Tagged: ISO 27001 Toggle Comment Threads | Keyboard Shortcuts

  • support 9:42 pm on December 31, 2015 Permalink | Reply
    Tags: , ISO 27001, , , , , TL 9000 R6.0   

    The “Year Of Quality” In Review: Quality Predictions For 2016 

    As we bring the “Year of Quality” to a close, we would like to reflect on the flurry of activity that has occurred in ICT quality and quality management in general.  We’ve been finalizing our own strategic planning for the new business year and we’re fresh off of the QuEST Forum Leadership Council and Work Group Meetings in November.

     

    BIZPHYX: The Year of Quality

     

    The latest revision of ISO 9001, ISO 9001:2015 is going to set the stage for quality in general.  As you probably know, the revision was published in September and organizations have 3 years to upgrade their ISO 9001:2008 QMS to the latest revision.  In addition, ISO 14001:2015 was published and many more ISO based standards ready to update in 2016, are in the queue to align with the latest revision (AS 9100, OHSAS 18001 shifting to ISO 45001, etc.).  Just refer to the Annex SL directives with the latest revision.

    With regard to TL 9000, it too is set to upgrade in September 2016 with R6.0.  While we see alignment with ISO 9001:2015, we also know that sustainability and other ICT specific quality drivers will be in the mix.  We suggest that our ICT clients certified to ISO 9001 and TL 9000, wait until after September of 2016 before making any big decisions.  We can then suggest how to best assist with upgrades regarding both standards (in tandem).

    With regard to QuEST Forum, there is a new Executive Board for 2016 and with that change of guard will come a potential shift to new initiatives with the organization, likely with increased sustainability initiatives, benchmarking and performance data measurements.

     

    Specific standards aside, it is important that ALL organizations consider these factors in 2016:

     

    -supply chain risk due to the global supply chain

    -business globalization in general

    -network data security and transctional data security

    -risk based thinking (reflected in ISO 9001:2015)

    -sustainability initiatives and in some cases, environmental regulation

    -data management (example: tele-health and e-health companies)

    -safety in ICT (example: cell tower safety in the wireless sector)

    -electronics waste (example: auditable recycling standards like R2, which apply to applicable ICT recyclers)

    -customer churn (all telecom sectors, wireless, OTT, etc.)

    -evolving technologies and speed to market, executed with quality performance

     

    We predict that our ICT clients will have an easier time upgrading to ISO 9001:2015 than expected or feared.  However, we also predict that due to economic drivers, global environmental concerns and US regulation; companies will need to strongly consider and develop sustainability goals and address environmental challenges.

    Right now that can be done on a voluntary basis by implementing standards like ISO 14001 and when applicable R2 (electronics recyclers).

    Additionally, rampant data and identity theft, as well as surveillance concerns, will increase the potential for direct burdens on companies, not just the big players and MSPs (example: new card readers, PCI compliance).

    Also consider the rapid evolution of M2M and IoT products and services.  When and how does quality shift to outright legal responsibility?  Right now information security can be helped on a voluntary basis with an entire suite of compliance standards and techniques, including ISO 27001 (when applicable).

    The unknown will be when quality management and assurance shift to forced governmental compliance and regulation.

    Are we there yet?  Probably not in 2016, but it’s likely coming.  How to get prepared?  Recognize that quality is congruent with an organization’s responsibility to serve and protect clients, as well as be good stewards of the environment.

    Implementing a baseline quality management system is a strong first step within an organization to shift a corporate culture to perform at high levels and mitigate risk every day, in every way.  This is done though the leadership of an organization.  ISO 9001:2015 addresses these factors head on through a focus on risk based thinking and leadership (stakeholders)Concepts to ponder before the new calendar year!

    BIZPHYX will be there to assist you every step of the way in 2016.  For more information on implementing ISO 9001:2015 or TL 9000 in 2016, contact info@bizphyx.com

    Happy New Year!

     

    • gilabola88 5:41 am on June 19, 2019 Permalink

      Berita bola terlengkap, dan kabar pemain-pemain Sepak Bola Dunia Terkini yang memecahkan Rekor dapat anda temui di GilaBola88

    • Sbobet 5:43 am on June 19, 2019 Permalink

      Very good and interesting to read, makes me understand new things.
      if possible, visit my site Sbobet hopefully you can share experiences.
      Thank you very much!

