ISO 9001:2015 – Shifting Gears in the New Quality Management Standard

Moving from ISO 9001:2008 to ISO 9001:2015

ISO 9001 is a standard designed for organizations looking to optimize their operational excellence. It helps businesses and organizations to be more efficient and improve customer satisfaction. A new version of the standard, ISO 9001:2015, has just been launched, taking over the previous version.


ISO standards are reviewed every five years and revised if needed to ensure that it maintains its significance in today’s market place. This revision will also serve to bring ISO 9001 up to relevancy with regard to both challenges and opportunities that arise from changing technologies, globalization, and a reinforcement of a risk based approach, as well as structuring the standard to deal with future changes.

What are the Major Differences?

The new ISO 9001 standard aligns with high-level organizational structure, requiring all new ISO management system standards to be aligned on a high-level structure with a set of common requirements. Additionally, there is a greater emphasis on risk-based thinking as a basis for the management system, more focus on achieving value for the company and its customers, increased flexibility regarding use of documentation, and a more approachable structure for service businesses.

There are 10 clauses within the standard and here are the changes clause by clause:

Clause 1 is very similar to the 2008 version covering the scope of the standard and there has been very little change to this clause.

Clauses 2 and 3 cover normative references and term and definitions, both these clauses reference ISO 9000, Quality Management System – Fundamental and vocabulary which provides valuable guidance.

The remainder of the clauses includes some new key elements which need to be considered when implementing the new standard.

Clause 4: Context of the Organization

This is a new clause that in part addresses the depreciated concept of preventive action and in part establishes the context for the QMS.

Clause 5: Leadership

This clause places requirements on top management to demonstrate commitment to the QMS through taking accountability for the effectiveness of the QMS, establishing policies, objectives and promotion of continual improvement.

Clause 6: Planning

When planning the QMS, the organization will need to consider the external and internal issues along with needs and expectations of interested parties.

Clause 7: Support

The organization shall determine and provide the necessary resources to establish, implement, maintain and continually improve the QMS.

Clause 8:  Operation

This clause deals with the execution of the plans and processes that enables organization to meet their quality policy and quality objectives.

Clause 9:  Performance Evaluation

This clause sublimates all requirements for monitoring and measurement related to quality performance and effectiveness of their QMS.

Clause 10:  Improvement

The organization must determine the opportunities for improvement to continually improve the organization’s QMS.


Impact of the New Standard

ISO 9001:2015 is now taking off to replace ISO 9001:2008. Organizations who are already ISO 9001 certified should begin tracking their progress of the revision process and familiarize themselves with the various changes made. To maintain your certification to ISO 9001, you will need to upgrade your quality management system to the new edition of the standard and seek certification to it. You have a three-year transition period from the date of publication (September 2015) to move to the 2015 version. This means that, after the end of September 2018, a certificate to ISO 9001:2008 will no longer be valid.

According to the International Accreditation Forum (IAF), there are a number of recommended actions that organizations can take to successfully transition to the new requirements of ISO 9001:2015. These include:

  • Conduct a gap analysis

Identifying the gaps between current practices and the new requirements is the most effective way to evaluate the changes that are required in your current QMS.

  • Develop an implementation plan and timetable

A formal implementation plan and schedule will help your organization address the required changes within the anticipated three-year transition period.

  • Provide appropriate training for all parties

Ongoing education and training for all relevant personnel are critical to achieving the goals of your transition plan. More important, educated stakeholders are vital in ensuring ongoing compliance once the transition is complete.

  • Update existing QMS documentation

Clear and thorough documentation is essential to demonstrate compliance with the requirements of the revised standard and to help reduce the risk of nonconformities.

  • Involve your certification partner early in the process

An experienced certification body can provide invaluable assistance in the process of transitioning to the requirements of ISO 9001:2015. Its early involvement can help your organization save time and money.


In a nutshell, there are new areas that organization need contemplate in the implementation of the new standard, but it provides opportunity to review your current approach and modify it if necessary. This can help your business to grow, increase profitability and increase customer satisfaction. It is now a powerful business improvement tool for all sizes and types of organizations to help them remain irrepressible and achieve sustainable growth.


Confidence on the Cloud – A New Cloud Privacy Standard (ISO 27018)

The Cloud Today

The growing marketplace of cloud computing.

Cloud computing’s growth in use and popularity has been soaring at a great pace! According to Gartner (2013), the marketplace for cloud computing will grow ~20% to USD 131 billion in 2017 from USD 111 billion in 2012.

What’s more?

2016 will be a defining year for cloud as this cutting-edge technology will just get more sophisticated in the next few years.

The Cloud Landscape

Cloud computing started as an in-house infrastructure established by companies such as Microsoft, Google and Amazon to serve their individual business needs. This consists of a set of technologies and service models that focus on Internet-based use and delivery of IT applications, processing capability, storage and memory space.

But now it has evolved into a platform that most part of our daily life is dependent on. While public and private cloud offers one means to differentiate the infrastructure sharing options, SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) have come to define the extent and level of control held by the cloud service provider (CSP) vs. the cloud user.

According to National Institute of Standards and Technology (NIST), the “cloud” is composed of five essential characteristics.

  1. the on-demand self-service which implies that a customer can order service via the web or some other method at any point in time, to become immediately available for his or her use.
  2. the broad network access, in the sense that services are available over the network and are accessed through standard mechanisms (mobile phone, tablet, laptop, etc.).
  3. Other characteristics are the rapid elasticity of the cloud capabilities and the fact that it is a measured service – means additional capacity remains available and accessible on an ‘as needed’ basis and customers are automatically billed for their consumption.
  4. Last but not least, resource pool, meaning the provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.

