Tagged: ISO 14001 RSS

  • support 2:55 am on April 28, 2014 Permalink | Reply
    Tags: Data Privacy, data security, e-waste, Heartbleed, ISO 14001, , , R2/RIOS,   

    Data Privacy, Heartbleed and A Growing Energy Footprint: 2014 May Be A Bit Challenging For ICT Quality 

    As our readers know, we certify clients in the telecommunications and ICT industry to quality standards such as TL 9000, ISO 90001, ISO 14001 and ISO 27001.  We also help many of these clients solve their recycling and e-waste objectives by helping them obtain R2/RIOS certifications.

    Much has happened in first quarter of 2014 that impacts the ICT industry in the areas of network quality, data security, environmental sustainability and recycling.  Each of these business practices are subject to constant transformation and in some instances, are under assault.  The reality is the environment is at stake, electronics waste is piling up, spying is the “new norm” and foreign hackers are chipping away at our US data fortresses.  What is an ICT supplier to do in 2014?  Implement quality standards to mitigate these risks.

    What makes our work in ICT so interesting is that these areas often intersect, requiring more complex and thoughtful quality frameworks to be implemented within organizations.  For example, as everything moves to the cloud, not only is data security an issue (ISO 27001), there have been serious discussions about the increasing energy footprint of the digital economy and ICT in general.  This presents a bit of a quandary for suppliers who are also committed to energy reduction and sustainability practices through their EMS (ISO 14001) while shifting more of their services to the cloud.  Can you effectively balance the goals and objectives of an ISMS and an EMS simultaneously?  We believe that you can.

    If you’re sitting on the fence with regard to implementing any of these standards or if you’re considering whether it’s time to add an additional quality framework in your organization, here are some factors to consider and a Q1 update on what’s in play for these quality standards.

     

    ISO 27001:  Could the Hearbleed bug be good for Internet security?

    Q1 2014 has been plagued with numerous data hacks involving retailers like Target, Michael’s and a host of other vendors whose POS systems were compromised with very sophisticated malware.  Verizon just published a study regarding the increase in espionage hacking from Eastern Europe.  The continued revelations of Edward Snowden are the gift that keeps on giving and have forced many in ICT to examine the true value of privacy as practice of “data security”.

    These headaches have been compounded by the recent Heartbleed Bug (a flaw in OpenSSL).  It’s a bit unnerving to learn that the trusted “padlock of https” was been left essentially unlocked for quite some time.   Many articles in the past few weeks illustrate how the NSA likely knew for at least two years about this massive flaw.  The agency’s reported decision to keep the bug secret may have renewed the heated debate over the security of the Internet in general, which certainly impacts the entire ICT industry.  This recent article by re/code demonstrates how Heartbleed’s worst-case scenario has already been proven possible.  And what about the cloud?  As providers utilize or shift to IaaS, PaaS, SasS and SECasS, what are the known and unknown risks?  Is any data communication or transaction really secure?

    Some IT experts have illustrated how the Heartbleed bug may have been a real wake-up call for information and Internet security.  The breach could be viewed as a great test of vulnerability management and incident response.  What have you done in your organization to protect your company and your customers against this type of threat?  At a bare minimum, establish rules for what is allowed and not allowed on your network.  Here is a great link to an ISO 27001 Google Group thread discussing responses to Heartbleed utilizing this ISMS.

    If you don’t think ISO 27001 matters, here’s one company’s attempt at going on the offensive with positive public relations regarding their ISMS.  Snap Survey explains how client data has been unaffected by the Heartbleed bug, due to their ISO 27001 certification.  Consider implementing ISO 27001 today.

     

    ISO 14001:  Preventing pollution, eco-efficiency and life cycle thinking in the next revision?

    We can attest to the value of ISO 14001 from the clients we’ve led to certification.  Sustainability and environmental stewardship are no longer buzzwords.  All reputable brands and corporations (not just ICT organizations) are implementing environmental benchmarks and reporting processes.

    ISO recently conducted a survey of the environmental management system standard ISO 14001.  The survey was designed in part to get a better idea of what organizations see as the main benefits of ISO 14001 and what could be improved, as the standard is currently being revised.  According to the survey results, the most important issues that required more attention were:

    • reducing and controlling pollution

    • strategies for efficient use of resources and reducing waste and pollution

    • evaluating the environmental aspects related to the life cycle of products and services

    You can obtain a copy of all survey data and reports at ISO.  The standard revision is currently at draft phase and the goal is to “future proof” ISO 14001 to address all elements of environmental management, including energy efficiency and energy reduction.  Energy reduction has been the subject many technical articles with regard to the ICT industry, with some pointing out the Internet is far from green.

