|
March, 2005
Welcome to the
Whittington &
Associates e-Newsletter!
Visit and
bookmark our web site today: http://www.WhittingtonAssociates.com
This e-Newsletter is in HTML
format and may not be displayed properly by some email programs. Please
click on our web site address above
to see the e-Newsletter with its proper formatting.
March Articles
|
Atlanta Classes |
|
To see a list of recommended
ISO 9001, Auditing, and Six Sigma books, click on:
http://www.whittingtonassociates.com/v2/books.shtml
Click on a title to
jump to the
article:
1. Next Revision
to ISO 9001 is Planned for 2008
2. ISO Software
Engineering Standards Issued in 2004
3. Whittington to
Speak at ASQ's 12th Annual ISO 9000 Summit
4. Business Continuity, Security, and
Emergency Management
5. ISO Guidelines
on Social Responsibility
6.
Classes: March, 2005 - May, 2005
Call us at 1-800-404-7585 for these 1-day onsite classes:
- AS9100B:
Requirements Beyond ISO 9001:2000
- ISO 9001:2000 Auditor
Update - The
Process
Approach
- Understanding
ISO/TS
16949:2002
Requirements
To
see previous
articles, go to Newsletter
Archives.
To avoid this
newsletter
being rejected, or placed in a junk folder, please add <Larry@WhittingtonAssociates.com>
to your address
book or accepted list.
|
Students attending
a class in Atlanta receive a 20% discount on future Atlanta classes.
ISO
9001:2000 Lead Auditor
April 18-22, 2005
ISO
9001:2000 Internal Auditor
March 29-31, 2005
May 24-26, 2005
Understanding ISO 9001:2000 Requirements
May 16, 2005
Quality System Documentation
May 17-18, 2005
Implementing ISO 9001:2000
May 19-20, 2005
Green
Belt Certification
March 28-30, 2005
Black
Belt Certification
Group 15 (3 weeks): April 4-8
+ May 2-6 + June 6-10
Training
Classes in
Other Cities
|
| 1. Next Revision to ISO 9001 is Planned for 2008
|
Based
on ISO TC 176 committee meetings, it appears the next revision to ISO
9001 may be published in third quarter 2008. The ISO 9001:2000 changes
are being called an "amendment" to convey the committee's intent to
limit the changes to those needed for clarification of the standard.
Anything considered having a high impact on users will be held for a
future revision. For the ISO 9004:2000 guidance document, the term
"revision" is being used since the committee intends to introduce
substantive changes.
The committee has developed a revision criteria document to help them
evaluate the potential impact and benefits of proposed changes. Each
change will be categorized as high, medium, or low impact, as well as,
high, medium, or low benefit. The impact of a change on requirements,
users, training, and documentation will be considered when classifying
the proposed change. Likewise, benefits will be classified based on
improvement of clarity, elimination of inconsistencies, increased
compatibility with ISO 14001, and reduction in translation problems.
| 2. ISO Software Engineering
Standards Issued in 2004
|
These
software
engineering standards issued by ISO in 2004 may be of interest to
your organization:
ISO/TR 9126-4:2004 - Software
engineering - Product quality:
Part 4: Quality In Use
Metrics. Provides quality in use metrics for measuring the
attributes defined in ISO 9126-1 (Quality Model). ISO/TR 9126-4 contains an
explanation of how to apply software quality metrics, a basic set of metrics for each characteristic, and an example of how to apply metrics during the software
product life cycle.
ISO/TR 14143-5:2004 - Information
technology - Software measurement - Functional size
measurement:
Part 5: Determination of functional domains for use with
functional size measurement. Describes
the characteristics of
Functional Domains and the procedures by which characteristics of
Functional User Requirements can be used to determine Functional
Domains.
ISO 15504-3:2004 - Information
technology - Process assessment:
Part 3: Guidance on
performing an assessment.
ISO 15504 (all parts)
provides a framework for the assessment of processes. This framework
can be used by organizations involved in planning, managing,
monitoring, controlling and improving the acquisition, supply,
development, operation, evolution and support of products and services.
ISO 15504-3:2004 provides guidance on meeting the minimum set of
requirements for performing an assessment contained in ISO 15504-2.
