Скачать презентацию Presentation Musala Soft Integrated Management System November 2012 Скачать презентацию Presentation Musala Soft Integrated Management System November 2012

09840702c88ab213150333933ce91cae.ppt

  • Количество слайдов: 27

Presentation Musala Soft Integrated Management System November 2012 Vera Boshova Page 1 of 11 Presentation Musala Soft Integrated Management System November 2012 Vera Boshova Page 1 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Musala Soft IMS- components Managemen t Systems Industry Presentation Musala Soft Integrated Management System Musala Soft IMS- components Managemen t Systems Industry process frameworks, rules and best practices Page 2 of 11 © 2012, Musala Soft Ltd. All rights reserved. • QMS • ISMS • EMS • CSR • Project Governance • Agile • Lean • CMMI • RUP

Presentation Musala Soft Integrated Management System Business objectives for integration Taking advantage of the Presentation Musala Soft Integrated Management System Business objectives for integration Taking advantage of the similarities between the standards and frameworks, integrating their quality, environmental and IS management systems. Common processes - Document control. - Record control. - Management review. - Competence, Training and Awareness. - Design and development control. - Operational controls. - Applicable legislation - Purchasing. - Corrective action. - Preventive action. - Internal audits. Continual Improvement – PDCA cycle is an iterative four-step management method used in business for the co ntrol and continuous improvement of processes and products. It is also k nown as the Deming circle/cycle/wheel Page 3 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Historical Data and evolution QMS CMMI ISMS EMS Presentation Musala Soft Integrated Management System Historical Data and evolution QMS CMMI ISMS EMS CSR Page 4 of 11 • ISO 9001 certified since 2004 • Focus: quality/customer • CMMI 2 – 2009, CMMI 3 – 2010 • Focus: software development and project management process • Integrated QMS • ISO 27001 certified since March 2012 • Focus: Information Security, Financed by OP Competiteveness • QMS transformed to IMS ( Integrated Management System) • ISO 14001 certified since July 2012 • Focus: Environment • ISO 26000 guidelines compliant • Focus: economy, society, environment © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Integration approach System engineering approach (business process based) Presentation Musala Soft Integrated Management System Integration approach System engineering approach (business process based) - process architecture is documented each organizational process is described individual processes and process steps are linked to specific business requirement, quality, security or environmental statements and other artifacts (‘how-to’ documents, measures etc), as appropriate - one coherent system is built which serves business needs does not tie the organisation to a particular standard. The standards are used to assist identify tasks and processes. starts by looking at the business as a whole and establishing its purpose, mission and core processes which achieve this mission. Objectives - Page 5 of 11 process is at the heart of all components each improvement project / program follows a similar change cycle © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System IMS organisation – process perspective Declarations General Policies Presentation Musala Soft Integrated Management System IMS organisation – process perspective Declarations General Policies and statements Roles and responsibilit ies Company regulations IMS Objectives Page 6 of 11 Software developmen t process Requireme nts Mngm Architectur e and Design Implement ation Testing Producy Support Project Governance Organisati on Practices Artefacts Project management Initiation Planning Execution and Control Resources management Human resources Technical Resources Risk manage ment Configurati on Manageme nt © 2012, Musala Soft Ltd. All rights reserved. IMS management Informatio n Security CSR and Environment al management Planning Policies and Procedur es Policies and procedure s Control Risk Manage ment Objectives and targets Improveme nt Legal Requirem ents Templates, coding standartds, library

