization can follow to set up an effective EMS
An environmental management system (EMS) is “a system which integrates policy, procedures and processes for training of personnel, monitoring, summarizing, and reporting of specialized environmental performance information to internal and external stakeholders of a firm”. The most widely used standard on which an EMS is based is International Organization for Standardization (ISO) 14001. Alternatives include the EMAS.
Environmental Product Declaration (EPD) In accordance with ISO 14205 and EN 15804:2012+A2:2019
ISO 37120 Sustainable development of communities
ISO 37120 Sustainable development of communities — Indicators for city services and quality of life establishes and defines the methodologies for a set of indicators to measure and steer the performance of city services and quality of life.
ISO Mapping Research
Well, I think, finally I found the limit of ISO and related standards research limitation. I think the purpose of commercial consultant is to implement the standard, not to design the new standard or best practices. A consultant might claim and rely that they follow a certain standard, which is already enough.
Ref:
– ISO 21500:2012 and PMBoK 5 processes in information systems project management, Varajão (2016)
– Teaching ISO/IEC 12207 software lifecycle processes: A serious game approach, Aydan (2016)
– Comparing ISO/IEC 12207 and CMMI-DEV: Towards a mapping of ISO/IEC 15504-7, Baldassarre (2009)
ISO 33000 Process Improvement, Assessment, Maturity Model
Alignment and comparison of ISO standards
My head hurt when reading this. This is very complex interaction. To meet ISO standard will takes a lot of time.
graphic ref
Software: Testing vs Quality Assurance
ISO 13407:1999 Human-centred design processes for interactive systems
ISO 9241-210:2010 Ergonomics of human-system interaction
ISO/IEC 19796-1:2005 Information technology — Learning, education and training — Quality management, assurance and metrics
ISO/IEC JTC 1 is a joint technical committee of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and promote standards in the fields of information technology (IT) and Information and Communications Technology (ICT).
A Review of Software Quality Models for the Evaluation of Software Products
José P. Miguel, David Mauricio, Glen Rodríguez (2014) ref
QA: Encompasses the entire software development
Wiki: Software Testing, Software Quality Assurance, System Integration Testing, Acceptance Testing (Cucumber, Selenium)
ISO/IEC/IEEE 29119 Software and systems engineering — Software testing
ISO/IEC JTC 1/SC 27
ISO
| ISO/IEC Standard | Title | Status | Description | WG |
|---|---|---|---|---|
| ISO/IEC 27000 free | Information technology – Security techniques – Information security management systems – Overview and vocabulary | Published (2018) | Describes the overview and vocabulary of ISMS | 1 |
| ISO/IEC 27001 | Information technology – Security techniques – Information security management systems – Requirements | Published (2013) | Specifies the requirements for establishing, implementing, monitoring, and maintaining documented a documented ISMS within an organization.[16] “Transition mapping” ISO/IEC 27023 provides a set of tables showing the correspondence between editions 1 and 2 of the standard | 1 |
| ISO/IEC 27002 | Information technology – Security techniques – Code of practice for information security controls | Published (2013) | Provides guidelines for information security management practices for use by those selecting, implementing, or maintaining ISMS “Transition mapping” ISO/IEC 27023 provides a set of tables showing the correspondence between editions 1 and 2 of the standard | 1 |
| ISO/IEC 27006 | Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems | Published (2015) | Specifies general requirements for a third-party body operating ISMS (in accordance with ISO/IEC 27001:2005) certification/registration has to meet, if it is to be recognized as competent and reliable in the operation of ISMS certification / registration[18] | 1 |
| ITU-T X.1051 / ISO/IEC 27011 | Information technology — Security techniques — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 | Published (2008) | This recommendation/international standard: a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002; b) provides an implementation baseline of Information Security Management within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services | 1 |
| ISO/IEC 18033-1 | Information technology – Security techniques – Encryption algorithms – Part 1: General | Published (2015) | Specifies encryption systems for the purpose of data confidentiality | 2 |
| ISO/IEC 19772 | Information technology – Security techniques – Authenticated encryption | Published (2009) | Specifies six methods for authenticated encryption with the security objectives of: Data confidentialityData integrityData origin authentication | 2 |
| ISO/IEC 15408-1 free | Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model | Published (2009, corrected and reprinted 2014) | Establishes the general concepts and principles of IT security evaluation, and specifies the general model of evaluation given by various other parts of ISO/IEC 15408. | 3 |
| ISO/IEC 19792 | Information technology – Security techniques – Security evaluation of biometrics | Published (2009) | Specifies the subjects to be addressed during the security evaluation of a biometric system | 3 |
| ISO/IEC 27031 | Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity | Published (2011) | Describes the concepts and principles of ICT readiness for business continuity and the method and framework needed to identify aspects in which to improve it. | 4 |
| ISO/IEC 27034-1 | Information technology – Security techniques – Application security – Part 1: Overview and concepts | Published (2011) | Addresses the management needs for ensuring the security of applications and presents an overview of application security through the introduction of definitions, concepts, principles and processes | 4 |
| ISO/IEC 27035 | Information technology — Security techniques — Information security incident management | Published (2011) | Provides a structured and planned approach to: Detect, report, and assess information security incidents Respond to and manage information security incidentsDetect, assess, and manage information security vulnerabilities | 4 |
| ISO/IEC 27037 | Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence | Published (2012) | Provides guidance for the handling of digital evidence that could be of evidential value | 4 |
| ISO/IEC 24760-1 free | Information technology – Security techniques – A framework for identity management – Part 1: Terminology and concepts | Published (2011) | Provides a framework for the secure and reliable management of identities by:[28]Defining the terms for identity management Specifying the core concepts of identity and identity management | 5 |
| ISO/IEC 24761 | Information technology – Security techniques – Authentication context for biometrics | Published (2009) | Specifies the structure and data elements of Authentication Context for Biometrics (ACBio), which checks the validity of biometric verification process results | 5 |
| ISO/IEC 29100 free | Information technology – Security techniques – Privacy framework | Published (2011) | Provides a privacy framework that: Specifies a common privacy terminologyDescribes privacy safeguarding considerationsProvides references to known privacy principles for IT | 5 |
| ISO/IEC 29101 | Information technology – Security techniques – Privacy architecture framework | Published (2013) | Defines a privacy architecture framework that: Specifies concerns for ICT systems that process PIILists components for the implementation of such systemsProvides architectural views contextualizing these componentsApplicable to entities involved in specifying, procuring, designing, testing, maintaining, administering and operating ICT systems that process PII. Focuses primarily on ICT systems that are designed to interact with PII principals. | 5 |
| ISO/IEC 24760-2 | Information technology – Security techniques – A framework for identity management – Part 2: Reference architecture and requirements | Published (2015) | Provides guidelines for the implementation of systems for the management of identity information and specifies requirements for the implementation and operation of a framework for identity management. |
Anjar Priandoyo 