The Confidence for Tomorrow – ISO 27018

The massive courses of data across cloud computing services are becoming ever more complex. Identifying and protecting personal data in those flows is becoming a daunting issue for many cloud service providers and cloud users. Given the substantial data protection risks, cloud computing measures need to be undertaken in order to mitigate their effect to the benefit of the cloud computing industry and its clients.

While there are several laws and regulations around it, a common benchmark or standard was lacking for some time. ISO 27018:2014 – Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors is the first set of international privacy controls launched.

Following and using the privacy controls foreseen in ISO 27018 offers greater assurance for service providers that they are doing the right thing and doing everything recommended to protect customers’ personal information. This mechanism also offers beneficial effect for both cloud providers and cloud users – if a consumer is buying cloud services, it can help them to identify the requirements for selecting a cloud provider and in defining contractual clauses and for cloud service provider, it can provide them with a unique selling proposition to potential clients because as more clients become familiar of the standard, the more that they will see it in their request proposal.

ISO 27018 has taken into account as a public policy from around the world as it integrates input from many regional regulators. A cloud service provider and it’s conformation to the standard makes the whole job of compliance to particular legislation in one country or region that much easier. The standard provides a common set of guidelines for the whole industry and adds needed protections to improve PII security and defiance in an increasingly cloud-based information environment.

ISO 27018 – Quick Overview

Key Elements of the Standard

ISO 27018 is a standard out forward by Internal Organization for Standardization (ISO) that seeks to create a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a data processor. In order to fulfill the standard, cloud service providers must understand the following key elements:

  1. Personally Identifiable Information (PII) instead of Personal Data

Scope of “personal data” is not only about the information that “can be used” or “linked” to a PII principal/ data subject, but “any information” relating to an identifiable natural person 

  1. Cloud Providers as Data Processors

In ISO/IEC 27018 the client is regarded as PII controller and the cloud service provider is the PII processor.

  1. Personal Data Protection Principles

The ISO/IEC 27018 contains a comprehensive set of controls regarding:

  • Information security policies
  • Organization of information security
  • Human resource security
  • Asset management
  • Asset control
  • Cryptography
  • Physical and environmental security
  • Operations and communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Compliance
  • Information security aspects of business continuity management.

As the PII processor enables the cloud service client to comply with its regulatory obligations (data protection), through this controls, PII processor conforms to its own obligations, either legal or contractual.

  1. Accountability and Certification

Elements of the principle of accountability are incorporated into the standard, in particular the data breach notification, privacy by design, audits and certifications. In general, the standard may be seen as an instrument that assists the PII processor to comply with the principle of accountability requirements. Key to the demonstration of compliance in the context of the principle of accountability is third party certification. The cloud service provider that implements the new standard may ask for a conformity assessment, in order to be certified for complying with the standard.

In order to comply with the standard, participating cloud service providers must provide transparency in the following practices:

  • only process personal data in accordance with the customer’s instructions;
  • only process personal data for marketing or advertising purposes with the customer’s express consent;
  • be transparent around the use of sub-processors (which will include providing the names of, and any possible locations where the data may be processed by, any sub-processors);
  • ensure that staff who have access to personal data enter into confidentiality agreements and receive appropriate staff training;
  • make required disclosures to law enforcement authorities and/or regulators only when legally bound to do so;
  • assist cloud customers to comply when individuals assert their access rights; and
  • help cloud customers comply with their notification obligations in the event of a data breach.

Top 10 Things to Know about Cloud Security and ISO 27018

Way Forward

The current landscape for cloud security standard is best characterized as immature but emerging. ISO 27018 provides a transparent guidance for cloud service providers to establish privacy protection and allows businesses to make careful decisions about the cloud. But even with the present guidelines that ISO 27018 provides, it can also serve as reference point for standards’ future improvement. As the first international standard dedicated for cloud privacy, it initiated CSPs interchange of ideas on providing the best practice on data privacy and security.  ISO 27018 is an important step to protecting PII in the cloud, it emerges from previous ISO guidelines and it will continue to evolve along with cloud service providers’ technology to provide more secure services for the growth and success of businesses.

ECC International is a leading process improvement solutions provider in Southeast Asia, focused on process consulting, automation solutions and learning outsourcing services. We help companies achieve performance excellence by assisting them implement management systems and international standards/best practices across multiple domains and industries.

Our partnerships with nest-in-class technology companies help drive sustained excellence for our customers. As a solutions provider with instructional design capability and subject matter expertise in niche areas, we help organizations implement learning strategies and design learning content for improved performance.

APEX Global (The Academy for Professional Excellence) is the learning solutions arm of ECCI – the leading process improvement solutions provider in Southeast Asia.

Our sole aim is to promote performance excellence among professionals. We help our customers achieve greater success through effective, experiential and result – oriented training delivery.

Empowered with a strong pool of expert trainers and facilitators having expertise in a niche array of domains and a strong regional presence, we provide an extensive portfolio of excellent industry specific and functional programs coupled with high quality training materials to provide best –in – class services for professionals around.

We are a market leader when it comes to Information Security and Risk Management solutions (in the form of training, consulting and GRC solutions- in SE Asia.

To learn more about cloud security, ISO 27018 guidelines and requirements, correlation with existing standards such as ISO 27001 and EU Data Protection Laws, join us at the Confidence on the Cloud- Data Security Best Practices based on ISO 27018 training program.