ISO 16085:2004 - Information
technology - Software life cycle processes:
Risk
management. Defines a
process for the management of risk during software acquisition, supply,
development, operations and maintenance.
ISO 18019:2004 - Software and system
engineering:
Guidelines for the design and
preparation of user documentation for application software. Describes how to establish what
information users need, how to determine the way in which that
information should be presented to the users, and how then to prepare
the information and make it available.
ISO 90003:2004 - Software
engineering:
Guidelines for the application of ISO
9001:2000 to computer software. Provides guidance for organizations
to apply ISO 9001:2000 for the acquisition, supply, development,
operation, and maintenance of computer software and related support
services.
For more
detailed abstracts for these standards, go to (http://www.iso.org).
| 3. Whittington to Speak at ASQ's 12th Annual ISO
9000 Summit
|
Larry Whittington will speak at the ASQ 12th Annual ISO 9000 Summit (April 4-5) in
Atlanta, GA. His session on "Document and Record Control: Basic Requirements and Industry Views"
will be 11:15 AM - 12:15 PM on Tuesday, April 5.
Early bird
registration rates
for the conference are available until March 10. Learn more at
(http://www.asq.org/ed/conferences/iso/2005/index.html).
Larry's presentation will address
the basic document and record control requirements of ISO 9001:2000,
plus the guidance of:
- ISO 9004
(quality)
- ISO
90003 (software)
- ISO
15489 (records)
as well as, the expanded
document and record control requirements of:
- AS9100
(aerospace)
- TL 9000
(telecommunications)
- ISO/TS
16949 (automotive)
- ISO
13485 (medical devices)
- ISO
14001 (environment)
If
you attend his presentation, you should be able to:
- Understand
the basic ISO 9001:2000 requirements for document and record control
- Contrast
these basic requirements with additional requirements in related
standards
- Develop
a more comprehensive system for controlling their documents and records
| 4. Business Continuity, Security, and
Emergency Management |
Do you know the right questions to ask about
your organization's level
of preparedness in business continuity, information security, physical
security, and emergency
management? These questions posed by Paul Kirvan at
ContingencyPlanning.com may
help determine if your organization needs help.
Information Security
- When was the last time you experienced a
breach of security that
resulted in damage to valuable company information?
- How do you currently ensure the
confidentiality, integrity, and
availability of your firm's critical data and information technology?
- How do you protect your communications
networks from
unauthorized internal or external access?
- How do you protect the information being
communicated among your
staff and external users?
- How do you identify and validate potential
threats to your
information systems and networks?
- How do you identify and validate potential
vulnerabilities to
those assets?
- How do you protect your employees from
identity theft?
- What policies and procedures have you
established for dealing
with data protection and network security?
- How do you measure the effectiveness of the
security programs
you have in place?
- How often do you test your information
security programs, and
when was your last test?
Physical Security
- When was the last time you experienced a
security breach that
allowed someone's unauthorized access to your offices?
- What was the outcome of that occurrence?
- How do you currently control access to your
properties for
employees and guests?
- How do you identify potential security
threats within your
premises?
- How do you identify potential security
threats external to your
premises?
- How do you monitor your corporate
property's perimeters?
- How do you currently respond to existing
security threats?
- What policies and procedures have you
established to protect
your physical premises from unauthorized access?
- How do you measure the effectiveness of the
physical security
programs currently in place?
- How often do you test your physical
security programs, and when
was your last test?
Business Continuity
- What are your most critical business
processes and supporting
systems (e.g., payroll, A/P, manufacturing)?
- If those processes and systems were no
longer available, how
would you get yourself back into business?
- How do you currently minimize the damage to
your business from
disabled or compromised information systems?
- What procedures do you initiate to recover
systems and processes
that have been disabled or destroyed?
- How will your employees respond in an
emergency situation,
especially one that involves evacuating the premises?
- If you were no longer able to access your
office, for whatever
reason, how would you restore business operations?
- Facing a disaster situation, how would you
notify employees,
family members, local authorities, and clients?
- What policies and procedures have you
established to keep your
company in business following a crisis or disaster?
- How do you measure the effectiveness of
these response, recovery
and restoration programs?
- How often do you test your business
response and recovery
programs, and when was your last test?
Emergency Management
- When was the last time you experienced a
crisis or disaster
situation that threatened your business or your employees?
