|
Greetings!
Welcome to the Whittington & Associates e-Newsletter! Visit and bookmark our web site.
Our newsletters provide guidance on ISO 9001, AS9100, ISO 13485, ISO/TS 16949, TL 9000, ISO 14001, ISO 27001, ISO 20000, and related ISO standards, as well as, Six Sigma.
If you have any questions about the articles appearing in this issue, or you want to suggest topics for future issues, please let us know.
|
|
ISO 19770 for Software Asset Management |
 |
ISO 19770-1:2006, Information technology - Software Asset Management - Part 1: Processes, will enable organizations to benchmark their capability in delivering managed services, measuring service levels, and assessing performance. It is expected to result in improved efficiency, risk management, and customer satisfaction, as well as, reduced costs.
Software asset management principles apply to the media, installations, licenses, proof of license, and intellectual property associated with the software. Until now, the application of these business processes has been arbitrary and relatively few organizations have been able to implement a comprehensive strategy. The implementation of ISO 19770-1:2006 will standardize the framework, making it possible for companies to integrate Software Asset Management into their other compliance and best practice models.
"The standard will help companies better manage their software assets and their accompanying licenses," explains Roger Wittlock, Convenor of the working group that developed the document. "Companies who understand usage patterns, asset inventory, and specific contract terms are potentially saving millions in license costs and maintenance fees each year."
ISO 19770:2006, which is issued in two parts under the general title, Software Asset Management, will enable service providers to understand how to enhance the quality of service delivered to their customers, both internal and external.
- Part 1: describes the processes involved in software asset management
- Part 2: defines a product identification to simplify the software inventory process
The standard is intended to align closely to, and to support, ISO 20000:2005, issued in two parts under the general title, Information Technology - Service Management.
|
|
ISO Standards for Crisis Management |
|
ISO is looking at the development of standards to improve crisis management in anticipation of, or in the face of, major disasters (natural or man-made) to mitigate their effects.
ISO Technical Committee 223, provisionally named “Societal Security”, has been established to develop International Standards or other ISO deliverables that will improve preparedness before a crisis, coordination during a crisis, and reconstruction and remedial action afterwards.
“Standardized channels save time and simplify cooperation in crisis management and are therefore of vital importance” commented ISO/TC 223 Chair, Ambassador Krister Kumlin, who is Senior Adviser to the Swedish Emergency Management Agency.“One important idea is that in the future, information can be interpreted and transferred between national and international companies, authorities, and organizations.”
The scope of crisis management is broad, spanning everything from preparation, analyses, forecasts, and development of systems to education, drills, and evaluation. Another example is the need for a global standard for symbols and pictures.
At its first meeting, ISO/TC 223 discussed and reached some basic agreements on the scope and structure of its future work. It will now prepare a business plan to guide its work. In addition, the committee established three working groups to address the following aspects:
- societal security management,terminology, and
- command and control, coordination, and cooperation.
ISO Secretary-General Alan Bryden commented: “Safety and security are among the central preoccupations of governments, to ensure the protection of their citizens, and the private sector, to assist in business continuity. Anticipating and responding to natural or other types of disasters requires the efficient collaboration of governments, non-government organizations, and businesses, and often involve international coordination and cooperation. The launching of ISO/TC 223 is a further demonstration of ISO’s commitment to provide the framework and process for developing consensus-based standards to help meet the challenges in this area, as illustrated by ISO’s recent publications for food safety management, information security, the security of global supply chains, and the use of biometrics for identification.”
Companies, governments, and organizations that wish to participate in, or provide input for, the work of ISO/TC 223 should contact the ISO member in their country for information on the possible options. The ISO member for the USA is the American National Standards Institute .
|
|
ISO 26000 on Social Responsibility |
|
The building of international consensus on voluntary guidance to help organizations operate in a socially responsible way made progress at the recent meeting of the ISO group that is developing the future ISO 26000 standard on social responsibility.
ISO 26000 is intended for use by organizations of all types, in both public and private sectors, in developed and developing countries. ISO 26000 will contain guidelines, not requirements. It is not a management system standard and will not be for use as a certification standard like ISO 9001:2000 or ISO 14001:2004. It is expected to be published in the first quarter of 2009.