50 Sensor Applications for a Smarter World

50 Sensor Applications for a Smarter World

Smart Cities

  • 01 Smart Parking

    Monitoring of parking spaces availability in the city.

  • 02 Structural health

    Monitoring of vibrations and material conditions in buildings, bridges and historical monuments.

  • 03 Noise Urban Maps

    Sound monitoring in bar areas and centric zones in real time.

  • 04 Smartphone Detection

    Detect iPhone and Android devices and in general any device which works with WiFi or Bluetooth interfaces.

  • 05 Eletromagnetic Field Levels

    Measurement of the energy radiated by cell stations and and WiFi routers.

  • 06 Traffic Congestion

    Monitoring of vehicles and pedestrian levels to optimize driving and walking routes.

  • 07 Smart Lighting

    Intelligent and weather adaptive lighting in street lights.

  • 08 Waste Management

    Detection of rubbish levels in containers to optimize the trash collection routes.

  • 09 Smart Roads

    Intelligent Highways with warning messages and diversions according to climate conditions and unexpected events like accidents or traffic jams.

See Related Articles


Smart Environment

  • 10 Forest Fire Detection

    Monitoring of combustion gases and preemptive fire conditions to define alert zones.

  • 11 Air Pollution

    Control of CO2 emissions of factories, pollution emitted by cars and toxic gases generated in farms.

  • 12 Snow Level Monitoring

    Snow level measurement to know in real time the quality of ski tracks and allow security corps avalanche prevention.

  • 13 Landslide and Avalanche Prevention

    Monitoring of soil moisture, vibrations and earth density to detect dangerous patterns in land conditions.

  • 14 Earthquake Early Detection

    Distributed control in specific places of tremors.

See Related Articles


Smart Water

  • 15 Potable water monitoring

    Monitor the quality of tap water in cities.

  • 16 Chemical leakage detection in rivers

    Detect leakages and wastes of factories in rivers.

  • 17 Swimming pool remote measurement

    Control remotely the swimming pool conditions.

  • 18 Pollution levels in the sea

    Control realtime leakages and wastes in the sea.

  • 19 Water Leakages

    Detection of liquid presence outside tanks and pressure variations along pipes.

  • 20 River Floods

    Monitoring of water level variations in rivers, dams and reservoirs.

See Related Articles


Smart Metering

  • 21 Smart Grid

    Energy consumption monitoring and management.

  • 22 Tank level

    Monitoring of water, oil and gas levels in storage tanks and cisterns.

  • 23 Photovoltaic Installations

    Monitoring and optimization of performance in solar energy plants.

  • 24 Water Flow

    Measurement of water pressure in water transportation systems.

  • 25 Silos Stock Calculation

    Measurement of emptiness level and weight of the goods.

See Related Articles


Security & Emergencies
  • 26 Perimeter Access Control

    Access control to restricted areas and detection of people in non-authorized areas.

  • 27 Liquid Presence

    Liquid detection in data centers, warehouses and sensitive building grounds to prevent break downs and corrosion.

  • 28 Radiation Levels

    Distributed measurement of radiation levels in nuclear power stations surroundings to generate leakage alerts.

  • 29 Explosive and Hazardous Gases

    Detection of gas levels and leakages in industrial environments, surroundings of chemical factories and inside mines.

See Related Articles



  • 30 Supply Chain Control

    Monitoring of storage conditions along the supply chain and product tracking for traceability purposes.

  • 31 NFC Payment

    Payment processing based in location or activity duration for public transport, gyms, theme parks, etc.

  • 32 Intelligent Shopping Applications

    Getting advices in the point of sale according to customer habits, preferences, presence of allergic components for them or expiring dates.

  • 33 Smart Product Management

    Control of rotation of products in shelves and warehouses to automate restocking processes.

See Related Articles



  • 34 Quality of Shipment Conditions

    Monitoring of vibrations, strokes, container openings or cold chain maintenance for insurance purposes.

  • 35 Item Location

    Search of individual items in big surfaces like warehouses or harbours.

  • 36 Storage Incompatibility Detection

    Warning emission on containers storing inflammable goods closed to others containing explosive material.

  • 37 Fleet Tracking

    Control of routes followed for delicate goods like medical drugs, jewels or dangerous merchandises.

See Related Articles


Industrial Control

  • 38 M2M Applications

    Machine auto-diagnosis and assets control.

  • 39 Indoor Air Quality

    Monitoring of toxic gas and oxygen levels inside chemical plants to ensure workers and goods safety.

  • 40 Temperature Monitoring

    Control of temperature inside industrial and medical fridges with sensitive merchandise.

  • 41 Ozone Presence

    Monitoring of ozone levels during the drying meat process in food factories.

  • 42 Indoor Location

    Asset indoor location by using active (ZigBee) and passive tags (RFID/NFC).

  • 43 Vehicle Auto-diagnosis

    Information collection from CanBus to send real time alarms to emergencies or provide advice to drivers.

See Related Articles


Smart Agriculture

  • 44 Wine Quality Enhancing

    Monitoring soil moisture and trunk diameter in vineyards to control the amount of sugar in grapes and grapevine health.

  • 45 Green Houses

    Control micro-climate conditions to maximize the production of fruits and vegetables and its quality.

  • 46 Golf Courses

    Selective irrigation in dry zones to reduce the water resources required in the green.

  • 47 Meteorological Station Network

    Study of weather conditions in fields to forecast ice formation, rain, drought, snow or wind changes.

