Integration of ICT Standards

2,835 views
2,689 views

Published on

Practical aspects of Connection and relationships between relevant ICT standards (ISO 9001, ISO 27001, ISO 20000 and ITIL) and their integration.
Contents:
- Importance of the ICT standards
- Overview of the ISO standards relevant for ICT industry
- Integration of the ISO standards relevant for ICT

Published in: Business, Technology
2 Comments
1 Like
Statistics
Notes
  • Thank you for your input.

    I agree there is no need of implementing only ISO 27001, unless you are not eligible ITSM based on ISO 20000, or your analyzes show that the coats for implementation and maintenance of ISO 20000 (meaning time, people, finances and other resources) are bigger and more significant than the benefits from having ITSM based on ISO 20000.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Congratulations for your excellent presentations.

    I think could be improved if you show examples of how to integrate the 4.1 ISO 20000 requirement with 4.2.2 ISO 9001 requirement and 5. ISO 20000 with 5.4 from ISO 9001.
    It is not simple to integrated ISO 20000 and ISO 27001 standards because they were created for different propose: Management Security Risks and Management IT Services, which is part of the same issue.
    If you analyse the 6.6 ISO 20000 requirements in the limit you must implement also the ISO 27001 in the service scope defined.
    So why should we implement only ISO 27001?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
2,835
On SlideShare
0
From Embeds
0
Number of Embeds
37
Actions
Shares
0
Downloads
228
Comments
2
Likes
1
Embeds 0
No embeds

