Professional Documents
Culture Documents
2017 Whittington&AssociatesNewsletter
Home
Training
Consulting
Auditing
Standards
Newsletter
Resources
About
Contact Us
Searchthissite...
Sign up for our monthly email newsletter to get the latest guidance on ISO 9001, AS9100,
ISO 13485, ISO/TS 16949, TL 9000, ISO 14001, ISO 27001, ISO 20000, and related ISO standards,
as well as, Six Sigma.
If you have any questions about the articles appearing in this issue, or you want to suggest topics
for future issues, please let us know.
Top Management is defined in ISO 9000:2015, 3.1.1, as the person or group of people who directs
and controls an organization at the highest level (within the scope of the quality management
system). Top Management has the power to delegate authority and provide resources within the
organization.
5. Leadership
5.1 Leadership and Commitment
5.2 Policy
5.3 Organizational Roles, Responsibilities, and Authorities
This article summarizes the ISO 9001:2015 requirements in Clause 5 and highlights the changes
from ISO 9001:2008.
Top management must demonstrate leadership and commitment with respect to the quality
management system:
https://www.whittingtonassociates.com/newsletter/ 1/8
24.02.2017 Whittington&AssociatesNewsletter
Note: Reference to business in ISO 9001 can be interpreted broadly to mean those activities
that are core to the purposes of the organizations existence; whether the organization is public,
private, for profit, or not for profit.
Changes:
Top management must demonstrate leadership and commitment with respect to customer focus:
Changes:
5.2 Policy
5.2.1 Establishing the Quality Policy
Top management must establish, implement, and maintain a quality policy that:
a) is appropriate to purpose and context of the organization and supports its strategic direction;
b) provides a framework for setting quality objectives;
c) includes a commitment to satisfy applicable requirements;
d) includes a commitment to continually improve the system.
https://www.whittingtonassociates.com/newsletter/ 2/8
24.02.2017 Whittington&AssociatesNewsletter
Changes:
Top management must ensure that the responsibilities and authorities for relevant roles are
assigned, communicated, and understood within the organization.
Changes:
The Management Representative role can be retained or the prior duties can be spread among
top management.
TheISO 9001:2015 Requirements and Transition Guidancecourse can taught at your location by
contacting Larry Whittington at larry@whittingtonassociates.com or 770-862-1766.
RASCI Diagram
Feb 1, 2017 in Newsletter | Comments Off on RASCI Diagram
The RASCI Diagram can be used to clarify the roles and responsibilities for cross functional
processes. It helps determine who is Responsible, Accountable, Supporting, Consulted, and
Informed.
The RASCI Diagram splits activities into five types of roles that make up the acronym RASCI:
https://www.whittingtonassociates.com/newsletter/ 3/8
24.02.2017 Whittington&AssociatesNewsletter
TheAccountableperson is answerable for the correct and thorough completion of the activity.
Each activity can have only one person with ultimate accountability and authority. Therefore, only
one A is listed for each activity in the diagram. The A is assigned to the lowest level of
accountability and is implied at the higher levels. Accountability cannot be delegated. The A
approves the work that R provides.
The opinion and advice of theConsultedperson(s) is sought before a final decision or action is
taken before and during the activity. Two-way communication is involved.
The RASCI Diagram identifies activities within a process as the rows of a table. The columns
identify the involved individuals. Each row identifies one A and one or more of R, S, C, and I.
The RASCI Diagram is especially useful when everyone thinks they are responsible and
accountable, resulting in duplicate effort and in-fighting. And, its use is also helpful in the reverse
situation when no one seems to be responsible and some activities are not owned.
In some cases, people may think they need to be consulted, when they just need to be told after
the fact, i.e., kept informed. Or, some people really do need to be consulted, and are not. Without
clear roles, there will be poor communication and unsatisfactory results.
ISO 27004:2016 provides guidelines to assist organizations in evaluating the information security
performance and the effectiveness of an information security management system to meet the
requirements of ISO 27001:2013, clause 9.1.
It establishes:
https://www.whittingtonassociates.com/newsletter/ 4/8
24.02.2017 Whittington&AssociatesNewsletter
The 58 page ISO 27004:2016 standard can be purchased at this ISO web page for about $180.
1 Scope
2. Normative references
3. Terms and definitions
Please view our 1.5 dayISO 27001:2013 Requirementscourse description atthis web page.
ISO 27011:2016, Information technology Security techniques Code of practice for Information
security controls based on ISO 27002 for telecommunications organizations, is available.
The revised standard defines guidelines for supporting the implementation of information
security controls in telecommunications organizations.
The 31 page ISO 27011:2016 standard can be purchased at this ISO web page for about $140.