  • 48 Compost

    Control of humidity and temperature levels in alfalfa, hay, straw, etc. to prevent fungus and other microbial contaminants.

See Related Articles


Smart Animal Farming

  • 49 Hydroponics

    Control the exact conditions of plants grown in water to get the highest efficiency crops.

  • 50 Offspring Care

    Control of growing conditions of the offspring in animal farms to ensure its survival and health.

  • 51 Animal Tracking

    Location and identification of animals grazing in open pastures or location in big stables.

  • 52 Toxic Gas Levels

    Study of ventilation and air quality in farms and detection of harmful gases from excrements.

See Related Articles


Domotic & Home Automation

  • 53 Energy and Water Use

    Energy and water supply consumption monitoring to obtain advice on how to save cost and resources.

  • 54 Remote Control Appliances

    Switching on and off remotely appliances to avoid accidents and save energy.

  • 55 Intrusion Detection Systems

    Detection of windows and doors openings and violations to prevent intruders.

  • 56 Art and Goods Preservation

    Monitoring of conditions inside museums and art warehouses.

See Related Articles



  • 57 Fall Detection

    Assistance for elderly or disabled people living independent.

  • 58 Medical Fridges

    Control of conditions inside freezers storing vaccines, medicines and organic elements.

  • 59 Sportsmen Care

    Vital signs monitoring in high performance centers and fields.

  • 60 Patients Surveillance

    Monitoring of conditions of patients inside hospitals and in old people’s home.

  • 61 Ultraviolet Radiation

    Measurement of UV sun rays to warn people not to be exposed in certain hours.

See Related Articles





Maximize the synergies between ITIL and DevOps


This white paper describes the synergies between ITIL® best practices and DevOps (development  and operations) practices. ITIL focuses on the lifecycle of services, from inception to retirement, and provides best-practice guidance ®for IT service management (ITSM). The ITIL service lifecycle includes the development and operation of services. DevOps is a movement, inspired by lean methodology andagile development practices, which aims to achieve seamless workflow for product synchronization  between all possible organizational functions – especially development and operations groups. A DevOps  approach tries to reconcile the different priorities and processes of these groups, all for the purpose of  facilitating greater business agility and delivering more value to the end user. In some organizations, this  work is performed by virtual teams from different groups. ITIL describes rapid application development in the service design book as using agile software development.

Most IT organizations are struggling to remove silos that hamper their ability to work collaboratively.  Failure to collaborate interferes with the effective use of an organization’s capabilities and resources, leading to inflexibility and inefficiency in the delivery and support of services. When that happens, the reputation of IT can suffer. Most companies – also not-for-profit organizations – are entirely dependent  on the internet for their core businesses and the speed to innovation there is staggering. That means the  ability of a business to react to market dynamics is based to a large degree on the agility and flexibility  of their IT department.

Since so many organizations rely on ITIL as the foundation of their service management processes, understanding the synergies between ITIL and DevOps is essential to improving organizational performance and business outcomes. As many recent examples have shown, IT organizations that fail to confront and reconcile the widening gap between their development and operations teams stand to lose their footing in today’s competitive business environment.


To get a complete perspective of the depth of best practices that ITIL addresses, organizations should  understand the key frameworks and standards that apply to ITSM. These include, for example, the following: ITIL, ISO/IEC 20000, ISO/IEC 27001, CMMI®, COBIT®, PRINCE2®, PMBOK®, M_o_R®, eSCM-SP™, eTOM® and Six Sigma™. For best-practice guidance, DevOps processes can turn to ITIL as the foundation architecture, referencing other standards and frameworks as needed to solve particular
business issues.

These proven practices also can be combined with organizational-specific practices for competitive advantages and improvement of the practices themselves. ITIL, because it isa non-proprietary and non-prescriptive approach, helps with the construction of enterprise-specific frameworks. ITIL guidance enables you to modify your own processes and address the DevOps gaps based on IT service management best practices. (See Figure 1.)

ITIL describes the application management process in the service operation publication as having the following activities – requirements, design, build, deploy, operate and optimize (Figure 2). ITIL  is interested in the overall management of applications within the application management function. Alignment between development and operations of the applications needs to be accomplished. Applications development should be involved in all stages of the ITIL service lifecycle at various levels of engagement. The ITIL application management lifecycle does not replace any software development lifecycle but is meant to show collaboration between application management and operation management.

It is important to remember the ITIL service lifecycle stages are dynamic. This dynamic nature can be applied for decision support. For example, although you may be focused on one stage of the lifecycle in your job function, you may have to make decisions related to another stage – such as a developer working with the release and deployment process in service transition having to make service design decisions before building the release.The requirements stage is active during service design stage of the lifecycle. The design stage translates requirements into specifications for the application, environment and operational model. In the build stage the application is coded or acquired; and with the operational  model are made ready for deployment. Build and deploy are a part of the release and deployment process in the service transition stage of the lifecycle. Release includes build and test; deployment includes installation and training for the application. Early life support (ELS) helps with deployment to operation success. When the service or application is in operation value can be realized and the service can be monitored for continual improvement of optimization. The key performance indicators (KPIs) obtained including user satisfaction can direct further development improvements and provide a DevOps practice with factual information for development and operation coordination and collaboration.

DevOps uses agile and lean methodologies to improve or expedite solutions through development to operations stages for value realization. Agile methods depend on interactions and collaboration among people, processes and technology. The specific process areas of configuration management, change management and release and deployment are very important in an agile environment. Just as in ITIL,
the process integrations help foster agility. The success of agile methods (particularly when addressing the DevOps gap), while sometimes measured by the increased volume of deliveries, is best measured by customer satisfaction, given the continual delivery of needed solution and services.