Presentation Musala Soft Integrated Management System Technology used Electronic, Web based format Publicly available Presentation Musala Soft Integrated Management System Technology used Electronic, Web based format Publicly available to all employees for reading Modify access to IMS maintenance team and top mngmt Under configuration management ( SVN ) - Automated management of versions, changes, track changes Technology - EPF Composer is an open source tool for authoring develop ment method content and publishing processes (such as software development, systems engineering, enterprise architecture). It allows an organization to construct a process from the ground-up, customize an existing process framework, and integrate a family of processes. EPF Composer is a result of the Eclipse Process Framework (EPF) project. Page 7 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Page 8 of 11 Musala Soft Integrated Management System © 2012, Musala Soft Presentation Page 8 of 11 Musala Soft Integrated Management System © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Benefits Simplified systems resulting in less confusion, redundancy Presentation Musala Soft Integrated Management System Benefits Simplified systems resulting in less confusion, redundancy or conflicts in documentation. Optimized resources in maintaining a single system with a single goal vs. multiple systems with the same goals. Integrating quality, environmental and IS objectives into the overall business strategy. Establishing a common framework for continual improvement of the quality, environmental and IS systems, resulting in improved organization performance. The specific benefits your organization will see depend on you, the quality professional Page 9 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Challenges Flexible approach – to react to changes Presentation Musala Soft Integrated Management System Challenges Flexible approach – to react to changes in business situation, addopt new approaches, keep up to date with the industry - Lean, Agile - Open for new standards and MS ( ISO 20000 for ITIL) Improve Usability Implement optimisations in Process Control - Combined Internal audits - Combined training and awareness - Combined Page 10 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Q&A Page 11 of 11 © 2012, Musala Presentation Musala Soft Integrated Management System Q&A Page 11 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Information and ISO 27001 Information is a company Presentation Musala Soft Integrated Management System Information and ISO 27001 Information is a company most valuable asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected Information asset – any tangible or intangible form of information, having value for the organization Ø Printed or written on paper, board, etc Ø Stored electronically Ø Transmitted by mail or electronic means Ø Project systems, Company internal systems Ø Spoken in conversations Ø Exists in our brain ISO 27001 - internationally recognized structured methodology dedicated to information security Page 12 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Risk Analyzes and Risk Treatment: Risk approaches: • Presentation Musala Soft Integrated Management System Risk Analyzes and Risk Treatment: Risk approaches: • Reduction (optimize - mitigate) • Sharing (transfer - outsource or insure) • Retention (accept and budget) • Avoidance (eliminate, withdraw from or not become involved) Musala Soft assets with highest risk value: • Infrastructure servers and systems – email infrastructure, active directory, project systems • Infrastructure equipment - network • laptops • Personal data, accounting, contractual documents ( mainly paper ) Risk Treatment at Musala – risk mitigate approach • For Servers and virtual machines - Local replication from Datacenter • Laptops and remote connection - Optimization of VPN connectivity, SSL VPN • Network Infrastructure - Optimization to protect from failures and downtime • For paper documents - cabinets, safes or other storage with locking capability, Machines for destruction Page 13 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Information Classification • the most secret Musala Soft’s Presentation Musala Soft Integrated Management System Information Classification • the most secret Musala Soft’s information Confide • business plans, information related to business strategy, financial plans, etc ntial • the second highest level of Information Classifcation • know-how, IPR; information covered by NDA; project’s documentation and source Sensitive code, marketing and business development information; etc • information about an individual for which it is expected and required by the low will not be made available to the public Personal • social Security numbers, bank account information, healthcare records, educational records • used for company business and must not be disclosed outside Company • internal systems containg non-sensitive information such as MDS, Wiki, Forum, Private Site, organizational practices and procedures only Public Page 14 of 11 • not confidential and is intended for general use inside and outside of Musala Soft • company website, press statements, annual reports, etc. which have been approved for public use or distribution © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Policies and procedures Software usage • only legal Presentation Musala Soft Integrated Management System Policies and procedures Software usage • only legal and purchased by the company software. Clear Desk and Screen • Desk Rules • Screen Rules • Meeting rooms rules Access control • Physical access control • Logical access control - User Registration, access control changes, removal of users • Privilege management – based on AD Groups, administered by IIETF • Password Management Malicious Software • use of the Musala Soft standard malicious software • malicious software protection program shall be resident in memory at all times • set up to receive an automatic updates by the vendor and automatic notifications are supported by the system for all pending updates Page 15 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Policies and procedures Backup and Archiving • Information Presentation Musala Soft Integrated Management System Policies and procedures Backup and Archiving • Information back-up is one part of Business Continuity. All systems have some sort of backup facility • data backup and recovery systems – IBM Tivoli Storage Manager, Ms. Data Protection Server Recruitment and Selection process • Screening ( ID card) • Personal Information – HR files ( for candidates), and employee dossier ( for all employees) Employee exit process • Exit procedure • Leaving form - Clearance and Closure procedures are documented in Employee Leaving Form, where responsible confirm and sign that all the required procedures are completed Business continuity and disaster recovery Page 16 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System CSR Focus - sustainability Society Economy Page 17 Presentation Musala Soft Integrated Management System CSR Focus - sustainability Society Economy Page 17 of 11 © 2012, Musala Soft Ltd. All rights reserved. Environment