    • sinema21 7:23 am on June 22, 2019 Permalink

      kini nonton movie jadi lebih mudah di cinemaxxi

    • bonus deposit 5:43 am on July 8, 2019 Permalink

      BONUS MEMBER BARU 200% dan HADIAH JACKPOT CASH 60.000.000 JUTA hanya di HOYAJACKPOT

    • Royalflush88 7:10 pm on July 14, 2019 Permalink

      nice blog and thanks for sharing with us.

    • Rama Togel 3:29 pm on August 3, 2019 Permalink

      how long time 3 years ago, i think your actuality

  • support 2:55 am on April 28, 2014 Permalink | Reply
    Tags: Data Privacy, data security, , Heartbleed, , ISO 27001, , R2/RIOS,   

    Data Privacy, Heartbleed and A Growing Energy Footprint: 2014 May Be A Bit Challenging For ICT Quality 

    As our readers know, we certify clients in the telecommunications and ICT industry to quality standards such as TL 9000, ISO 90001, ISO 14001 and ISO 27001.  We also help many of these clients solve their recycling and e-waste objectives by helping them obtain R2/RIOS certifications.

    Much has happened in first quarter of 2014 that impacts the ICT industry in the areas of network quality, data security, environmental sustainability and recycling.  Each of these business practices are subject to constant transformation and in some instances, are under assault.  The reality is the environment is at stake, electronics waste is piling up, spying is the “new norm” and foreign hackers are chipping away at our US data fortresses.  What is an ICT supplier to do in 2014?  Implement quality standards to mitigate these risks.

    What makes our work in ICT so interesting is that these areas often intersect, requiring more complex and thoughtful quality frameworks to be implemented within organizations.  For example, as everything moves to the cloud, not only is data security an issue (ISO 27001), there have been serious discussions about the increasing energy footprint of the digital economy and ICT in general.  This presents a bit of a quandary for suppliers who are also committed to energy reduction and sustainability practices through their EMS (ISO 14001) while shifting more of their services to the cloud.  Can you effectively balance the goals and objectives of an ISMS and an EMS simultaneously?  We believe that you can.

    If you’re sitting on the fence with regard to implementing any of these standards or if you’re considering whether it’s time to add an additional quality framework in your organization, here are some factors to consider and a Q1 update on what’s in play for these quality standards.

     

    ISO 27001:  Could the Hearbleed bug be good for Internet security?

    Q1 2014 has been plagued with numerous data hacks involving retailers like Target, Michael’s and a host of other vendors whose POS systems were compromised with very sophisticated malware.  Verizon just published a study regarding the increase in espionage hacking from Eastern Europe.  The continued revelations of Edward Snowden are the gift that keeps on giving and have forced many in ICT to examine the true value of privacy as practice of “data security”.

    These headaches have been compounded by the recent Heartbleed Bug (a flaw in OpenSSL).  It’s a bit unnerving to learn that the trusted “padlock of https” was been left essentially unlocked for quite some time.   Many articles in the past few weeks illustrate how the NSA likely knew for at least two years about this massive flaw.  The agency’s reported decision to keep the bug secret may have renewed the heated debate over the security of the Internet in general, which certainly impacts the entire ICT industry.  This recent article by re/code demonstrates how Heartbleed’s worst-case scenario has already been proven possible.  And what about the cloud?  As providers utilize or shift to IaaS, PaaS, SasS and SECasS, what are the known and unknown risks?  Is any data communication or transaction really secure?

    Some IT experts have illustrated how the Heartbleed bug may have been a real wake-up call for information and Internet security.  The breach could be viewed as a great test of vulnerability management and incident response.  What have you done in your organization to protect your company and your customers against this type of threat?  At a bare minimum, establish rules for what is allowed and not allowed on your network.  Here is a great link to an ISO 27001 Google Group thread discussing responses to Heartbleed utilizing this ISMS.

    If you don’t think ISO 27001 matters, here’s one company’s attempt at going on the offensive with positive public relations regarding their ISMS.  Snap Survey explains how client data has been unaffected by the Heartbleed bug, due to their ISO 27001 certification.  Consider implementing ISO 27001 today.