Continual delivery of developed service solutions needs to be in synchronization with the ability of the consumer to absorb the benefit. Services that are delivered too slowly cannot meet the needs of the consumer and services delivered too fast cannot be utilized. Service solutions should also leverage the consumer’s service value chain and be continuously integrated to avoid the necessity for the creation of manual procedures where once automation existed.

A DevOps strategy that facilitates aforementioned continual delivery and continuous integration should leverage technology that has integrated and automated application-release capabilities. This technology  should provide the following major capabilities based on ITIL best practices:

  • a real-time, end-to-end, actionable view with comprehensive visibility of releases as they progress through their individual processes
  • control over environment configurations to eliminate inconsistencies, unauthorized changes and misconfigurations
  • integration of automation and human-oriented workflows 
  • diagnostics and root-cause analysis
  • seamless integration with change management to track changes during a release


This section reviews ITIL architecture and how it applies to DevOps. ITIL consists of five service lifecycle stages, and key processes described in five core publications (see Figures 3,4 and 5):

  • service strategy
  • service design
  • service transition
  • service operation
  • continual service improvement.

Continual service improvement is integral in all other lifecycle phases, each stage of the lifecycle is dynamic and supports the other stages. ITIL focuses on utilizing people, processes, products and partners for the effective, efficient, and economic delivery and support of services. Each publication focuses on particular process areas to support the decisions that must be made within that stage of the service lifecycle. The entire service lifecycle is relevant for DevOps because it focuses on service delivery and defining the overall service relationship between the customer and supplier.


  • Strategy management for IT services
  • Service portfolio management
  • Financial management for IT services
  • Demand management
  • Business relationship management


  • Design coordination
  • Service catalogue management
  • Service level management
  • Availability management
  • Capacity management
  •  IT service continuity management
  • Information security management
  • Supplier management


  • Transition planning and support
  •  Change management
  • Service asset and configuration management
  • Release and deployment management
  • Service validation and testing
  • Change evaluation
  • Knowledge management


  • Event management
  • Incident management
  • Request fulfillment
  • Problem management
  • Access management


  •  Seven-Step Improvement Process


The definition of service management is “a set of specialized organizational capabilities for providing value to customers in the form of services”. Services are supported by service assets which are organizational capabilities and resources. Suppliers and customers have service assets. The relationship between the customer and the supplier is defined how the service asset work in an exchange fashion to  deliver the service. For example, a customer has an asset such as a person that needs to use a supplier  IT infrastructure asset. Figure 6, illustrates that the practice of service management is simply to provide
service assets to customers and to eliminate any constraints in the use of the service for maximum performance to support business outcomes. DevOps, in this case, becomes an enabler for increasing the maturity of the service management practice within a supplier’s organization by removing constraints to service delivery performance and can be thought of as an organizational strategy for this purpose.

The service structures in the value network play a key role in service management and the stages of organizational development. IT service management is actually a value network within an organization and has patterns of collaborative exchanges. This exchange of information in an agile, collaborative manner between development and operations is in line with the spirit of DevOps.

The stages of organizational development are: network, direction, delegation, coordination and collaboration – and they are related to a management style. Network organizations, for example, often have no specific structure, specific governance or defined processes. Collaborative groups, at the other end of the spectrum, have service governance and many defined processes and are highly skilled in teamwork. DevOps functions best in a collaborative structure because of the increased responsiveness to changing customer needs.

All the stages of the ITIL service lifecycle must support the service strategy. Activities, resources and capabilities needed for DevOps must support the overall business strategy. For example, if you develop any application, a DevOps approach supports service performance and the way you go to market with the services that you deliver. This helps the organization run the business better by becoming more efficient and effective with usage of service resources focused on providing value to the end consumer.

This can also help the organization grow their business in the markets that they serve or new markets because of the cost savings from the efficiencies gained which can be reinvested into new services. The key DevOps concept that supports this is the improvement in the relationship between development and operations.1


ITIL positions the application management development function within operations as a function that works across the service lifecycle, collaborating with other functions throughout the process – which is very much in the spirit of DevOps. For example, in service design, this collaboration involves helping with build-or-buy decisions. If the decision is to build the solution, the service assets (including people) must work collaboratively as members of the service design team to coordinate efforts and produce a
service design plan (SDP) or service requirements plan. The SDP describes application-related outcomes and the business relevance as well as the underpinning activities and capabilities needed.

The SDP can become a critical document for decision support with DevOps activities because it basically describes the scope of the developed application. Not setting user application capability expectations can result in incidents related to non-features of the application resulting in reactive development efforts with little or no supplier value. These requests should be treated as requests to inspire strategic thinking on the overall value of request to customer and supplier, appropriate cost model for financial recovery, development strategy and many other concerns for overall value creation and realization. DevOps practices enforce working in a service oriented fashion instead of a misguided reactive siloed fashion, ITIL as a foundation can help with this focus.


Service transition enables a key capability needed within a DevOps environment: collaboration. The primary purpose of service transition is risk management and knowledge management. The specific process areas that enable service transition are transition planning and support, change management, knowledge management, asset and configuration management, change evaluation, service validation and testing. Service transition supports the service strategy organizational structure and development  phases. Also crucial to service transition is building the appropriate service to support business outcomes. Development should ensure that any application updates delivered will provide value to the  business customer and the service provider. (See the ITIL publications for more information about value creation and value realization.)

