Communicate Directly With TL 9000 Experts! BIZPHYX is a leading TL 9000 quality management consulting firm. As QuEST Forum TL 9000 Master Trainers and Experts, we assist organizations with TL 9000 (the telecom quality standard), ISO 9001 and ISO 14001 training, consulting and implementation. Our support desk provides complimentary education and current news regarding these standards. BIZPHYX has a 100% client certification rate.
The future of sustainable communities just got closer as ISO/DIS 37101 moves to the final stage of development. As mentioned in a previous post, ISO’s new standard, ISO 37101 is centered on the sustainable development of “communities”. Click here for the news releasefrom ISO.
Following is a video from May 2014 as the process was still headed towards DIS:
The standard is now fully formed and has reached the final stage known as FDIS (Final Draft International Standard). The goals of ISO 37101 is to be a valuable contribution towards sustainability as “whole”. The desire if for no sustainability “silos”.
Here’s a snap shot of the standard’s intended objectives:
-Developing holistic and integrated approaches instead of working in silos (which can hinder sustainability)
-Fostering social and environmental changes
-Improving health and wellbeing
-Encouraging responsible resource use and
-Achieving better governance
The architects of this new standard believe there is a much wider audience for ISO 37101 than community planners, city managers, municipal governments or public utilities. We’ll see how it all plays out.
For more information on sustainable business practices, CSR and ISO 14001 implementation, please contact firstname.lastname@example.org.
As a result of the November 2014 announcement that ISO 9001:2015 had moved to the FDIS, ISO recently announced that ISO 14001, (the environmental management standard) has also moved to the FDIS stage (Final Draft International Standard).
The new version will include a requirement to understand the organization’s context in order to better manage risk, with more emphasis made on leaders within organizations to promote environmental management. In addition there will be a shift towards improving environmental performance rather than improving the management system.
ISO published the July 2014 ISO/TC 207/SC 1 scope document on the ISO 14001 changes at a conceptual level. You can download that document by clicking the image below to obtain it off of our Knowledge Center:
Further updates will also be posted on our “Countdown To ISO 9001:2015” support page. If you require any further information on ISO 14001, please contact email@example.com.
In Chinese Astrology, they say that 2015 is the “Year of The Goat”. For those of us in the realm of quality management, we’re affectionately labeling 2015 as “The Year of Quality”. This is primarily due to the new update of ISO 9001:2015, which is projected to be published at the end of the year.
Here’s a quick recap on where things stand, as it seems like the last 2 months have been a blur. We went from the QuEST Forum Leadership Council and Work Group meetings straight to a flurry of year-end implementations and training projects, just as ISO announced critical new timeline updates for the new ISO 9001:2015 standard.
The New Year kicked off with the QuEST Forum Leadership Summit where new ICT quality initiatives we announced. Then the ISO/TC 176/Sc 2/WG 24/TG 5 committee, responsible for the ISO 9001:2015 revision, began working through some important member responses to the FDIS. Like we stated, 2015 is going to be a very busy year in the world of quality management.
ISO 9001: 2015–UPDATE:
We can report this,—it’s progressing. In November 2014, ISO 9001 moved to the final stage of the update process, FDIS (Final Draft International Standard). Nigel Croft, Chair of the ISO subcommittee revising ISO 9001 (ISO/TC 176/ Sc2) released a video and provided an update on the status of the FDIS stage. He maintains that new ISO is on track for scheduled publication. The updated version is resting on a new core concept of “risk basked thinking”, which is aimed at preventing undesirable outcomes. Here is that video update:
The ISO 9001:2015 revision will impact other standards and there is much complexity to the update as defined in previous articles on our blog. For example, standards like ISO 14001 (environmental management) and ISO 27001 (information security management) will share the new alignment. Ultimately, TL 9000, the ICT quality management standard will be updated (TL 9000 6.0) to incorporate the new changes in ISO 9001.
Recently the ISO/TC 176/Sc 2/WG 24/TG 5 committee published their Validation Report, incorporating and scoring comments from member organizations that have the duty to provide input (both positive and negative) about the proposed revision. In the USA, ANSI provided critical input, for the UK, BSI submitted detailed comments and other global member organizations such as SCC (Canada), AFNOR (France), DGN (Mexico) and BIS (India) all contributed to the Validation Report data. At this point, the comments are now being reviewed by ISO and its up to the committee to acknowledge and address the input. Right now things are fluid, as the ability to “audit” risk based focus and activity is being weighed.