- What was the outcome of that event?
- How do you currently respond to emergencies
and other crisis
situations?
- What procedures are in place to mitigate
the severity or outcome
of potential disasters?
- How would you describe your company’s level
of preparedness for
dealing with crisis situations?
- What is your normal level of interaction
with public
authorities, such as police/fire/EMT, and city/county/state offices of
emergency management?
- Faced with an emergency, how would you
interact with those same
public sector organizations?
- What policies and procedures have you
established to deal with
emergency situations?
- How do you measure the overall
effectiveness of existing
emergency and crisis response programs?
- How often do you test your emergency and
crisis response plans,
and when was your last test?
Paul Kirvan is a Fellow of the Business Continuity Institute
(FBCI), Certified Business Continuity Planner (CBCP), and Certified
Information Systems Security Professional. For more information on Business
Continuity, Security, and Emergency Management, go to: http://www.contingencyplanning.com
| 5. ISO Guidelines on Social Responsibility
|
The first
meeting of the ISO group developing the
International Standard for guidelines on social responsibility has been
scheduled for March 7-11, 2005 in Salvador, Bahia, Brazil. ISO expects
that developing the standard will take three years, with publication in
early 2008.
The standard will provide guiding principles on social responsibility.
It will not be a management system standard and will not be for
certification purposes. For more
information, go to http://www.iso.org/iso/en/info/Conferences/SRConference/home.htm
| 6. Class Schedule: March, 2005 - May, 2005
|
To enroll
in these
public classes, you can click on the course title, go to Class
Schedule at our web site, or call us at 800-404-7585.
Classes
taught by Larry Whittington are shown in yellow.
ISO
9001:2000 Lead
Auditor (RABQSA Certified) - BSI Management Systems
Initial
course version developed by Larry Whittington
| March |
April |
May |
| 07-11 St.
Louis, MO |
04-08 Chicago, IL |
02-06 San
Diego, CA |
| 14-18 Las
Vegas, NV |
11-15 Newport Beach, CA |
09-13 Reston, VA |
| 21-25 Reston, VA |
18-22 Atlanta, GA |
16-20 San
Juan, PR |
| - - |
18-22 Providence, RI |
23-27 Columbus, OH |
| - - |
25-29 Memphis, TN |
- - |
ISO
9001:2000
Internal Auditor (RABQSA Certified) - BSI
Management Systems
Initial course version developed by Associate at Whittington & Associates
| March |
April |
May |
| 15-17 San
Jose, CA |
19-21 Newport Beach |
24-26 Atlanta, GA |
| 22-24 Chicago, IL |
- - |
24-26 Reston, VA |
| 29-31 Atlanta, GA |
- - |
- - |
Implementing
ISO
9001:2000
Course
developed by Larry Whittington
| May |
July |
| 03-04 Reston,
VA |
07-08 Newport Beach, CA |
| 19-20 Atlanta, GA |
- - |
Understanding
ISO
9001:2000
| May |
July |
| 02 Reston, VA |
06 Newport Beach, CA
|
Understanding
ISO
9001:2000 Requirements (Atlanta Only - $295)
Course
developed by Larry
Whittington
| May |
August |
| 16 Atlanta, GA |
22 Atlanta, GA |
Quality
System
Documentation (ISO 9001:2000)
Course
developed by Larry
Whittington
| May |
August |
| 05-06 Reston,
VA |
23-24 Atlanta, GA |
| 17-18 Atlanta, GA |
- - |
The above
public
courses can
be offered on-site at your facility. In addition, we offer these
on-site courses:
- ISO 9001:2000
Auditor Update - The
Process
Approach (1 Day) - Course developed by Larry
Whittington
- Understanding
ISO/TS 16949:2002
Requirements (1 Day) - Course developed by Larry
Whittington
- Internal
Quality
Auditing (2 Days) - Course developed by Larry
Whittington (based on ISO 19011)
- AS9100B:
Requirements Beyond ISO 9001:2000 (1 Day) - Course developed by Larry
Whittington
To arrange
an
economical
on-site class, please call us at 800-404-7585.
© 2000-2004 Whittington & Associates, LLC. All
rights reserved.
You may copy this e-Newsletter provided you copy it completely, do not change
it, and include this copyright notice.
|