     

    ISO 14001:  Preventing pollution, eco-efficiency and life cycle thinking in the next revision?

    We can attest to the value of ISO 14001 from the clients we’ve led to certification.  Sustainability and environmental stewardship are no longer buzzwords.  All reputable brands and corporations (not just ICT organizations) are implementing environmental benchmarks and reporting processes.

    ISO recently conducted a survey of the environmental management system standard ISO 14001.  The survey was designed in part to get a better idea of what organizations see as the main benefits of ISO 14001 and what could be improved, as the standard is currently being revised.  According to the survey results, the most important issues that required more attention were:

    • reducing and controlling pollution

    • strategies for efficient use of resources and reducing waste and pollution

    • evaluating the environmental aspects related to the life cycle of products and services

    You can obtain a copy of all survey data and reports at ISO.  The standard revision is currently at draft phase and the goal is to “future proof” ISO 14001 to address all elements of environmental management, including energy efficiency and energy reduction.  Energy reduction has been the subject many technical articles with regard to the ICT industry, with some pointing out the Internet is far from green.

    The energy requirement of a growing “digital” economy (telecom, data centers) appears to be placing an increased demand on the power grid at a time where energy reduction is the preferred trend.  Potential conflict?  Perhaps.  That’s why it is very important for ICT companies to examine energy reduction and implement an EMS like ISO 14001 to set goals and objectives for environmental management.  Want some ICT best practices guidance?  AT&T and the Environmental Defense Fund (EDF) are releasing their best practices and a toolkit that other companies can use to assess performance at their own facilities.

     

    R2/RIOS:  How are you dealing with e-waste?

    This leads to the subject of e-waste and recycling. Environmental management has many tentacles.  Specific to the ICT supply chain, many of our clients who are certified to the TL 9000 (the telecommunications quality standard) are now required to address electronic waste and recycling, either in their own organizations or as a requirement of doing business as a Tier 1 supplier.  There are multiple ways to meet this objective and we’ve been writing about this on our blog since 2011.

    The two prevailing approaches are R2/RIOS and e-Stewards.  In our industry, we are assisting more clients with R2/RIOS certifications and you will soon see this as a new practice area on our website.

    In fact, a recent article from GreenBiz addresses how e-waste is now a serious problem in the developing world and another provides a quick breakdown on the current rules of recycling electronic waste.  We see this trend continuing and we know that most of our ICT clients will be forced to address this issue internally and with corporate customers in 2014 and beyond.  Consider obtaining a R2/RIOS certification as a potential solution.

    As you can see, ICT quality has many layers outside of general quality and network quality (which is well managed through TL 9000 and ISO 9001 certification).  TL 9000 is expanding to deal with network security and next generation technologies.  However, ICT quality intersects with other important business quality challenges.

    How will you deal with data security, energy management and e-waste?  Consider the additional standards we’ve outlined!

    For more information on ISO 14001, ISO 27001 and R2/RIOS ertification please contact us at info@bizphyx.com.

     

  • support 6:49 pm on February 22, 2014 Permalink | Reply
    Tags: 340 Club, , , ISO 27001, , , , , , , TL 9000 Requirements R5.5   

    Update From The QuEST Forum Leadership Summit 2014: Driving Sustainability in ICT 

    The QuEST Forum Leadership Summit took place in Dallas a few weeks ago and the summit officially kicks off the new year for TL 9000 and QuEST Forum business.  A great deal was discussed and the networking at this year’s summit was very productive.

    Reports were provided by each of the working committee chairs, Executive Board initiative(s) chairs, regional chairs and QuEST Forum CEO, Fraser Pajak.  BIZPHYX Senior Vice President Bob Clancy taught new Board members during the Executive Board Training session.

    Great progress was made in 2013 and the Board is looking for even greater accomplishments in 2014, especially in different industry sectors by bringing in new members, addressing regional needs and broadening the scope of influence of both TL 9000 and QuEST Forum in the global ICT domain.

     

    New Initiatives

    Two new initiatives that were discussed at the Leadership Summit were Sustainability and Cell Tower Safety.  QuEST Forum is looking at its role in driving sustainability in the ICT supply chain.   Also discussed was how QuEST Forum can work with cell tower companies to improve performance and safety.  In light of recent cell tower accidents (employees), safety has become a critical topic on the wireless side of our industry.