    The energy requirement of a growing “digital” economy (telecom, data centers) appears to be placing an increased demand on the power grid at a time where energy reduction is the preferred trend.  Potential conflict?  Perhaps.  That’s why it is very important for ICT companies to examine energy reduction and implement an EMS like ISO 14001 to set goals and objectives for environmental management.  Want some ICT best practices guidance?  AT&T and the Environmental Defense Fund (EDF) are releasing their best practices and a toolkit that other companies can use to assess performance at their own facilities.

     

    R2/RIOS:  How are you dealing with e-waste?

    This leads to the subject of e-waste and recycling. Environmental management has many tentacles.  Specific to the ICT supply chain, many of our clients who are certified to the TL 9000 (the telecommunications quality standard) are now required to address electronic waste and recycling, either in their own organizations or as a requirement of doing business as a Tier 1 supplier.  There are multiple ways to meet this objective and we’ve been writing about this on our blog since 2011.

    The two prevailing approaches are R2/RIOS and e-Stewards.  In our industry, we are assisting more clients with R2/RIOS certifications and you will soon see this as a new practice area on our website.

    In fact, a recent article from GreenBiz addresses how e-waste is now a serious problem in the developing world and another provides a quick breakdown on the current rules of recycling electronic waste.  We see this trend continuing and we know that most of our ICT clients will be forced to address this issue internally and with corporate customers in 2014 and beyond.  Consider obtaining a R2/RIOS certification as a potential solution.

    As you can see, ICT quality has many layers outside of general quality and network quality (which is well managed through TL 9000 and ISO 9001 certification).  TL 9000 is expanding to deal with network security and next generation technologies.  However, ICT quality intersects with other important business quality challenges.

    How will you deal with data security, energy management and e-waste?  Consider the additional standards we’ve outlined!

    For more information on ISO 14001, ISO 27001 and R2/RIOS ertification please contact us at info@bizphyx.com.

     
  • support 6:49 pm on February 22, 2014 Permalink | Reply
    Tags: 340 Club, , ISO 14001, , , , , , , , TL 9000 Requirements R5.5   

    Update From The QuEST Forum Leadership Summit 2014: Driving Sustainability in ICT 

    The QuEST Forum Leadership Summit took place in Dallas a few weeks ago and the summit officially kicks off the new year for TL 9000 and QuEST Forum business.  A great deal was discussed and the networking at this year’s summit was very productive.

    Reports were provided by each of the working committee chairs, Executive Board initiative(s) chairs, regional chairs and QuEST Forum CEO, Fraser Pajak.  BIZPHYX Senior Vice President Bob Clancy taught new Board members during the Executive Board Training session.

    Great progress was made in 2013 and the Board is looking for even greater accomplishments in 2014, especially in different industry sectors by bringing in new members, addressing regional needs and broadening the scope of influence of both TL 9000 and QuEST Forum in the global ICT domain.

     

    New Initiatives

    Two new initiatives that were discussed at the Leadership Summit were Sustainability and Cell Tower Safety.  QuEST Forum is looking at its role in driving sustainability in the ICT supply chain.   Also discussed was how QuEST Forum can work with cell tower companies to improve performance and safety.  In light of recent cell tower accidents (employees), safety has become a critical topic on the wireless side of our industry.

    These are two pressing topics for discussion in ICT and we’re encouraged to see how QuEST Forum will address both sustainability and cell tower safety going forward in 2014 and in the years to come.

     

    Small Business Membership Continues To Grow

    Sue Clancy presented a very encouraging update on Small Business to the QuEST Forum Executive Board.  Small business is now 33% of the membership of QuEST Forum, after adding 12 new members in 2013.

    How important is Small Business to QuEST Forum?  Small Business contributed $50,000 in sponsorships in 2013 and increased attendance to our monthly lecture series by 27%.  That’s how!

    Small Business is alive and well in QuEST Forum and Sue Clancy will continue to lead this effort in 2014.  For more information on small business membership or engagement, please contact sclancy@bizphyx.com.

     

    New Sector Engagement Through a New QuEST Forum Board

    QuEST Forum also welcomed new board member John Greene in 2014.   John Green is the Chief Engineer for Great Plains Communications.  Great Plains is Quest Forum’s first Tier 3 Service Provider to serve on the Executive Board, which begins a long overdue and critical dialogue with rural Telcos many of which, are members of the NTCA: The National Rural Broadband Association.  BIZPHYX has been a member of the NTCA for many years.

    John’s enthusiasm and insight into the Tier 2 and Tier 3 service providers has already generated excitement with regard to this new sector.  He was instrumental in arranging Fraser Pajak’s speaking engagement at the NTCA’s October “Telco Vision” event, helping to formally introduce QuEST Forum and TL 9000 to a new audience.  John participated in two different panel discussions during this 3-day conference.

