Understanding Management Systems Concepts

Similar documents
iso20000templates.com

IT Governance: The benefits of an Information Security Management System

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

Need a system to deliver consistent, efficient and reliable IT services? Use an ISO/IEC compliant management system.

ISO/IEC Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1

Certified Information Systems Auditor (CISA)

ISMS Implementation Guide

ISO/IEC 20000: 2011 IT Service Management. Tying together all your IT processes Product Guide

ISO20000: What it is and how it relates to ITIL v3

Information security controls. Briefing for clients on Experian information security controls

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

Name: Lynda Cooper Date: November 24th. Revising ISO/IEC to fit the future of service management

Software Quality Standards and. from Ontological Point of View SMEF. Konstantina Georgieva

Information security management systems Specification with guidance for use

Security Controls What Works. Southside Virginia Community College: Security Awareness

Recent Advances in Automatic Control, Information and Communications

Need to protect your information? Take action with BSI s ISO/IEC

Benefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Integrated Information Management Systems

Road map for ISO implementation

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Open Certification Framework. Vision Statement

SC7-ISO20000 Alignment issues Aligning ITIL to existing ISO JTC1- SC7 Software Engineering Standards

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template

ISO/IEC Part 1 the next edition

INFORMATION SYSTEMS. Revised: August 2013

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

ISO 9001 Quality Management System Lead Auditor Training (IRCA)

NEW SCHEME FOR THE INFORMATION SECURITY MANAGEMENT WITH ISO 27001:2013

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000

Dokument Nr. 521.dw Ausgabe Februar 2013, Rev Seite 1 von d Seite 1 von 11

ISO 27002:2013 Version Change Summary

Security Standards BS7799 and ISO17799

ISO Information Security Management Systems Foundation

Information Security Management Systems

Benchmark of controls over IT activities Report. ABC Ltd

Log management and ISO 27001

Supplier Security Assessment Questionnaire

Securing the Service Desk in the Cloud

How small and medium-sized enterprises can formulate an information security management system

Document Hierarchy of Information Security. Corporate Security Policy. Information Security Standard. General Directive(s) Specific Directive(s)

How To Manage Your Information Systems At Aerosoft.Com

Human Factors in Information Security

Information Security Awareness Training

The new Family of Standards & ISO/IEC 27001

CONTENTS. PCI DSS Compliance Guide

Security aspects of e-tailing. Chapter 7

Certifying Information Security Management Systems

IT Audit in the Cloud

ISO/IEC IT Service Management - Benefits and Requirements for Service Providers and Customers

PROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution

Cyber Security solutions

ISO 27001: Information Security and the Road to Certification

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer

Using Information Shield publications for ISO/IEC certification

Draft Information Technology Policy

ITIL Service Lifecycle Stream

Software Quality Management

Validating Enterprise Systems: A Practical Guide

-Blue Print- The Quality Approach towards IT Service Management

Outsourcing and Information Security

EXAM PREPARATION GUIDE

ISO/IEC Information Security Management. Securing your information assets Product Guide

ISO/IEC 27001:2013 webinar

Domenico Raguseo. IT Governance e Business Technology (approfondimenti su ITIL)

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

ISO Information Security Management Services (Lot 4)

Firewall Administration and Management

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

NOS for Network Support (903)

Information Security Management Systems

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Domain 1 The Process of Auditing Information Systems

Course: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management

ITIL and ISO/IEC How ITIL can be used to support the delivery of compliant practices for Information Security Management Systems

(Instructor-led; 3 Days)

Security Overview. BlackBerry Corporate Infrastructure

Stellenbosch University. Information Security Regulations

Security and Privacy Controls for Federal Information Systems and Organizations

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Practical implementation of ISO / 27002

Information Security Policy

ITIL Foundation Certification Course

ISO/IEC ITIL Service Management V.2 V s V.3 Project ACE Andy Evans Programme Director and Strategic Programme Advisor

Security Controls in Service Management

Information Security: A Perspective for Higher Education

Transcription:

Understanding Management Systems Concepts Boğaç ÖZGEN Lead Auditor 1

管 理 计 划 初 始 化 做 实 施 检 查 控 制 过 程 行 动 改 善 活 动 系 统 监 视 2

Management (PLAN) Planning and Organizing (DO) Implementing and realization of plans (CHECK) Checking and evaluation (ACT) Corrective and preventive actions Continual Improvement 3