ISO 26000 is being developed by representatives of the six main stakeholder groups:
- industry; government; labor; consumers; nongovernmental organizations; and
- service, support, research and others.
In addition, efforts are made to maintain a geographical and gender-based balance of participants.
The guidance in ISO 26000 will draw on best practices developed by existing public and private sector initiatives. It will be consistent with, and complement, relevant declarations and conventions by the United Nations and its constituents, notably the International Labor Organization (ILO) with whom ISO has established a Memorandum of Understanding to ensure consistency with ILO labor standards.
Communication tools for ISO 26000 include a dedicated Web site with material on the SR initiative, including the new brochure, "Participating in the Future International Standard ISO 26000 on Social Responsibility".
|
|
ISO 20252 for Market Research Industry |
|
ISO 20252 standardizes the requirements for market research worldwide, encouraging consistency and transparency in the way surveys are carried out, and confidence in their results and in their providers.
Business and society rely heavily on market research, with users including companies, governments, research institutes, consumer associations, universities, and marketing and advertising agencies. Market research contributes to many aspects of modern life, from products and services we buy, to the way we vote, and to our behavior as consumers and citizens.
ISO 20252:2006, Market, Opinion, and Social Research – Vocabulary and Service Requirements, applies the principles of ISO’s quality management standards (specifically ISO 9000:2000, Quality Management Systems – Fundamentals and Vocabulary) to market, opinion, and social research. ISO 20252 harmonizes the requirements of the various national standards and industry codes that already exist for the sector.
The intention was to develop an International Standard that sets out guidance and requirements relating to the way in which market research studies are planned, carried out, supervised, and reported to clients commissioning such projects. Therefore, ISO 20252 covers all the stages of a research study: from the initial contact between the client and service provider, to presentations of results to the client.
National standards have been developed in many countries over the last ten years, fostering awareness of the importance of quality in market research. Nevertheless, there are cultural, social, and behavioral differences between countries concerning products and services.
Consequently, ISO 20252 is necessary in order to regulate these differences and permit cross-border multi-country research studies to be carried out with the assurance that working procedures are homogeneous and comparable. In addition, it will enable clients to obtain globally compatible feedback and make better informed choices of service providers.
ISO 20252 is expected to perform a vital role by helping the market research industry build a reputation for global compatibility, traceability, and continual improvement. And, it can heighten awareness of the value of professional market research activities in helping organizations make well informed decisions.
|
|
Data Disaster Recovery |
|
Businesses of all sizes have become increasingly dependent on data for their very existence. A staggering half of businesses that lose their data due to disasters go out of business within 24 months. You need a fail-safe data disaster recovery strategy that ensures business continuity, continuous data protection, and regulatory compliance.
A recent report from Gartner Group indicates that server backup in the Small and Medium Business world is approaching 100%. And, recent regulatory requirements are causing businesses to re-examine current recovery plans. There is also an increasing awareness that responsible business protection also includes moving data to a safe off-site location.
Large-scale disasters such as hurricanes and tornadoes are well publicized, but greater risk exists for most businesses in equally damaging events such as fire, flood, theft, a malfunction in the sprinkler system, or simple human error. Understanding the need for data disaster recovery is only the first step in the process. Equally important is determining the right data protection strategy for your business.
Proper planning requires clear answers to several critical questions, and the questions are the same regardless of the size of the business:
- What functions of the business are imperative to generating revenue?What functions are imperative to normal operations?
- Which functions are less imperative, but still important to the business?
The answers to these questions help determine minimally acceptable time-frames to recover from a failure and how much data loss is acceptable. See the Iron Mountain Digital paper, Data Disaster Recovery for Small and Medium Businesses. It provides insights on the leading causes of data loss, how to craft a cost-effective, off-site data protection strategy, and how on-line backup and recovery lets you get to all your data - from applications to databases to email - after any disaster.
|
|
Class Schedule |
|
| Quick Links... |
|
|