Application management works with the service transition release and deployment process areas to build, test and implement the new service and to be available for early life support (ELS), helping IT achieve expectations and reduce incidents related to the service. The overall planning and coordination  of services is accomplished through transition planning and support, configuration, change, release and
deployment management.

Service transition can be reactive or proactive. Reactive service transition can implement a change to prevent an immediate risk. Proactive service transition focuses more on trends and future business needs. Both are relevant in a DevOps environment. Understanding the relationship of service transition policies and processes to reactive and proactive behavior can enhance service agility and DevOps. Being proactive is helpful but usually not enough, since proactive behavior can still impact quality of service,  the service experience and service relationship. Sometimes IT organizations adopt a DevOps approach because they need to improve overall customer satisfaction. IT must also ensure that the organization is service focused to mitigate service risk. The next step in maturity for an organization that adopts a DevOps approach and ITIL is to focus on service alignment.

In the service transition stage, application management and operations management meet. Service transition best practices help enable agility and, therefore, help enable DevOps as a practice. The practice of DevOps supports the organizations overall practice of ITSM. Organizational maturity, especially as it relates to people roles and responsibilities in service transition is the organizational challenge that must be met for DevOps to become a reality for improved value.


A key principle in ITIL service operations is managing stability versus responsiveness. Operations want stability; development wants to be responsive to customer needs. Business and IT requirements are constantly changing, requiring agility in producing application functionality while at the same time  maintaining IT stability for application performance. ITIL’s service lifecycle approach helps organizations agree to desired changes, take advantage of the existing infrastructure and understand what it takes to
deliver the changes for value realization in operations.

Service operation process areas can provide valuable input into DevOps. When events, incidents, problems, requests and system access tickets are created, as well as the key performance indicators created, these processes can give direction to further continuous service improvement for DevOps. Integration of service operation and DevOps can help improve overall customer satisfaction and service usability. Service automation of these ITIL process areas coordinated with DevOps, especially event and incident management, will help improve overall service delivery performance.

IT organizations sometimes need to transform their services and applications quickly to meet customers’ needs or risk becoming optional and having more services outsourced. Adopting a DevOps approach and ITIL service operation best practices helps organizations be more responsive to business needs without affecting operational stability. While at the same time support the organizational service strategy.


Every approach can always be improved to increase overall performance and business value. DevOps methodology is intended, among other things, to apply the principles of continuous delivery and continuous integration to improve the performance of application development efforts. ITIL’s seven-step improvement process (Figure 7) can help facilitate this improvement. This process, and its relationship to DevOps, are described as follows:

  • Identify the strategy for improvement.
    • A DevOps approach should support a business outcome.
    • Strategy as well as tactical and operations goals need to be understood.
  • Define what you will measure.
    • Conduct a gap analysis for achieving DevOps integration with ITSM.
    • An example key measurement in DevOps could be the following: customer satisfaction and end-user performance as related to number, quality and frequency of releases.
    • Critical success factors (CSF) and key performance indicators (KPI) must be defined for DevOps.
  • Gather the data.
    • DevOps should focus on gathering data from service transition and service operation.
  • Process the data.
    • DevOps CSF and KPI data are processed and turned into information.
  • Analyze the data
    • Understand trends.
    • Transform information into knowledge for decision support to realize improvement
    • Understand user and supplier perspectives.
  • Present and use the data.
    • Understand the business improvements of implementing a DevOps approach
    • Create plan for improvement.
  • Implement improvements.
    • Implement lean and agile improvements.
    • Improve and correct the DevOps approach.

As an organization matures, its focus should be on business outcomes which are defined in the seven-step process. Adopting ITIL best practices will help organizations that are utilizing a DevOps approach become more service aligned with application releases.

The ultimate goal for application development is to take a business service management (BSM) approach. BSM simplifies and automates IT processes and prioritizes and orchestrates work according to business needs. Adopting a DevOps way of thinking helps achieve higher levels of BSM and provides greater service value.

ITIL’s balanced approach to focusing on people, processes, partners and products for efficiency and service effectiveness will help an organization create a holistic approach to DevOps. The people in the IT organization might need to change the way DevOps is adopted and provide improved maturity to the DevOps strategy. Process relationships between development and operations might need to be improved.  Partners should be considered in the overall value network. Products should support processes with improved capabilities for automation of the synergies between development and operations.

ITIL provides architecture for ITSM and includes guidance for organizational functions and roles, processes and activities within processes. ITIL also includes suggestions for technology capabilities that support processes and organizational roles. DevOps should leverage these ITIL capabilities for organizational coordination, collaboration and decision support.


Service handovers should be collaborative and more iterative in order to quickly respond to customers. IT’s efforts should be continual to support the end user’s consumption of IT in the manner that meets the end user’s expectations and provides the greatest value to the business. An environment lacking collaboration has few or no formal processes (as discussed earlier in “Service strategy” and illustrated in
(Figure 8). Collaboration between development and operations must exist for this to work (see Figure 9).

In most organizations, the development and operations handoff is defined in some way, but support for an ongoing, agile, two-way relationship is not defined. Failure to improve these processes can result in  incidents and problems with deployments because of product changes. The concept of early life support,  as defined by ITIL, helps bridge the capability gap between the supporting relationships of development  and operations to achieve consumer value realization. Agile methods define an ongoing collaborative relationship at the earlier stage of the handover for a quick fix or turnaround of a consumer service for value or, in ITIL terms, for overall service utility. DevOps with ITIL best practices supports agile development and consumer value.