Today s programme 13:00 Management Systems General Concepts 13:20 TickIT 13:50 Break (10 min) 14:00 Information Security Management System 14:35 Break (5 min) 14:40 IT Service Management 15:15 Questions 15:25 Free time 15:50 Expressing our feelings to meet each other again 4

BSI British Standards Institution A Global Market Leader Leading global certification body with over 68,000 certified locations and clients in over 120 countries A leader in the assessment and certification of: Information Security ISO/IEC 27001 IT Service Management ISO/IEC 20000 Quality ISO 9001 Quality ISO 9001 - TickIT Business Continuity BS 25999 5

BSI British Standards Institution Services Information and guidance Customer events Training Second and third-party auditing and verification Registration and certification Continual assessment and strategic reviews Business improvement tools, performance benchmarking and software solutions 6

Boğaç ÖZGEN Industrial Engineer Master of Science degree on Engineering Management Interest Areas: Software Development Business Intelligence Process Improvement Management Systems IT Governance Risk Management Lead Auditor, Consultant and trainer 7

Management Systems General Concepts 8

Management Systems General Concepts Policy Scope Processes Process Management 9

Management Systems General Concepts Required processes and procedures: Control of Documents Control of Records Internal Audits Corrective Actions Preventive Actions HR Competency Management Management Review Meetings 10

Management Systems General Concepts Management Commitment Management Principles Customer focus Leadership Involvement of people Process approach System approach to management Continual improvement Factual approach to decision making Mutually beneficial supplier relationships Resource Management Defining Goals and Targets 11

Goals & Targets Balanced targets Financials Customer Training Internal Processes SMART Objectives Specific Measurable Achievable Realistic Time bases Cascading down to activity level Business Objectives Operational Objectives Process Objectives Activity Objectives 12

Please be patient, be strategic...! 13

Summary of Management Systems General Concepts Policy and Scope Process Management Management Commitment Goals and Targets Internal audits Continual Improvement HR Competency Management 14

ISO9001:2008 TickIT Scheme 15

TickIT What is TickIT? TickIT is implementation of ISO9001 Standard onto the systems providing Software Development processes. Desktop applications Web applications Portal development Linux, Unix or other OS dependent systems Linux run refrigerators SCADA Systems... 16

TickIT Guidance Software sector guidance is available in ISO 90003 Software engineering Guidelines for the application of ISO 9001:2000 to computer software TickIT Guide TickIT Guide Section E and ISO 90003:2004 overlapping at some degree Organisations are not required to satisfy guidance ISO 12207 Information technology Software life cycle processes 17

ISO12207 - Information technology Software life cycle processes 18

Software Development Models Instinctive (no structured testing) Creative (there is unit testing) Waterfall (starting of standard development models) V Model Spiral Prototyping Agile (an approach) RUP extreme Programming RAD/JAD DSDM... 19

TickIT Processes Software Product Development Project Management Software development Requirements gathering Configuration management Design Verification, validation Joint reviews Development Change Management Testing Deployment Documentation 20

TickITPlus A new approach Capability Dimension Level 2 : Bronze: Managed (Starting point to transfer from current TickIT) Level 3 : Silver : Established Level 4 : Gold : Predictable Level 5 : Platinum : Optimising Based on ISO/IEC 15504-2 SPICE http://www.tickitplus.org 21

Summary of TickIT Implementation of ISO9001 Guidance Documents TickIT Guide ISO90003 ISO12207 Software Development Models Software Development Processes TickITPlus is coming 22

Break 10 min. 23

ISO27001:2005 Information Security Management System 24

ISMS What is Information Security? What is Information Security Management System? What are assets? What are threats? What are vulnerabilities? What is impact analysis on CIA? What is risk? 25

ISMS Implementation Define scope and boundaries Define ISMS Policy Define Risk Assessment Methodology Impact Analysis Calculate risk values and define unacceptable risks Risk treatment evaluation Select controls and the objectives of these controls Residual Risk Acceptance Management Approval for implementing and maintaining ISMS 26