NEW ISO Standards and Guidelines
The update to ISO 9001:2015 certainly hasn’t curtailed the release of new guidelines and standards. In fact, in just the past few months, ISO has released and updated several standards and guidelines. Here are just a few pertaining to the sectors and clients we serve:
ISO 37500:2014 Outsourcing
This standard aims to provide general guidance for outsourcing for any organization in any sector. It provides a general vocabulary for outsourcing practitioners across all industry sectors. It includes typical outsourcing concepts to improve the understanding of all stakeholders, by providing a set of practices that can be used to manage the outsourcing life cycle.
ISO/IEC 27018:2014 Data Protection, Cloud Privacy
This International Standard establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
(Microsoft just certified to this standard)
ISO/IEC 27040:2015 Guide On Data Security, Storage
This provides detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation and implementation of data storage security.
ISO/DIS 37101 Sustainable Communities, Management Systems and Guidance For Resilience and Smartness
In our rapidly changing world, ensuring cities and communities are fit for the future is a key priority for many city leaders. Providing sustainable energy supplies, coping with environmental and climate changes, building and maintaining durable infrastructures and meeting the needs and expectations of citizens is the focus of this new standard.
As you can see, nothing is slowing down in the world of quality management as it pertains to ICT, the cloud, data security and sustainability. So stay tuned, there’s much more to come in 2015 and we are creating a resource for our clients to check in on the latest updates on the ISO 9001:2015 revision.
For more information on ISO 9001 or implementing any of the standards above, please contact firstname.lastname@example.org.
We’re fresh off of the November QuEST Forum Leadership Council and Work Groups and many tough questions were asked about the future of TL 9000 and the ICT quality management standard.
One important question being addressed is—how will the impending changes with ISO 9001: 2015 impact the TL 9000 quality system? Quite frankly many of our clients have questions about how the changes to ISO 9001 will impact not only TL 9000, but other related quality standards like ISO 14001 and ISO 27001.
Well mark your calendars! Our 2015 Webinar Training Course List is LIVE!
BIZPHYX is offering 4 complimentary about ISO 9001: 2015 and ISO 27001 in 2015, which should help our clients mentally and strategically prepare for these changes.
For more information about upgrading your current ISO based quality system, contact email@example.com.
The standard is currently at the Draft International Standard stage (DIS stage) and by making the standard available for public comment, anyone in the world including those in private industry, academia, consumers and government regulators, have a chance to provide their input on the world’s most implemented quality management standard (QMS).
It can be difficult to keep up with all of the different stages and acronyms, so ISO.org produced a brief video with ISO Secretary General Rob Steele, to help clarify what the public comment stage really means.
Watch this video to find out more about the ISO 9001 DIS ballot and contact the ISO member in your country to have your say:
For more information on the ISO 9001:2015 revision process and what it may mean to your current QMS, please contact firstname.lastname@example.org
As many of our clients are aware, ISO 9001: 2008 is under revision. ISO 9001 is one of the most widely used ISO quality standards. The proposed revisions have worked their way through the Working Draft (WD) and Committee Draft (CD) stages and are now available as a Draft International Standard (DIS), a key milestone in the revision process.
Since changes to ISO 9001: 2008 will impact other quality standards like TL 9000 and ISO 14001 (as examples), we like to keep to readers aware of the potential changes and impacts to their existing quality systems. As active members in QuEST Forum the governing body over TL 9000, we can report that organizationally we’re waiting to see what changes occur with ISO 9001 before significant revisions are made to the current TL 9000 quality standard. Since TL 9000 is the ISO based quality standard of the ICT and telecommunications industry, changes to ISO 9001 may have an impact on the standard as well.
We felt the timing was right to provide our readers with relevant information, as well as source material on the revision process and the proposed changes, especially coming off of the recent ASQ Conference on World Quality. Everyone is waiting to see how much of the DIS will be upheld and what we’ll have to work with in 2015.
Timeline For Change:
Like all ISO standards, ISO 9001 is reviewed every five years and is now being revised to ensure it is relevant and up-to-date. At the DIS stage all interested parties can submit feedback that will be considered before the final draft is published by the end of 2015. After public comments are collected, the revised standard will work its way to FDIS status (Final Draft International Standard), which is expected to take place by July 2015, with the published standard targeted for September 2015. Once the new standard is published in September (or by the end of December 2015), there begins a 3-year transition period for implementation to the revised standard.