Both ITIL and a DevOps approach are intended to support the delivery of quality services to consumers. A DevOps approach should not be implemented without reference to ITIL best practices and maturity improvements should be coordinated and collaborative to realize value. Organizations need to understand that services are defined relationships between the customer and the supplier of the service. A mature DevOps and ITIL approach helps improve the relationship between IT and its customers. Each discipline working together helps with continual service improvement and organizational performance.

DevOps and infrastructure as code (IaC) can be supported with the asset and configuration management process in the service transition lifecycle phase. Tools such as the configuration management database (CMDB), which maps the IT infrastructure, can help influence and support DevOps application designs. The infrastructure architecture knowledge can help with DevOps decisions related to designing and implementing the most efficient, agile and effective DevOps-style release processes. This knowledge can
support infrastructure as a service (IaaS) cloud development and deployment of DevOps capabilities as a service (SaaS) solution.

Service design processes should be coordinated with DevOps-oriented release management processes. This effort includes design coordination, change management, release and deployment and service  validation and testing (SVT). It also includes service design and transition policies, such as the creation of service design packages (SDP) and early life support (ELS). This coordination and collaboration during service transition helps ensure value realization and an enhanced user experience and engagement for
developed products or services.

Service operation processes help ensure overall support for developed solutions. Since ITIL is dynamic in its relationship with other service lifecycle stages, feedback to service transition will occur — including feedback to DevOps for continual service improvement.


ITIL and other best practices can help you increase the value of your DevOps initiatives and avoid DevOps becoming siloed within your organization. Lean methodology, foundation to DevOps and agile  development, says that increasing the delivery volume of application updates to your users is not  enough. Users don’t want just a lot of updates; they want updates that are responsive to their needs and  increase the value of the production application or service. Application updates should enhance the user experience, increase service utility and add value to the service provider. Organizations are adopting  DevOps to improve the delivery and the delivered value of application solutions to the end consumer  while lowering the organizational stresses involved in that delivery or a reduction in the IT friction.

ITIL establishes the best practices for IT service management that have been adopted by organizations all over the world to help improve performance focused on needed service outcomes. The combination  of the two disciplines will help you improve your service relationships and service outcomes as well as  help you provide agile service delivery.

For more information about ITIL, visit For more information about  DevOps, visit


About the Author

Anthony Orr is director in the Office of the CTO and a member of the Thought Leadership Council at BMC Software. Anthony has worked for BMC for more than 15 years in various managerial, consulting, marketing and technical positions. He is an author of the ITIL v3 2011 publication update, ITIL MALC exam book and a senior examiner with responsibilities for the ITIL v3 certification examinations. Anthony is currently a board member of itSMF Houston Local Interest Group (LIG). He participates regularly as a speaker and expert panel member for itSMF events globally. Anthony has more than 30  years of IT experience and has held various roles in other companies prior to joining BMC including roles in development and operations. In his roles, he has been responsible for strategy, architecture, implementation and management of numerous service management disciplines and processes. Anthony is a frequent speaker on best practices at industry events and BMC customer forums. He has authored numerous white papers, pamphlets, podcasts, videos and blog posts on service management topics.

About BMC

BMC helps leading companies around the world put technology at the forefront of meaningful business change, improving the delivery and consumption of digital services. From mainframe to cloud to mobile,  BMC delivers innovative IT management solutions that have enabled more than 20,000 customers  to leverage complex technology into extraordinary business performance—increasing their agility and  exceeding their expectations.

Today, flawless interconnected digital experiences will define business relevancy and success. BMC is  committed to helping companies explore and profit from the New IT, a vanguard operating model that responds to complex business and customer needs with digital transformation, combining traditional technology with groundbreaking capabilities.


AXELOS are a joint venture company, created by the Cabinet Office on behalf of Her Majesty’s Government in the United Kingdom and Capita plc to run the global best practice portfolio, including the ITIL and PRINCE2® professional standards.

The goals of AXELOS are many and varied, each one aimed at helping businesses and individuals reachsuccess, empowering them to truly stand out in a competitive market.

  • We continually promote and advocate quality training.
  • We strive to encourage growth, development and progress.
  • We always look for innovative new solutions to improve best practice standards and processes across the board.

The result is improved skills that are relevant to the industry as a whole, and enhanced employability for all, benefiting the global economy. The benefit to you and your business in particular: better trained employees, streamlined operations, and the peace of mind of knowing that you are working with an industry-leading organization, which provides products and services with a long-standing reputation for setting the industry benchmark.


Our White Paper series should not be taken as constituting advice of any sort and no liability is accepted for any loss resulting from use of or reliance on its content. While every effort is made to ensure the accuracy and reliability of the information, AXELOS cannot accept responsibility for errors, omissions or inaccuracies. Content, diagrams, logos, and jackets are correct at time of going to press but may be subject to change without notice.



Orr, A. (2014, August 14). Maximize the synergies between ITIL® and DevOps. Retrieved November 3, 2014, from

PH greenhouse emissions growing

Philippine Daily Inquirer
3:31 PM | Friday, April 11th, 2014

MANILA, Philippines—The contribution of the Philippines to global warming is only a drop in the bucket of the world’s total greenhouse gas (GHG) emissions, but that drop may get bigger in the future.

“Though it currently contributes less than 0.35 percent of global GHG emissions, its share will spike due to economic and population growth coupled with rapid urbanization,” the World Wide Fund for Nature (WWF)-Philippines said on Friday.

