point
The Smart Techie was renamed Siliconindia India Edition starting Feb 2012 to continue the nearly two decade track record of excellence of our US edition.

Multi-model implementations: Challenges and best practices

LN Mishra
Monday, October 1, 2007
LN Mishra
In today’s competitive scenario, various international standards and models such as CMMI, ISO 9001 and ISO 27001 not only provide a clear competitive advantage in the marketplace, they also help companies streamline their processes to achieve better quality and productivity. However, implementing multiple models can create significant challenges and confusion in the practicing community if it is not well thought out and not approached with the right set of tools.

Business needs for multiple models and standards
Organizations need to comply with multiple models and standards such as ISO 9001, CMMI, PCMM, ISO 27001/BS7799, ISO 20000/ITIL, etc. due to competitive, customer, and legal requirements, to ensure high quality and improve productivity by reuse, and to establish various business policies and procedures. Most companies manage this through multiple discrete management systems like QMS, ISMS, HR Processes, etc. Most systems are word or HTML based.

Key expectations from ISO 9001
ISO 9001 as an International Standard for Quality Management System (QMS) which expects a documented Quality Management System, management to show commitment through quality, policy, and objectives, besides adequate resources, proper processes for product realization, and a system to ensure measurement, analysis and improvement. ISO 9001 expects an Internal Audit mechanism to be in place. ISO 9001 has 6 mandatory processes and 19 mandatory records. Most medium sized companies will have 30 to 40 processes and 30 to 40 various kinds of data maintained.

Key expectations from ISO 27001
ISO 27001 as an International Standard for Information Security Management System (ISMS) which expects a documented ISMS, management to show commitment through security policy and provide adequate resources, proper processes for managing information security, and a system to ensure measurement, apart from analysis and improvement for information security. Similar to ISO 9001, ISO 27001 expects an Internal Audit mechanism to be in place. ISO 27001 has 5 mandatory processes. Most medium sized companies will have 15 to 20 IT processes, 15 to 20 information security related policies and 10 to 15 various kinds of data maintained.

Share on Twitter
Share on LinkedIn
Share on facebook