Since the publication of the Draft International Standard (DIS), which is available at many sites including ISO (click here), many certifying bodies (CBs), Registrars, consultants, auditors and quality organizations have offered their opinions on the proposed changes. Below the video, you will find links to these source materials. While everyone has their own take on the DIS, generally here’s what we know will change and why:
Why The Standard Will Change:
It’s important that the standard remain relevant with regard to changing times, products and services and evolving economies of scale. As a result, ISO wants to develop a more consistent foundation for the long-term (25 years) and one that will facilitate better integration among all the various quality standards. Certainly it is ISO’s goal to increase adoption of the standard and to do so, it is necessary to address the rise of service organizations (vs. manufacturing) and the technological changes that impact the way we work in terms of telecommuting and the “virtual office”.
Quick Overview Of What Will Change:
ISO 9001 (along with ISO 14001 and ISO 27001) is under revision to the common framework. Annex SL is the generally used shorthand for this and there is a larger push to align all future ISO management system standards under the new Annex SL model. Revision to the common framework is intended to enhance the alignment and compatibility of standards. Some of the proposed changes include:
–An emphasis on risk based management. Risk management is in, preventive action out
—Organizational Context. A new clause that will require the organization to define itself, determine internal and external issues relevant to its purpose and that affect its ability to achieve the outcomes in their quality management system. It’s a new way of viewing the QMS.
—Process Approach is now embedded in requirements
–No Management Representative or Quality Manual is required
–Numerous terminology changes (for example “product” is now “goods and services”)
—New clause numbers in the High Level Structure
–More leadership requirements for management as well as an emphasis on achieving “value” for the organization and its customers
—A change in structure. There are now 10 main clauses proposed which speak to the alignment with other standards (see below):
Here’s a brief video clip from ASQ TV(the full video link is provided below with a list of source materials)
Source Materials For Your Consideration:
We’ve provided links to some of the better summaries, videos and source materials that we’ve reviewed:
(SGS is a multinational company headquartered in Geneva, Switzerland which provides inspection, verification, testing and certification services)
We will keep our readers aware of any updates to the process as they occur here on our blog and on the BIZPHYX Knowledgebase.
The most important thing you must consider is that change is coming and some believe for the better.
Learn about theses changes as you see fit. Evaluate whether or not these changes will impact your organization. Open a discussion with your quality consultant or Registrar. There will be time once the final standard is published to revise your quality system before the transition period (3-years) is complete. For more information on the ISO 9001: 2015 revision, contact email@example.com.
As our readers know, we certify clients in the telecommunications and ICT industry to quality standards such as TL 9000, ISO 90001, ISO 14001 and ISO 27001. We also help many of these clients solve their recycling and e-waste objectives by helping them obtain R2/RIOS certifications.
Much has happened in first quarter of 2014 that impacts the ICT industry in the areas of network quality, data security, environmental sustainability and recycling. Each of these business practices are subject to constant transformation and in some instances, are under assault. The reality is the environment is at stake, electronics waste is piling up, spying is the “new norm” and foreign hackers are chipping away at our US data fortresses. What is an ICT supplier to do in 2014? Implement quality standards to mitigate these risks.
What makes our work in ICT so interesting is that these areas often intersect, requiring more complex and thoughtful quality frameworks to be implemented within organizations. For example, as everything moves to the cloud, not only is data security an issue (ISO 27001), there have been serious discussions about the increasing energy footprint of the digital economy and ICT in general. This presents a bit of a quandary for suppliers who are also committed to energy reduction and sustainability practices through their EMS (ISO 14001) while shifting more of their services to the cloud. Can you effectively balance the goals and objectives of an ISMS and an EMS simultaneously? We believe that you can.
If you’re sitting on the fence with regard to implementing any of these standards or if you’re considering whether it’s time to add an additional quality framework in your organization, here are some factors to consider and a Q1 update on what’s in play for these quality standards.
ISO 27001:Could the Hearbleed bug be good for Internet security?
Q1 2014 has been plagued with numerous data hacks involving retailers like Target, Michael’s and a host of other vendors whose POS systems were compromised with very sophisticated malware. Verizon just published a study regarding the increase in espionage hacking from Eastern Europe. The continued revelations of Edward Snowden are the gift that keeps on giving and have forced many in ICT to examine the true value of privacy as practice of “data security”.