    As Chief Engineer with Great Plains Communications, John is highly respected by regional Telcos and is an incredible addition to the QuEST Forum Executive Board.  Great Plains Communications is a diversified telecommunications company providing local and nationwide long-distance telephone service to 77 Nebraska communities, and digital cable television service to 41 Nebraska communities.  Based in Blair, Nebraska, Great Plains is the largest Nebraska-owned telecommunications provider.

    We’re all looking forward to working with John Greene in bringing a knowledge of TL 9000 to rural telecom!  Please click on the blue links above for more information about John, Great Plains and the NTCA.

     

     New Revisions: TL 9000 Requirements Handbook R5.5

    As many of you are aware, new TL 9000 Requirements Handbook R5.5 is upon us.  As of Feb 10, 2014 it is available for use by organizations for audit purposes.  Organizations can still be audited to the 5.0 version of the Requirements Handbook until Jan 1, 2015.  On or after January 1, 2015, all audits must be conducted to the 5.5 version.  For information on the changes between the two revisions, please listen to a podcast tutorial here on our blog, on our website or in I-Tunes.

    This podcast is presented by BIZPHYX SVP, Bob Clancy. There is a new requirement called Product Security, so be sure to listen!

     

    BIZPHYX Makes The 340 Club

    BIZPHYX was also recognized for achieving participation in the QuEST Forum 340 Club.  The 340 Club is for those members of QuEST Forum that exhibit exceptional membership participation in forum activities through their employee’s investment of time and efforts in multiple work groups, sub teams and regions along with generous event sponsorships.  This is the third straight year BIZPHYX has been recognized for our contributions to QuEST Forum!

    BIZPHYX CEO, Sue Clancy was recognized for her role as an Executive Contributor to the Executive Board in 2013.  As an Executive Contributor, Sue has led the efforts of the Small Business Group and will continue in that role in 2014.   Sue was also reappointed to her role as Executive Contributor for the 2014 term.  Please visit our Flickr page for all photos and releases.

    The ICT landscape continues to evolve into the cloud, M2M and into public utility grids and so will TL 9000.  Data and network Security, as well as safety and sustainability will be front and center, so stay tuned, it’s going to be a very interesting year!

     
  • support 4:35 am on February 22, 2014 Permalink | Reply
    Tags: , , ISO, ISO 14001, Smart Cities, Smart Grid,   

    Quality Management and Smart Community Infrastructures: Managing Environmental Impacts 

    Community services like energy, water supply, waste management and transport require large infrastructure systems which are important for economic and social development, but they can also have a heavy cost on the environment.

    ICT is the spoke in a large wheel that transcends pure telecommunications and includes transportation, smart grids, telehealth and more.  Telecom and technology providers not only have to navigate network security, driven by an increase in M2M and cloud applications  (ISO 27001 is an option), they must also implement sustainability and environmental objectives (ISO 14001 is an option).

    There are certainly multiple approaches to these very interconnected industries and services, of which ICT is the backbone.  ICT is critical in the function and management of smart cities and smart grids.

    ISO is always looking for new ways to provide guidance in these areas.  Another such approach is looking at Smart Community Infrastructures.  These infrastructures take into consideration environmental impact, economic efficiency and quality of life, in order to build prosperous and sustainable cities.

    The new ISO technical report, ISO/TR 37150:2014, Smart community infrastructures – Review of existing activities relevant to metrics, aims to do away with this confusion by reviewing relevant metrics and providing stakeholders with a better understanding of available solutions.

    While we feel strongly that implementing quality standards like ISO 14001 and TL 9000 are appropriate ways for individual organizations to tackle these issues, there are other approaches, techniques and “guides” that are constantly being floated. Sometimes, they impact ISO standard updates and methodologies.

    Remaining informed about emerging trends that could influence NGOs, that in turn can influence administrations, is very important.

    Here is a short video from ISO that was recently posted regarding ISO/TR 37150 regarding Smart Community Infrastructures:

     

    If you require more information on the implementation of ISO 9001, ISO 27001, ISO 14001 or TL 9000, please contact us at info@bizphyx.com.

     
  • support 1:30 am on February 1, 2013 Permalink | Reply
    Tags: ISO 14001, , , ISO/IEC 27013, ITIL, ,   

    2013: The Year Of Quality Standards “Integration” 

    As we begin the new year by helping clients respond to quality management challenges in their organizations, it has become increasingly clear that 2013 will be focused on data security, energy management and sustainability driven through “communication” networks.  These unique functions must integrate even further to meet the complex task of driving a company’s products and services through a global supply chain.

    Take for example the telecom industry, where the evolution has become known as “ICT” or information and communications technology.  When you combine communication devices that disseminate big data serviced through networks to deliver healthcare, you have telemedicine. Combine public utilities utilizing data through intelligent meters to drive energy reduction and sustainable building standards and you support smart grids and smart cities.

