• ISO 9000 Compliance and Cloud Federation Standards Development


ISO 9000 Compliance and Cloud Federation Standards Development


Dr. Norma Antunano, Consulting Firm, Universities, Austin, TX, USA


Information Systems, E-Audits, Digital Processes, Business Processes, Compliance, ISO Standards





As organizations expand their digital footprint, the business continuity vulnerabilities increase and therefore customers’ experience suffers. While digitalization enables speed of change, it brings new risks as dependencies on digital grids and on the supporting communication networks increase. Enterprise organizations are concerned with the pace new technologies have been deployed in the 10 to 20 years. The risks related to information supporting continuity of operations and protection of digital assets become uncertain as the architecture, ecosystems, outstanding policies, and contextual conditions may not be sufficiently understood. Cyber-criminal activities have been penetrating even organizations under regulated environments. These experiences are driving an increasing number of security related profiles the organizations need to manage. About 10 new security categories are being create every year (2017 Thales research), and it is not fiction that computer systems at massive scale are being breached in practically no time. Between 2013 and 2017 it is estimated that more than 9.7 billion of data records have been stolen, and 57 records are stolen every second [1]. Finding and understanding the vulnerabilities have been challenging reason why governments, enterprises, and communities are increasing attention to such concerns. According to Kutscher [2], in 2017 it took an average 57.5 days to discover a breach while in 2016 it took 80 days. Although the response time to identify the breaches in 2017 improved with respect 2016, addressing newer and more sophisticated profiles of threads was more challenging. Cybercrime activities have demonstrated innovation and agility in accessing proprietary information even at enterprises expected to hold robust business support and protection systems; recent research concurs that such activities are now targeting business continuity interruptions.

An updated on the progress the National Institute of Technology (NIST) and the Institute of Electronic Engineers (IEEE) are making on defining Cloud federation standards considering variety of deployment models organizations can have, including the option of distributed auditing services will be shared through this presentation. Leveraging relevant capabilities resulting from ongoing technology advancements, and from the progress made by diverse enterprises working through NIST and IEEE (on the Cloud Federation standards development) can assist on assessing the risks of the organization’s systems and processes, and therefore the level of compliance to ISO 9000 standards. A health care management case example is used to illustrate how to leverage the available capabilities.