    These are two pressing topics for discussion in ICT and we’re encouraged to see how QuEST Forum will address both sustainability and cell tower safety going forward in 2014 and in the years to come.

     

    Small Business Membership Continues To Grow

    Sue Clancy presented a very encouraging update on Small Business to the QuEST Forum Executive Board.  Small business is now 33% of the membership of QuEST Forum, after adding 12 new members in 2013.

    How important is Small Business to QuEST Forum?  Small Business contributed $50,000 in sponsorships in 2013 and increased attendance to our monthly lecture series by 27%.  That’s how!

    Small Business is alive and well in QuEST Forum and Sue Clancy will continue to lead this effort in 2014.  For more information on small business membership or engagement, please contact sclancy@bizphyx.com.

     

    New Sector Engagement Through a New QuEST Forum Board

    QuEST Forum also welcomed new board member John Greene in 2014.   John Green is the Chief Engineer for Great Plains Communications.  Great Plains is Quest Forum’s first Tier 3 Service Provider to serve on the Executive Board, which begins a long overdue and critical dialogue with rural Telcos many of which, are members of the NTCA: The National Rural Broadband Association.  BIZPHYX has been a member of the NTCA for many years.

    John’s enthusiasm and insight into the Tier 2 and Tier 3 service providers has already generated excitement with regard to this new sector.  He was instrumental in arranging Fraser Pajak’s speaking engagement at the NTCA’s October “Telco Vision” event, helping to formally introduce QuEST Forum and TL 9000 to a new audience.  John participated in two different panel discussions during this 3-day conference.

    As Chief Engineer with Great Plains Communications, John is highly respected by regional Telcos and is an incredible addition to the QuEST Forum Executive Board.  Great Plains Communications is a diversified telecommunications company providing local and nationwide long-distance telephone service to 77 Nebraska communities, and digital cable television service to 41 Nebraska communities.  Based in Blair, Nebraska, Great Plains is the largest Nebraska-owned telecommunications provider.

    We’re all looking forward to working with John Greene in bringing a knowledge of TL 9000 to rural telecom!  Please click on the blue links above for more information about John, Great Plains and the NTCA.

     

     New Revisions: TL 9000 Requirements Handbook R5.5

    As many of you are aware, new TL 9000 Requirements Handbook R5.5 is upon us.  As of Feb 10, 2014 it is available for use by organizations for audit purposes.  Organizations can still be audited to the 5.0 version of the Requirements Handbook until Jan 1, 2015.  On or after January 1, 2015, all audits must be conducted to the 5.5 version.  For information on the changes between the two revisions, please listen to a podcast tutorial here on our blog, on our website or in I-Tunes.

    This podcast is presented by BIZPHYX SVP, Bob Clancy. There is a new requirement called Product Security, so be sure to listen!

     

    BIZPHYX Makes The 340 Club

    BIZPHYX was also recognized for achieving participation in the QuEST Forum 340 Club.  The 340 Club is for those members of QuEST Forum that exhibit exceptional membership participation in forum activities through their employee’s investment of time and efforts in multiple work groups, sub teams and regions along with generous event sponsorships.  This is the third straight year BIZPHYX has been recognized for our contributions to QuEST Forum!

    BIZPHYX CEO, Sue Clancy was recognized for her role as an Executive Contributor to the Executive Board in 2013.  As an Executive Contributor, Sue has led the efforts of the Small Business Group and will continue in that role in 2014.   Sue was also reappointed to her role as Executive Contributor for the 2014 term.  Please visit our Flickr page for all photos and releases.

    The ICT landscape continues to evolve into the cloud, M2M and into public utility grids and so will TL 9000.  Data and network Security, as well as safety and sustainability will be front and center, so stay tuned, it’s going to be a very interesting year!

     

    • Laurinda 4:28 am on February 16, 2018 Permalink

      I’m really loving the theme/design of your blog. Do you ever run into any web browser
      compatibility issues? A few of my blog visitors have complained about my site not working correctly in Explorer
      but looks great in Opera. Do you have any solutions to help fix this issue?