    The reality is data security and energy management are cross-relational with the “communication network” at the center of the relationship.

    Quality standards are no different and this space is evolving to support integration.  Today, we wrapped up work group meetings at the 2013 QuEST Forum Leadership Summit in Dallas.  QuEST Forum is the governing body over TL9000, the telecom quality standard (based on ISO 9001).  In the past year, the standard has evolved and is now known as the “ICT” standard because deployment over a network is no longer centered purely on “tele” communications.   A communication network may be “service” centric, such as with the transportation and energy sectors.

    TL 9000 certification can easily be integrated with ITIL functions, such as Service Desk.  A great example of integration comes from Huawei.  Utilizing eTom, ITIL and TL 9000, Huawei has developed its own compliant MSUP (Managed Service Unified Platform), which is an architecture that drives multiple functions such as customer satisfaction, organizational mapping and operation support systems.

    The marketplace is driving shifts in ISO implementations as well.  Organizations are now certifying to TL 9000 and ISO 14001 (the energy management standard) at the same time and further expanding their quality certifications to include information security by implementing ISO 27001.

    ISO and IEC are also issuing new guidelines which “integrate” standards.  For example, in January 2013 ISO and IEC announced that they have published a new International Standard giving organizations advice on how to make integrated use of information security and service management system standards.

    The relationship between information security and service management is so close that many organizations already recognize the benefits of adopting both standards: ISO/IEC 27001 (information security) and ISO/IEC 20000-1 (service management).

    The new ISO/IEC 27013:2012, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, provides guidance to be used whether one standard is implemented before the other, or both standards are implemented simultaneously.  Only time will tell how this guideline will influence ITIL and COBIT best practices.

    The publication of ISO/IEC 27013 arose from the recognition that combining use of both International Standards brings additional benefits.  ISO/IEC 27013 gives guidance on the first steps to be taken by organizations that wish to increase efficiency, improve their information security, service management and services”, according to Jenny Dugmore, editor of the new standard.

    Look for this trend to continue, with future guidelines expected as organizations chose to implement multiple, complimentary quality standards as a way to respond to business goals and regulatory pressures.  BIZPHYX is now in the process of expanding its service portfolio to include ISO 27001 implementation and audits, with clients set to certify later this year.  For more information on new ISO standards and guidelines, please visit the ISO news page.

    We’ll be reporting on the outcome of the recent QuEST Forum Leadership Summit and what changes are coming in 2013 with the release of R5.0 of the TL 9000 Measurements Handbook.  Our February edition of THE STANDARD will deal with this subject matter, as well as our March 15th TL 9000 R5.0 Measurements Handbook Delta Course.  For more information or to register, visit our website.

    Please contact us if your organization is considering implementing TL 9000, ISO 14001 or ISO 27001, either independently or as a suite of quality certifications.  You can reach us at info@bizhpyx.com.

     
  • support 3:58 am on November 21, 2012 Permalink | Reply
    Tags: CSR, , ISO 14001, , , WeConnect International   

    BIZPHYX CEO, Sue Clancy Speaking About ISO 14001 and Corporate Sustainability in Beijing 

    Sue recently facilitated an ISO 14001 and Sustainability workshop at the WEConnect International China Sustainable Solutions for Growth Conference in Beijing, China in October 2012.  BIZPHYX was one of the key corporate presenters at the event, along with companies like AT&T, Walmart, IBM and Boeing.  WBEs in China and around the globe are embracing ISO 14001 as a way to address their environmental goals and practices so they can better compete in global supply chains.

    In this clip, Sue talks about the misconception that small and medium sized service organizations can’t or don’t obtain ISO certifications.  The opposite is actually true and ISO standards likes ISO 9001 and ISO 14001 help provide a competitive advantage for WBEs in MNC corporate supply chains.  She teaches these China businesswomen to take the lead in doing the same by addressing their sustainability objectives through ISO 14001.

    For more information, contact info@bizphyx.com.

     
  • support 3:16 am on September 17, 2012 Permalink | Reply
    Tags: corrective action plan ISO 9001, , ISO 14001, , , , root cause analysis,   

    Effective Use of Your Corrective Action Plan In Quality Management (QMS) 

    A corrective action plan is far more than picking up the phone to call another department to report a defect.  In this video training clip, we feature BIZPHYX SVP, Bob Clancy providing tips on how to strengthen your organization’s corrective action plan.

    He discusses data collection and analysis to support “lessons learned” and as a way to prevent problems in the future. Bob details how to verify if you have a formal corrective action plan that includes true root cause analysis and how to maximize that process.

    http://www.youtube.com/watch?v=dMwiQAhiV9c

    For further assistance please contact bclancy@bizphyx.com.

     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
esc
cancel