WWF-Philippines Project Manager Philline Donggay said this is why it is important for developing nations like the Philippines to begin serious steps toward climate mitigation and adoption of renewable energy to sustain its needs.

“Climate change mitigation reducing country emissions is critical because Asian economies are in full swing,” Donggay said in a news release.

Asia is the world’s fastest growing economic region and the largest continental economy by gross domestic product. Globally, six in ten people live in Asia, according to WWF-Philippines.

In the same release, WWF-Philippines announced its Building Momentum for Low Carbon Development project, which presents plans to synergize national development objectives with climate change mitigation strategies.

The project presents a path for the Philippines to transition from a fossil-fuel dependent economy to one that uses 100 percent renewable energy (RE) by 2050, the environmental organization said.

WWF-Philippines recommended increasing investments in both RE and energy efficiency (EE), while eliminating the country’s dependence on imported fossil fuels like coal and oil.

The Philippines is a fossil fuel-poor country and is vulnerable to the volatility of international fossil fuel prices, it noted.

“We have one of the highest power rates in Asia, mostly because of inefficiencies in the power sector and our reliance on imported fossil fuels,” WWF-Philippines Climate and Energy Programme Head Angela Ibay said.

“With coal and oil prices rising from increased demand, we will pay even more in the coming years – unless we invest in indigenous Renewable Energy now,” she added.

WWF-Philippines said Earth has already heated up by about 1 degree Celsius in the last two centuries, with an expected jump of 0.8 degree from atmospheric heat stored by the oceans.

“Beyond 4 degrees, up to 30 percent of all known plant and animal species will die — and intense storms, droughts and other climate effects will become nearly unmanageable for less-developed nations,” it said.

Today, the three largest emitters of greenhouse gases are energy generation, transportation and agriculture, WWF-Philippines said.

Read more:
Follow us: @inquirerdotnet on Twitter | inquirerdotnet on Facebook

APEX Global runs 1st Joint Knowledge Forum with SHRM on The Future of Learning & HR


APEX Global, the learning solutions arm of ECC International has recently partnered with SHRM (Society of Human Resource Management) from USA to bring professional development solutions for HR practitioners in the Philippines. Together with SHRM, APEX Global jointly run the 1st Knowledge Forum focused on whats in store for global corporations – both big and small and how HR will play a crucial role in shaping this future.

This forum was held at the Mandarin Oriental, in Makati City this 10th April 2014, and was well attended by senior HR executives from banking, financial services, manufacturing, Outsourcing / BPO, government agencies and IT companies. The group had several meaningful exchanges and a lively discussion in the field they get to oversee – HR & Learning.

Some of the key highlights / strategies for the future shared from the presentation included

1. Grow from Within – Need for organisations to focus internally for future leaders rather than outside

2. Business Partner Approach – Shifting towards the setup of ‘HR business partner’ model rather than viewing HR as a support department

3. (Re)Building Employer Brand – Creating new strategies to retain performers and reduce recruitment related costs

Keeping the extensive interest among the participants, SHRM’s professional certification programs will be launched in the Philippines starting May 2014.
          HRMP (HR Management Professional) – May 26-28 2014

For more information about the courses, pre-requisites and the value of the professional certification, please email us at to contact you with details.

Continue reading →

APEX Global partners with ICOR for Organizational Resilience Courses

“The world is becoming turbulent faster than organizations are becoming resilient.”
Gary Hamel, Harvard Business Review

Today, leaders in the field of organizational resilience are seeking a broader holistic spread of services and demand a far-reaching perspective that is representative of what is actually required in day-to-day operations.  Dedicated professionals are aggressively seeking an environment where skills and abilities are recognized and encouraged.

Professionals that are interested in working and contributing in the field of organizational resilience are faced with the challenge of non-responsive service providers that continue to have an extremely narrow focus of business continuity.  This narrow focus does not address the evolving needs of business, government, non-governmental agencies, and society to improve their resiliency and viability.

ECCI and APEX Global believe that Performance excellence can only be achieved with the ability to strategically plan for the future, recover from unexpected failures and capacity to build resilience amidst constantly changing times. The International Consortium for Organizational Resilience (ICOR) is APEX Global’s new partner in delivering cutting edge training programs. With the mission to empower professionals through competency building,  APEX Global signed a partnership agreement to provide its clients with more services for competency-building.

The International Consortium for Organizational Resilience (ICOR) is an international non-profit education and credentialing organization that provides thought-leadership, professional development, and certification-enabling, comprehensive, proven strategies for embedding the culture and systems of resilience within the 21st-Century organization.

ICOR’s goal is to address these issues, continuously monitor the global marketplace so as to be proactive to the changes that evolve and, when necessary, react quickly to unexpected changes. APEX Global is now bringing this solution to its regional presence in the Philippines, Vietnam and Cambodia.

ICOR’s courses classified according to the following specialty areas  are ANSI (American National Standards Institute) accredited:
•    Business Continuity Management
•    Crisis Management & Communication
•    Emergency Management
•    Facility Management
•    Legal, Audit & Compliance
•    Organizational Resilience
•    Risk Management & Insurance
•    Supply Chain Risk Management
•    Technology Infrastructure

As an initial offering, APEX Global is launching BCM Lead Auditor Course based on ISO 22301 and Crisis Management & Communications Professional in partnership with ICOR. These courses will teach useful strategies and techniques for analyzing situations and making difficult decisions with limited time, information, and resources while managing a crisis event and leading teams.

For more information on the programs, visit, email or call 632 403 8668.