1 Scope
2. Normative references
3. Terms and definitions
4. Overview
5. Information security practices
6. Organization of information security
7. Human resource security
8. Asset management
9. Access control
10. Cryptography
11. Physical and environmental security
12. Operations security
13. Communications security
14. System acquisition, development, and maintenance
https://www.whittingtonassociates.com/newsletter/ 5/8
24.02.2017 Whittington&AssociatesNewsletter
Please view our 1.5 day ISO 27001:2013 Requirements course description at this web page.
A Forbes blog says the trends analysis report by the Society for Information Management (SIM)
has identified the CIOs top three concerns for 2017 as being business alignment, security, and
skills shortages.
The SIM 2017 report reflects the continuing evolution of business trends being information
technology trends. Moreover, IT has increasingly become a priority for most businesses. SIM
notes that IT budgets increased in 2016 by an average of 4.15%, short of last years increase of
4.6%, but positive nevertheless.
The report also notes that IT professionals salaries have risen by 3.5%, and IT staff hiring has
also increased. The shift of budgets to cloud computing from hardware and software continues,
and are likely to increase again in the year ahead.
Business Alignment
This has been the top priority for four years running. It was listed as the top priority for IT leaders
among 41.7% of those executives polled.
Security
36% of IT leaders noted security as their top concern. Just four years ago, security was listed as
the ninth area of concern. Higher profile security breaches and increased emphasis on the topic
by the executive teams and boards of companies will mean that this concern is likely to remain
high for IT executives.
IT Skill Shortages
24% of IT leaders indicated that skills shortages were the top concern. The concern center
around technical skills like analytics, software development, cybersecurity and cloud-centric skill,
but increasingly, there is concern regarding the paucity of soft skills.
IT leaders are increasingly taking on more strategic responsibilities. This is aided by the fact that
46.3% of CIOs now report to the CEO according to the SIM report. This is compared to 28.6% who
report to CFOs and 16.8% who report to COOs. CIOs now meet with various members of the C-
suite on a weekly basis. This represents great progress for the function.
SIM concludes that other than the CEO, the CIO has the most complex, broad, and diverse set of
responsibilities. This is demonstrated by the need to think to the future in aiding the strategies of
every division of the company.
CIOs must also help drive the innovation agenda for the company while also focusing on risk
mitigation associated with security investments. The simultaneous focus on risk taking (a
https://www.whittingtonassociates.com/newsletter/ 6/8
24.02.2017 Whittington&AssociatesNewsletter
necessity with innovation activities) and risk mitigation is but one demonstration of the
complexity of the role.
The SIM report is a free download for SIM members. Otherwise, the price is $995.
The new AS9120B:2016 standard replaces the AS9120A:2009 standard. Organizations certified to
AS9120A:2009 must transition to AS9120B:2016 by September 2018, the date that AS9120A:2009
will be withdrawn.
Our new 2.5 day AS9120B Requirements and Transition Guidance course explains the
underlying requirements based on ISO 9001:2015 and the additional requirements unique to
AS9120B.
To help with the transition, the course highlights all the requirement changes from those in the
ISO 9001:2008 andAS9120A:2009 standards. The course also includes transition guidance.
Larry Whittington has developed ISO 9001:2015 and ISO 14001:2015 checklists for the purpose of
conducting a gap analysis of your current system against the new and changed requirement of
the new standards.
The 27 page ISO 9001:2015 Gap Analysis Checklist contains 313 questions for organizations new
to ISO 9001, and 119 delta questions for ISO 9001:2008 certified organizations.
To read a description of the ISO 9001:2015 Gap Analysis Checklist, and see a sample page, go to
this web page. You can buy the checklist for $95.
The 17 page ISO 14001:2015 Gap Analysis Checklist contains 213 questions for organizations new
to ISO 14001, and 96 delta questions for ISO 14001:2004 certified organizations.
To read a description of the ISO 14001:2015 Gap Analysis Checklist, and see a sample page, go to
this web page. You can buy the checklist for $95.
Payment
When you click the Buy Now button at the checklist description, you will be taken to PayPal. You
do not need a PayPal account to make a credit card purchase. After payment, you will be directed
to a checklist download page. The file is supplied in Word format for ease of editing.
Latest Newsletter
Sign up for our monthly email newsletter to get the latest guidance on ISO 9001, AS9100,
ISO 13485, ISO/TS 16949, TL 9000, ISO 14001, ISO 27001, ISO 20000, and related ISO standards,
as well as, Six Sigma.
Whittington & Associates provides training, consulting, and auditing services for management
systems based on ISO 9001, ISO 14001, ISO 45001, AS9100, AS9110, AS9120, IATF 16949, ISO
27001, ISO 13485, and ISO 20000-1.
Copyright 2000 - 2017 Whittington & Associates, LLC. All Rights Reserved.
P.O. Box 1905, Windermere, FL 34786 | 770-862-1766 Frogtown Web Design
https://www.whittingtonassociates.com/newsletter/ 8/8