    • Melvin 7:11 pm on February 28, 2018 Permalink

      Please let me know if you’re looking for a article author for
      your blog. You have some really good articles and I think I would be
      a good asset. If you ever want to take some of the load off, I’d absolutely love
      to write some content for your blog in exchange for a link back to mine.

      Please send me an e-mail if interested. Regards!

    • minecraft 1:22 am on September 9, 2018 Permalink

      I was wondering if you ever considered changing the
      layout of your site? Its very well written; I love what youve got to say.
      But maybe you could a little more in the way of content so people could
      connect with it better. Youve got an awful lot of text for only having 1 or two images.
      Maybe you could space it out better?

  • support 1:30 am on February 1, 2013 Permalink | Reply
    Tags: , ISO 27001, , ISO/IEC 27013, ITIL, ,   

    2013: The Year Of Quality Standards “Integration” 

    As we begin the new year by helping clients respond to quality management challenges in their organizations, it has become increasingly clear that 2013 will be focused on data security, energy management and sustainability driven through “communication” networks.  These unique functions must integrate even further to meet the complex task of driving a company’s products and services through a global supply chain.

    Take for example the telecom industry, where the evolution has become known as “ICT” or information and communications technology.  When you combine communication devices that disseminate big data serviced through networks to deliver healthcare, you have telemedicine. Combine public utilities utilizing data through intelligent meters to drive energy reduction and sustainable building standards and you support smart grids and smart cities.

    The reality is data security and energy management are cross-relational with the “communication network” at the center of the relationship.

    Quality standards are no different and this space is evolving to support integration.  Today, we wrapped up work group meetings at the 2013 QuEST Forum Leadership Summit in Dallas.  QuEST Forum is the governing body over TL9000, the telecom quality standard (based on ISO 9001).  In the past year, the standard has evolved and is now known as the “ICT” standard because deployment over a network is no longer centered purely on “tele” communications.   A communication network may be “service” centric, such as with the transportation and energy sectors.

    TL 9000 certification can easily be integrated with ITIL functions, such as Service Desk.  A great example of integration comes from Huawei.  Utilizing eTom, ITIL and TL 9000, Huawei has developed its own compliant MSUP (Managed Service Unified Platform), which is an architecture that drives multiple functions such as customer satisfaction, organizational mapping and operation support systems.

    The marketplace is driving shifts in ISO implementations as well.  Organizations are now certifying to TL 9000 and ISO 14001 (the energy management standard) at the same time and further expanding their quality certifications to include information security by implementing ISO 27001.

    ISO and IEC are also issuing new guidelines which “integrate” standards.  For example, in January 2013 ISO and IEC announced that they have published a new International Standard giving organizations advice on how to make integrated use of information security and service management system standards.

    The relationship between information security and service management is so close that many organizations already recognize the benefits of adopting both standards: ISO/IEC 27001 (information security) and ISO/IEC 20000-1 (service management).

    The new ISO/IEC 27013:2012, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1, provides guidance to be used whether one standard is implemented before the other, or both standards are implemented simultaneously.  Only time will tell how this guideline will influence ITIL and COBIT best practices.

    The publication of ISO/IEC 27013 arose from the recognition that combining use of both International Standards brings additional benefits.  ISO/IEC 27013 gives guidance on the first steps to be taken by organizations that wish to increase efficiency, improve their information security, service management and services”, according to Jenny Dugmore, editor of the new standard.

    Look for this trend to continue, with future guidelines expected as organizations chose to implement multiple, complimentary quality standards as a way to respond to business goals and regulatory pressures.  BIZPHYX is now in the process of expanding its service portfolio to include ISO 27001 implementation and audits, with clients set to certify later this year.  For more information on new ISO standards and guidelines, please visit the ISO news page.

    We’ll be reporting on the outcome of the recent QuEST Forum Leadership Summit and what changes are coming in 2013 with the release of R5.0 of the TL 9000 Measurements Handbook.  Our February edition of THE STANDARD will deal with this subject matter, as well as our March 15th TL 9000 R5.0 Measurements Handbook Delta Course.  For more information or to register, visit our website.

    Please contact us if your organization is considering implementing TL 9000, ISO 14001 or ISO 27001, either independently or as a suite of quality certifications.  You can reach us at info@bizhpyx.com.

     

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel