Whittington & Associates Newsletter

Newsletter sign-upSign up for our monthly email newsletter to get the latest guidance on ISO 9001, AS9100, ISO 13485, ISO/TS 16949, TL 9000, ISO 14001, ISO 27001, ISO 20000, and related ISO standards, as well as, Six Sigma.

If you have any questions about the articles appearing in this issue, or you want to suggest topics for future issues, please let us know.

ISO 9001:2015 Classes in Orlando

Aug 1, 2017 in Newsletter | Comments Off on ISO 9001:2015 Classes in Orlando

Larry Whittington will be the instructor for these ISO 9001:2015 classes in Orlando, Florida:

ISO 9001:2015 Requirements

September 18-19, 2017
December 18-19, 2017

ISO 9001:2015 Internal Auditor

September 18-20, 2017
December 18-20, 2017

ISO 9001:2015 Lead Auditor
September 18-21, 2017
December 18-21, 2017

Click on a course title to view the course description and enroll in a class.

If you have questions about the training, or the registration process, please call 770-862-1766.

Guide for Implementing ISO 14001:2015

Aug 1, 2017 in Newsletter | Comments Off on Guide for Implementing ISO 14001:2015

“ISO 14001:2015 – Environmental management systems – A practical guide for SMEs” has been released. This handbook aims to help small businesses understand the requirements of an environmental management system and to help them successfully implement ISO 14001:2015.

Implementing an environmental management system at a small business can be a challenge since technical resources, financial resources, and staff time are limited. The handbook shares expert advice, tools, templates, and lessons learned on the implementation process.

According to a description of the handbook, the ISO 14001:2015 standard provides the “what” and the handbook provides the “how”. ISO 14001 is a set of environmental management requirements. The handbook provides practical help, examples, and guidance on how to meet those requirements.

The benefits of implementing an EMS include improved control and management of emissions, effluents, and wastes, avoidance and safe handling of hazardous or potentially polluting materials, reduction in generated wastes, energy efficiency improvements, and cost savings.

“ISO 14001:2015 – Environmental management systems – A practical guide for SMEs” can be ordered at this ISO web page for about $60.00. The handbook can also be ordered at this ANSI web page for $68.00 (non-member) or $54.40 (member).

ISO/IEEE 15289:2017

Aug 1, 2017 in Newsletter | Comments Off on ISO/IEEE 15289:2017

ISO/IEEE 15289:2017 specifies the purpose and content of all identified systems and software life-cycle information items, as well as, information items for information technology service management.

The information item contents are defined according to generic document types and the specific purpose of the document. Information items are combined or subdivided as needed for project or organizational purposes.

This standard is based on the life-cycle processes specified in:

  • ISO/IEEE 12207:2008, Systems and software engineering – Software life cycle processes;
  • ISO/IEEE 15288:2015, Systems and software engineering – System life cycle processes;
and the service management processes specified in:

  • ISO 20000-1:2011 (IEEE 20000-1:2013), Information technology – Service management – Part 1: Service management system requirements;
  • ISO 20000-2:2012 (IEEE 20000-2:2013), Information technology – Service management – Part 2: Guidance on the application of service management systems.
ISO/IEEE 15289:2017 can be ordered for about $198 at this ISO web page. It can be ordered for about $186 (member) or $232 (non-member) at this ANSI web page.

Content of ISO/IEEE 15289-2017
1 Scope
2 Normative references
3 Terms, definitions, and abbreviated terms
3.1 Terms and definitions
3.2 Abbreviated terms
4 Applicability
4.1 Purpose
4.2 Intended users of this document
4.3 Applicability to work efforts
4.4 Applicability to information item audiences
5 Conformance
5.1 Definition of conformance
5.2 Conformance situations
5.3 Type of conformance
6 Life-cycle data and information items
6.1 Life-cycle data characteristics
6.2 Records compared to information items (documents)
6.3 Management of life-cycle data (records)
6.4 Management of information items (documents)
6.4.1 Developing the documentation plan
6.4.2 Managing and controlling information items
7 Generic types of information items
7.1 General
7.2 Description – generic content
7.3 Plan – generic content
7.4 Policy – generic content
7.5 Procedure – generic content
7.6 Report – generic content
7.7 Request – generic content
7.8 Specification – generic content
8 Mapping of information items to the life cycle and service management processes
8.1 Mapping of information items to the system life cycle
8.2 Mapping of information items to the software life cycle
8.3 Mapping of information items to the service management processes
9 Records
9.1 Record – generic content
9.2 Specific record contents
10 Specific information item (document) contents
10.1 General
10.2 Acceptance plan
10.3 Acceptance report
10.4 Acquisition plan
10.5 Asset management plan
10.6 Audit acknowledgement report
10.7 Audit plan
10.8 Audit procedure
10.9 Audit report
10.10 Capacity plan
10.11 Capacity management procedure
10.12 Change request
10.13 Communication procedure
10.14 Complaint procedure
10.15 Concept of operations
10.16 Configuration management plan and policy
10.17 Configuration management procedure
10.18 Configuration status report
10.19 Contract
10.20 Customer satisfaction survey
10.21 Database design description
10.22 Development plan
10.23 Disposal plan
10.24 Documentation plan
10.25 Documentation procedure
10.26 Domain engineering plan
10.27 Evaluation report
10.28 Implementation procedure
10.29 Improvement plan
10.30 Improvement procedure
10.31 Incident management procedure
10.32 Incident report
10.33 Information management plan
10.34 Information management procedure
10.35 Information security plan
10.36 Information security policy
10.37 Information security procedure
10.38 Installation plan
10.39 Installation report
10.40 Integration and test report
10.41 Integration plan
10.42 Interface description
10.43 Life-cycle policy and procedure
10.44 Maintenance plan
10.45 Maintenance procedure
10.46 Measurement plan
10.47 Measurement procedure
10.48 Monitoring and control report
10.49 Operational test procedure
10.50 Problem management procedure
10.51 Problem report
10.52 Process assessment procedure
10.53 Process improvement report
10.54 Product need assessment
10.55 Progress report
10.56 Project management plan
10.57 Proposal
10.58 Qualification test procedure
10.59 Qualification test report
10.60 Quality management plan
10.61 Quality management policy and procedure
10.62 Release plan (and policy)
10.63 Request for proposal (RFP)
10.64 Resource request
10.65 Reuse plan
10.66 Review minutes
10.67 Risk action request
10.68 Risk management policy and plan
10.69 Service catalog
10.70 Service continuity and availability plan
10.71 Service level agreement (SLA)
10.72 Service management plan (and policy)
10.73 Service plan
10.74 Service report
10.75 Software architecture description
10.76 Software design description
10.77 Software requirements specification
10.78 Software unit description
10.79 Software unit test procedure
10.80 Software unit test report
10.81 Supplier management procedure
10.82 Supplier selection procedure
10.83 System architecture description
10.84 System element description
10.85 System requirements specification
10.86 Training documentation
10.87 Training plan
10.88 User documentation
10.89 User notification
10.90 Validation plan
10.91 Validation procedure (validation test specification)
10.92 Validation report
10.93 Verification plan
10.94 Verification procedure
10.95 Verification report
Annex A (informative) Procedure for identifying information items and their contents
Annex B (informative) Information items and records by source


List of Tables
Table 1 – Mapping of ISO/IEEE 15288:2015, clauses to information items for each system lifecycle process
Table 2 – Mapping of ISO 12207:2008 (IEEE 12207-2008) clauses to information items for each software life-cycle process
Table 3 – Mapping of ISO 20000-1:2011 (IEEE 20000-1:2013) and ISO 20000-2:2012 (IEEE 20000-2:2013) clauses to information items for each service management process
Table 4 – Record references and contents

ISO 14001:2015 Changes – Clause 4

Aug 1, 2017 in Newsletter | Comments Off on ISO 14001:2015 Changes – Clause 4

This article summarizes the new and changed ISO 14001:2015 requirements in Clause 4 compared to ISO 14001:2004.

4. Context of the Organization
4.1 Changes – Understanding the Organization and its Context

New requirement on context of organization. High-level, conceptual understanding of the important issues that affect the way the organization manages its environmental responsibilities.

These issues are:
  • important topics,
  • problems for debate and discussion, or
  • changing circumstances that affect ability to achieve intended outcomes.
Issues affecting the intended outcomes may be:

External: cultural, social, political, legal, regulatory, financial, technological, economic, natural, and competitive issues, whether local, regional, national, or international.

Internal: activities, products, services, strategic direction, culture, and capabilities (i.e., people, knowledge, processes, and systems).

Issues can result in risks and opportunities.

Environmental conditions that may affect, or be affected by, the organization include:

  • climate; air quality; water quality;
  • land use; existing contamination;
  • natural resource availability; biodiversity.
4.2 Changes – Understanding the Needs and Expectations of Interested parties

  • New dedicated clause on interested parties
  • Decide which needs and expectations become “compliance obligations” (see 6.1.3)

    For example, all relevant:

  • Laws, regulations, permits, and licenses;
  • Contracts and corporate requirements;
  • Requirements of relevant interested parties you decide to comply with, and which become organizational requirements.

4.3 Changes – Determining the Scope of the Environmental Management System

  • Defining and documenting the scope is not new
  • What is new is adding specific topics to consider when determining the scope
  • Considers activities, products, services in scope that can have significant environmental aspects
  • Clarifies physical and organizational boundaries (scope) for application of EMS
    (especially if part of a larger organization)
Freedom and flexibility to define boundaries:

  • May choose to implement ISO 14001 throughout organization, or only in specific parts
  • EMS credibility depends on boundary choice
  • Do not exclude activities, products, services, or facilities with significant environmental aspects or to evade compliance obligations
  • Adds that scope must be available to interested parties
  • Scope is a factual and representative statement that should not mislead interested parties
4.4 Changes – Environmental Management System

  • Replaces old 4.1 on general requirements
  • Adds needed processes and their interactions
  • Adds achieving intended outcomes and enhancing environmental performance
  • Adds considering knowledge from 4.1 and 4.2 when establishing and maintaining EMS
The organization retains the authority and accountability to decide how it will meet ISO 14001 requirements for integration with business functions and inclusion of issues and interested party requirements.

Gap Analysis Checklists

Aug 1, 2017 in Newsletter | Comments Off on Gap Analysis Checklists

Larry Whittington has developed ISO 9001:2015 and ISO 14001:2015 checklists for the purpose of conducting a gap analysis of your current system against the new and changed requirement of the new standards.

ISO 9001:2015 Gap Analysis Checklist

The 27 page ISO 9001:2015 Gap Analysis Checklist contains 313 questions for organizations new to ISO 9001, and 119 delta questions for ISO 9001:2008 certified organizations.

To read a description of the ISO 9001:2015 Gap Analysis Checklist, and see a sample page, go to this web page. You can buy the checklist for $95.

ISO 14001:2015 Gap Analysis Checklist

The 17 page ISO 14001:2015 Gap Analysis Checklist contains 213 questions for organizations new to ISO 14001, and 96 delta questions for ISO 14001:2004 certified organizations.

To read a description of the ISO 14001:2015 Gap Analysis Checklist, and see a sample page, go to this web page. You can buy the checklist for $95.


When you click the Buy Now button at the checklist description, you will be taken to PayPal. You do not need a PayPal account to make a credit card purchase.

After payment, you will be directed to a checklist download page. The file is supplied in Word format for ease of editing.