No notes for slide

Integration of ICT Standards

  1. 1. ISO 9001, ISO 27001, ISO 20000 and ITIL Ana Meskovska, QISM Ohrid, May 2009 Trajkovski & Partners Consulting
  2. 2. Importance of the ICT standards If you don’t want to help Overview of the ISO standards yourself, no one can relevant for ICT industry Integration of the ISO standards relevant for ICT 12.05.2009 2
  3. 3. If you don’t want to help 3 yourself, no one can 12.05.2009
  4. 4.  Increased use of standards and best practices (such as ISO 20000, ITIL, ISO 27001 etc. ) If you don’t want to help  Key drivers: yourself, no one can  business requirements for improved performance  need for increased control over IT activities.  Resulting effect from increased use of standards and best practices - moving from ad hoc and chaotic approaches to IT, to defined and managed processes. 12.05.2009 4
  5. 5.  IT best practices are important because:  help enable effective governance of IT activities If you don’t want to help  management of IT is critical to the success of yourself, no one can enterprise strategy  management framework is needed so everyone knows what to do (policy, internal controls and defined practices).  they provide many benefits - including efficiency gains, less reliance on experts, fewer errors, increased trust from business partners, respect from regulators etc. 12.05.2009 5
  6. 6.  Costlyand unfocused if they are treated as purely technical guidance. If you don’t want to help yourself, no one can  Effectiveif thay are applied within the business context, focusing on providing benefits to the organisation.  Thefocus of IT governance is directing the IT best practices to align to business and governance requirements rather than technical requirements. 12.05.2009 6
  7. 7.  Senior business and IT managers should understand the value of IT best practices and If you don’t want to help how to implement them. yourself, no one can  Implementation of best practices should be:  tailored, prioritised and planned to achieve effective use  appropriate for the organisation  consistent with the organizations’ risk management  integrated with other methods and practices that are being used 12.05.2009 7
  8. 8. If you don’t want to help 8 yourself, no one can 12.05.2009
  9. 9.  The ISO standards are structured to be integrated into any organization's existing management system If you don’t want to help yourself, no one can  The goal of ISO standards is meeting and exceeding customers’ expectations.  The ISO standards are compatible among themselves  Benefits from ISO certification:  Increasing customer expectations and confidence  Documenting and measuring quality  Using consistent terminology and processes  Implementing continual improvement initiatives 12.05.2009 9
  10. 10.  Say what you do If you don’t want to help yourself, no one can  Do what you say  Prove it  Improve it! 12.05.2009 10
  11. 11. If you don’t want to help 11 yourself, no one can 12.05.2009
  12. 12.  Quality management system – Requirements Introduces the Quality Management System, a If you don’t want to help  yourself, no one can model for continual improvement and customer satisfaction  Suitable for any organization looking to improve the way it is operated and managed, regardless of size or sector.  It helps bringing out the best in organization by enabling understanding of the processes for delivering products/services to the customers. 12.05.2009 12
  13. 13.  IT service management is concerned with delivering and supporting IT services that are appropriate to the business requirements of the organisation. If you don’t want to help yourself, no one can  ITIL provides a comprehensive, consistent and coherent set of best practices for IT service management and related processes  Promotes a quality approach for achieving business effectiveness and efficiency in the use of IS.  The generic processes described in ITIL promote best practice and may be used as a basis for achieving certification for the international standard—ISO/IEC 20000. 12.05.2009 13
  14. 14.  Part 1: Information technology – Service management – Specification If you don’t want to help yourself, no one can  Part 2: Information technology – Service management – Code of Practice  Promotes the adoption of an integrated process approach for effectively delivered managed services to meet the business and customer requirements 12.05.2009 14
  15. 15.  Informationtechnology – Security techniques – Information Security Management Systems If you don’t want to help – Requirements yourself, no one can  Providesinformation to responsible parties for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS.  Designed to ensure adequate security controls to protect information assets, documenting ISMS and give confidence to customers and interested parties 12.05.2009 15
  16. 16. If you don’t want to help 16 yourself, no one can 12.05.2009
  17. 17.  Standards and best practices are not a panacea If you don’t want to help yourself, no one can  Effectivenessof standards depends on how they have been actually implemented and kept up to date.  IT best practices need to be:  aligned to business requirement  integrated with one another  integrated with internal procedures i.e. the existing management system of the organisation. 12.05.2009 17
  18. 18.  Management system - framework of processes and procedures used in an If you don’t want to help organization yourself, no one can A management system exists to bring benefit to the organization in which it is used.  From a business perspective there should be only one management system.  Theaim should therefore be to develop a cohesive system that supports the day-to-day operations and delivers what the organization needs. 12.05.2009 18
  19. 19. If you don’t want to help 19 yourself, no one can 12.05.2009
  20. 20.  Integrated management system – IMS integrates all components of a business into If you don’t want to help one coherent system to enable the yourself, no one can achievement of its purpose and mission.  Aim - delivering the organization’s need in the simplest and most effective manner.  Integrationof management system should be carefully planed and implemented in a balanced way. 12.05.2009 20
  21. 21. If you don’t want to help 21 yourself, no one can 12.05.2009
  22. 22.  IMScan be consisted of many different international standards, depending of the industry and the needs of the company. If you don’t want to help yourself, no one can  Important for effective IMS:  set a solid and comprehensive framework of the IMS, on which different standards relevant for the company can be upgraded;  choose the standard and best practices that are important and relevant for the organization  plan the implementation process  implement the standards and best practices gradually 12.05.2009 22
  23. 23. If you don’t want to help 23 yourself, no one can 12.05.2009
  24. 24. If you don’t want to help 24 yourself, no one can 12.05.2009
  25. 25. If you don’t want to help 25 yourself, no one can 12.05.2009 ISO 27001 ISO 9001:2000 ISO 20000
  26. 26. If you don’t want to help 26 yourself, no one can 12.05.2009
  27. 27.  ISO27001:2005 • ISO9001:2008 4. Information Security 4. Quality Management System If you don’t want to help Management System 4.1 General Requirements yourself, no one can 4.1 General Requirements 4.2 Establishing and managing the ISMS 4.2.1 Establish the ISMS 4.2.2 Implement and operate the 8.2.3 Monitoring and ISMS measurement of processes 4.2.3 Monitor and review the ISMS 8.2.4 Monitoring and 4.2.4 Maintain and improve the measurement of products ISMS 4.2 Documentation Requirements 4.3 Documentation Requirements 4.2.1 General 4.3.1 General 4.2.2 Quality manual 4.3.2 Control of documents 4.2.3 Control of documents 4.3.3 Control of records 4.2.4 Control of records 12.05.2009 27
  28. 28.  ISO20000:2005 • ISO9001:2000 3.1 Management responsibility 5. Management commitment If you don’t want to help yourself, no one can 3.2 Documentation requirements 4.2 Documentation requirements 3.3 Competence, Awwareness and 6.2.2 Competence, Awwareness Training and Training 4.1 Plan service management 7. Planning of product realization 4.3 Monitoring measuring and 8.2.2 Internal audit Reviewing 8.2.3 Monitoring and measuring Processes 12.05.2009 28
  29. 29.  PAS 99:2006 Specification of common management system requirements as a If you don’t want to help framework for integration yourself, no one can  Specification issued by BSI  “Recognised” by Certification Bodies  Purpouse - help your organization to achieve benefits from integrating the common requirements of all your management system standards and specifications, and managing these requirements effectively. 12.05.2009 29
  30. 30.  Tooptimize the operational process of the various common standards used If you don’t want to help yourself, no one can  To reduce duplication and bureaucracy  To reduce processes and procedures  To realise internal cost savings  Toimprove efficiency and effectiveness of the organization 12.05.2009 30
  31. 31. If you don’t want to help 31 yourself, no one can 12.05.2009

×