These headaches have been compounded by the recent Heartbleed Bug (a flaw in OpenSSL). It’s a bit unnerving to learn that the trusted “padlock of https” was been left essentially unlocked for quite some time. Many articles in the past few weeks illustrate how the NSA likely knew for at least two years about this massive flaw. The agency’s reported decision to keep the bug secret may have renewed the heated debate over the security of the Internet in general, which certainly impacts the entire ICT industry. This recent article by re/code demonstrates how Heartbleed’s worst-case scenario has already been proven possible. And what about the cloud? As providers utilize or shift to IaaS, PaaS, SasS and SECasS, what are the known and unknown risks? Is any data communication or transaction really secure?
Some IT experts have illustrated how the Heartbleed bug may have been a real wake-up call for information and Internet security. The breach could be viewed as a great test of vulnerability management and incident response. What have you done in your organization to protect your company and your customers against this type of threat? At a bare minimum, establish rules for what is allowed and not allowed on your network. Here is a great link to an ISO 27001 Google Group thread discussing responses to Heartbleed utilizing this ISMS.
If you don’t think ISO 27001 matters, here’s one company’s attempt at going on the offensive with positive public relations regarding their ISMS. Snap Survey explains how client data has been unaffected by the Heartbleed bug, due to their ISO 27001 certification. Consider implementing ISO 27001 today.
ISO 14001: Preventing pollution, eco-efficiency and life cycle thinking in the next revision?
We can attest to the value of ISO 14001 from the clients we’ve led to certification. Sustainability and environmental stewardship are no longer buzzwords. All reputable brands and corporations (not just ICT organizations) are implementing environmental benchmarks and reporting processes.
ISO recently conducted a survey of the environmental management system standard ISO 14001. The survey was designed in part to get a better idea of what organizations see as the main benefits of ISO 14001 and what could be improved, as the standard is currently being revised. According to the survey results, the most important issues that required more attention were:
• reducing and controlling pollution
• strategies for efficient use of resources and reducing waste and pollution
• evaluating the environmental aspects related to the life cycle of products and services
You can obtain a copy of all survey data and reports at ISO.The standard revision is currently at draft phase and the goal is to “future proof” ISO 14001 to address all elements of environmental management, including energy efficiency and energy reduction. Energy reduction has been the subject many technical articles with regard to the ICT industry, with some pointing out the Internet is far from green.
The energy requirement of a growing “digital” economy (telecom, data centers) appears to be placing an increased demand on the power grid at a time where energy reduction is the preferred trend. Potential conflict? Perhaps. That’s why it is very important for ICT companies to examine energy reduction and implement an EMS like ISO 14001 to set goals and objectives for environmental management. Want some ICT best practices guidance? AT&T and the Environmental Defense Fund (EDF) are releasing their best practices and a toolkit that other companies can use to assess performance at their own facilities.
R2/RIOS: How are you dealing with e-waste?
This leads to the subject of e-waste and recycling. Environmental management has many tentacles. Specific to the ICT supply chain, many of our clients who are certified to the TL 9000 (the telecommunications quality standard) are now required to address electronic waste and recycling, either in their own organizations or as a requirement of doing business as a Tier 1 supplier. There are multiple ways to meet this objective and we’ve been writing about this on our blog since 2011.
The two prevailing approaches are R2/RIOS and e-Stewards. In our industry, we are assisting more clients with R2/RIOS certifications and you will soon see this as a new practice area on our website.
In fact, a recent article from GreenBiz addresses how e-waste is now a serious problem in the developing world and another provides a quick breakdown on the current rules of recycling electronic waste. We see this trend continuing and we know that most of our ICT clients will be forced to address this issue internally and with corporate customers in 2014 and beyond. Consider obtaining a R2/RIOS certification as a potential solution.
As you can see, ICT quality has many layers outside of general quality and network quality (which is well managed through TL 9000 and ISO 9001 certification). TL 9000 is expanding to deal with network security and next generation technologies. However, ICT quality intersects with other important business quality challenges.
How will you deal with data security, energy management and e-waste? Consider the additional standards we’ve outlined!
For more information on ISO 14001, ISO 27001 and R2/RIOS ertification please contact us at firstname.lastname@example.org.