Presentation Musala Soft Integrated Management System ISO 14001 Each company creates an impact on Presentation Musala Soft Integrated Management System ISO 14001 Each company creates an impact on the environment ISO 14001 Certification requires companies to control its impact on the environment. ISO 14001 Certification make companies aware and responsible for the environmental impact resulting from their business that make companies responsible for a better environment and future. Page 18 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Code of Conduct Environmental Performance report Page 19 Presentation Musala Soft Integrated Management System Code of Conduct Environmental Performance report Page 19 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Significant environmental aspects, affected by Musala Soft business Presentation Musala Soft Integrated Management System Significant environmental aspects, affected by Musala Soft business operations Electricity • Use of natural resources Greenhouse gas emissions Page 20 of 11 Transportation • Use of natural resources Air pollution Paper • Forest and natural resource depletion © 2012, Musala Soft Ltd. All rights reserved. Batteries, tonners, old computers • Land contamination • Air pollution Plastic • Air Pollution • Land Contamination

Presentation Musala Soft Integrated Management System Energy consumption actions Virtualization - reduce power consumption, Presentation Musala Soft Integrated Management System Energy consumption actions Virtualization - reduce power consumption, noise and heat output, reducing hazardous waste Thin clients - migration from powerful workstations to a model of desktop virtualization, using "thin" clients External Data Center - move all servers to a specialized Data Center Switch off computers when reasonable Page 21 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Waste management and paper usage actions Waste separation Presentation Musala Soft Integrated Management System Waste management and paper usage actions Waste separation - eco-bins for PLASTIC, PAPER and storage rooms for paper/cardboard waste, tonners, batteries and obsolete equipment Waste recycling – use only licensed companies for waste disposal, authorized for recycling waste in a sustainable manner Economic use of paper – eco friendly printing rules: • Print double sided • Print More than One Page Per Sheet • Use Print Preview and Shrink to Fit • Only Print the Selection You Need • Print to PDF Instead of Paper Page 22 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Fuel consumption and emissions to air actions Observe Presentation Musala Soft Integrated Management System Fuel consumption and emissions to air actions Observe using tele- and video- conferencing instead of air travels where reasonable Use of public transport, instead of company car or taxies when possible Alternative ways for going to work – use bicycle, go walking when reasonable Page 23 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System ISO 26000 Launched in November 2010 not intended Presentation Musala Soft Integrated Management System ISO 26000 Launched in November 2010 not intended for certification purposes, provides guidelines for organizations to help them integrate social responsibility into their values and practices produced by ISO’s largest ever working group, comprising over 450 experts and 210 observers from 99 ISO members, and 42 international organizations Recommended by the European Commission to European enterprises to help them implement social responsibility In little more than a year, ISO 26000 has become one of the world’s most important and widely accepted initiatives on social responsibility. Huge potential for making the world a better place Page 24 of 11 © 2012, Musala Soft Ltd. All rights reserved.

Presentation Musala Soft Integrated Management System Sustainability and ISO 26000 7 principles Accountabil ity Presentation Musala Soft Integrated Management System Sustainability and ISO 26000 7 principles Accountabil ity respect for human rights. Transparen cy respect for internation al norms of behavior Ethical behavior respect for the rule of law Page 25 of 11 © 2012, Musala Soft Ltd. All rights reserved. respect for stakeholder interest

Presentation Musala Soft Integrated Management System 7 core subjects communi ty involvem ent Organizat Presentation Musala Soft Integrated Management System 7 core subjects communi ty involvem ent Organizat ional governan ce human rights consumer issues Labour practices fair operating practices Page 26 of 11 © 2012, Musala Soft Ltd. All rights reserved. environm ent

Presentation Musala Soft Integrated Management System Q&A Page 27 of 11 © 2012, Musala Presentation Musala Soft Integrated Management System Q&A Page 27 of 11 © 2012, Musala Soft Ltd. All rights reserved.