AQCLab presents the article "Assessing data cybersecurity using ISO/IEC 25012" in the special edition of Software Quality Journal regarding Quality Management for Information Systems. This article presents the data cybersecurity assessment model based on the ISO/IEC 25000 family of standards developed by the laboratory.
Due to the growing importance of data as the main driver of value in companies, data quality and, specifically, data security are of the utmost importance. Because of this, AQCLab has complemented its data quality evaluation model with the definition of a framework for the evaluation of cybersecurity specifically focused on data. In turn, this framework complements and aligns with other existing standards and models which focus on management systems and security infrastructures.
This evaluation framework establishes the basis for certification of data cybersecurity, which will reinforce other certifiable data and security-related standards such as ISO 27001 and ISO 8000.
InfoCamere, the IT company for the Italian Chambers of Commerce, has obtained the ISO/IEC 25000 - Data Quality certificate for their database Italian Business Register. InfoCamere has participated in the certification as the entity that manages the database and the service provided based on its information, AENOR as issuer of the certificate, and AQCLab as the evaluation laboratory, also providing support in the quality improvement in order to achieve the ISO/IEC 25000 certification.
Italian Business Registry is the public and official registry of companies in Italy, and contains information (incorporation, amendments, cessation of trading) for all companies with any legal status and within any sector of economic activity, managing information about more than 6 million of registered companies, more than 10 million of registered persons (entrepreneurs, shareholders, managers...) and more than 1 million of annual accounts.
This database contains all the main information relating to companies (name, statute, management, headquarters, etc.) and all the subsequent events that have occurred to them after registration (for example changes to the statute and to company officers, changes in registered address, liquidation, insolvency proceedings, etc.). As such, Italian Business Registry provides a complete picture of the legal position of each company and is a key archive for drawing up indicators of economic and business development in each area to which it belongs.
In this way, InfoCamere has become the first organization in Italy to obtain data quality certification based on ISO/IEC 25000.
The scientific director of AQCLab, Mario Piattini, participated in the ISO 25000 Round Table Tavola Rotonda ISO25000 - L’evoluzione dei modelli di qualità del prodotto/servizio, held at the Salesian Pontifical University in Rome on 30 October.
The talks focused on the evolution of the models defined in the ISO 25000 family of standards for the quality of software products, data and services, addressing related topics throughout various sessions:
Finally, a round table was held in which Mario Piattini participated together with representatives of public administration, academia and industry in Italy. This round table discussed projects, experiences and best practices on software and data quality.
The 12th International Conference on the Quality of Information and Communications Technology (QUATIC 2019) has taken place in Ciudad Real, Spain, on September 11-13, with the collaboration and participation of AQCLab.
QUATIC serves as a forum for disseminating advanced methods, techniques and tools for supporting quality approaches to ICT engineering and management. Participating practitioners and researchers have exchanged ideas and approaches on how to adopt a quality culture in ICT process and product improvement and to provide practical studies in varying contexts.
In the conference, the 25 selected papers on the following topics related to software quality and engineering were presented : Security and Privacy, Requirements Engineering, Business Processes, Evidence-based Software Engineering, Process Improvement and Assessment, Model-Driven Engineering and Software Maintenance, Data Science and Services, and Verification and Validation.
As part of the conference, the Industrial Day was celebrated on the 12th of september, with several talks on the quality of ICT by relevant speakers from the sector:
Moreover, AQCLab presented in the security and privacy track of the conference the article Assessing Data Cybersecurity Using ISO/IEC 25012, which details the framework that has been developed for the evaluation and certification of data cybersecurity, based on the international standard ISO/IEC 25012.
More information about QUATIC 2019 in the media:
AQCLab has collaborated with the Alarcos Research Group (J. David Patón-Romero and Mario Piattini) of the University of Castilla-La Mancha, the University of Bari (Maria Teresa Baldassarre) and the Unidad Central del Valle del Cauca (José Gabriel Pérez-Canencio, Mary Luz Ojeda-Solarte y Andrés Rey-Piedrahita) in the development of a case study on the application of ISO/IEC 33000 for the evaluation of maturity in the governance and management of Green IT. The case study, "Application of ISO/IEC 33000 to Green IT: A Case Study", has been published in the journal IEEE Access.
The idea of sustainability has emerged in the IT sector through the so-called Green IT practices. These practices are attracting many organizations that have realized the importance of this area and the benefits it generates socially, economically and environmentally. However, there is a lack of standards and/or frameworks to help organisations carry out these Green IT practices. For this reason, the authors of this paper have developed the "Governance and Management Framework for Green IT" and a maturity model based on ISO/IEC 33000 for this framework, which allows the implementation, evaluation and improvement of Green IT in organizations in a systematic and progressive way.
This study presents an empirical validation through a case study carried out with these proposals, emphasizing the application of the ISO/IEC 33000 family of standards to Green IT. The results obtained in this case study demonstrate the importance of having a maturity model for Green IT and the validity and usefulness of the application of ISO/IEC 33000 to Green IT through the maturity model developed.
+34 676 97 57 83