Statement of Applicability (SoA) A.5 Security policy A.6 Organization of information security A.7 Asset management A.8 Human resources security A.9 Physical and environmental security A.10 Communications and operations management A.11 Access control A.12 Information systems acquisition, development and maintenance A.13 Information security incident management A.14 Business continuity management A.15 Compliance 27

Aspects of Corporate Information Security Privacy issues Identity Theft Web pages Firewalls Employee surveillance Electronic commerce Digital signatures Computer viruses Encryption Contingency planning Logging controls Internet Intranets Corporate Governance Outsourcing security functions Computer emergency response teams Microcomputers Local area networks Voice Over IP Password selection Electronic mail SPAM Prevention Data Classification Telecommuting Telephone systems Portable computers User security training Information Security Related Terrorism 28

Summary of ISO27001 ISMS Risk Management Asset Register Threats Vulnerabilities Impact Risk Treatment and Controls Statement of Applicability Risk acceptance and Residual risk Effectiveness 29

Break 5 min. 30

ISO20000:2005 IT Service Management 31

What is IT Service Management? IT Service Management System ISO20000-1:2005; Specification ISO20000-2:2005; Code of practice It is not ITIL (IT Infrastructure Library). PDCA Cycle is applicable. 32

IT Service Management - Scope 33

IT Service Management - Processes Service Management and Improvement Planning and implementing service management Implement service management and provide the services Planning and implementing new or changed services Service Delivery Service level management Service reporting Service continuity and availability management Budgeting and accounting for IT services Capacity management Information security management Relationship processes Business relationship management Supplier management Resolution processes Incident management Problem management Control processes Configuration management Change management Release process Release management process 34

Service Management Processes Planning and implementing service management Plan service management Implement service management and provide the services Policy Management Plans Activities Monitoring, measuring and reviewing Continual improvement Management of improvements Planning and implementing new or changed services 35

Service Delivery Processes Service level management Service reporting Service continuity and availability management Budgeting and accounting for IT services Capacity management Information security management 36

Relationship Processes Business relationship management Supplier management 37

Resolution processes Incident management (Correction in ISO9001) Problem management (All kinds of preventive actions in ISO9001) 38

Control processes Configuration management Change management 39

Release process Release management process 40

Summary of ISO20000 ITSM ISO20000 is not ITIL Service Management Framework Service Delivery Service Management and Support Informally as a best practice: It can be used by all parties and in all sectors: Service Provider Service Acceptor 41

Summary of The Presentation Management Systems are best practices Common Sense Think simple Your way is the best way......until the best practices!!! You need to improve continually. 42

BSI British Standards Institution A Global Market Leader Leading global certification body with over 68,000 certified locations and clients in over 120 countries A leader in the assessment and certification of: Information Security ISO/IEC 27001 IT Service Management ISO/IEC 20000 Quality ISO 9001 Quality ISO 9001 - TickIT Business Continuity BS 25999 43

BSI British Standards Institution Services Information and guidance Customer events Training Second and third-party auditing and verification Registration and certification Continual assessment and strategic reviews Business improvement tools, performance benchmarking and software solutions 44

BSI British Standards Institution BSI Contact details Ridvan Yaldizkaya Sales & Marketing Manager [Ridvan.Yaldizkaya@bsigroup.com] Ozlem Unsal Country Manager [Ozlem.Unsal@bsigroup.com] Telephone: +90 (216) 445 90 38 45

Questions? 46

Thank you very much for your attendance... Understanding Management Systems Concepts Boğaç ÖZGEN Lead Auditor 47

References BSI ITSM webinar presentation PERA - TickIT Auditor Training Course WikiPedia http://www.swan.ac.uk/university/staffinformation/riskmanagement/whatisrisk Management/ http://www.itilpeople.com/glossary/glossary_i.htm http:// wordnet.princeton.edu/perl/webwn http://www.tickitplus.org http://www.bsi-global.com 48

Thank you... BSI Contact details Ridvan Yaldizkaya Sales & Marketing Manager [Ridvan.Yaldizkaya@bsigroup.com] Ozlem Unsal Country Manager [Ozlem.Unsal@bsigroup.com] Telephone: +90 (216) 445 90 38 Contact details Boğaç ÖZGEN [Bogac.Ozgen@GyroFalco.com] Telephone: +44 (79) 6843 6880 49

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information