Certification Acronyms and more!

COPC, Six Sigma, ISO,eSCM, CMM, BS, ITIL .......Great to see them on company websites but what do they actually mean?

I tried looking them up @ Wikipedia and this is what i got -

Six Sigma - Six Sigma is a business management strategy, originally developed by Motorola, that today enjoys wide-spread application in many sectors of industry.

Six Sigma seeks to identify and remove the causes of defects and errors in manufacturing and business processes. It uses a set of quality management methods, including statistical methods, and creates a special infrastructure of people within the organization ("Black Belts" etc.) who are experts in these methods. Each Six Sigma project carried out within an organization follows a defined sequence of steps and has quantified financial targets (cost reduction or profit increase).[

COPC - The COPC-2000 Performance Management System was created by COPC Inc. to provide a benchmark for buyers of call center services, marked by the COPC-2000 Family of Standards. COPC Certification provides defined processes, measured metrics, and outcomes to highlight qualified suppliers. To become certified, COPC Inc. offers suppliers consulting services, benchmarking services, training, and installation, a process designed to help companies continually measure customer contact center performance.

COPC Inc. offers two certification standards, the COPC-2000 CSP Standard and the COPC-2000 VMO Standard.

The COPC-2000 CSP Standard helps define industry performance for customer service providers (CSP), including transaction processing operations, e-commerce centers and call centers.

The COPC-2000 VMO Standard is closely aligned with the COPC-2000 CSP Standard. It helps define a list of requirements for vendor management organizations (VMO) to help them rate the performance of third party customer contact centers. The standard highlights performance in four categories: leadership and planning, key people processes, key business processes, and goals.

ISO - The International Organization for Standardization (Organisation internationale de normalisation), widely known as ISO (pronounced /ˈɑɪsəʊ/), is an international-standard-setting body composed of representatives from various national standards organizations. Founded on 23 February 1947, the organization promulgates world-wide proprietary industrial and commercial standards. It is headquartered in Geneva, Switzerland.

While ISO defines itself as a non-governmental organization, its ability to set standards that often become law, either through treaties or national standards, makes it more powerful than most non-governmental organizations. In practice, ISO acts as a consortium with strong links to governments

ISO 9001:2000

The ISO 9000 family addresses "quality management". This means what the organization does to fulfill:

- the customer's quality requirements, and
- applicable regulatory requirements, while aiming to
- enhance customer satisfaction, and
- achieve continual improvement of its performance in pursuit of these objectives.

ISO/IEC 27001

ISO/IEC 27001 part of a growing family of ISO/IEC standards, the 'ISO/IEC 27000 series' is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its full name is ISO/IEC 27001:2005 - Information technology -- Security techniques -- Information security management systems -- Requirements but it is commonly known as "ISO 27001".

It is intended to be used in conjunction with ISO/IEC 27002, the Code of Practice for Information Security Management, which lists security control objectives and recommends a range of specific security controls. Organizations that implement an ISMS in accordance with the best practice advice in ISO/IEC 27002 are likely simultaneously to meet the requirements of ISO/IEC 27001 but certification is entirely optional (unless mandated by the organization's stakeholders).

BS - British Standards are produced by BSI British Standards, a division of BSI Group that is incorporated under a Royal Charter and is formally designated as the National Standards Body (NSB) for the UK.

BS 7799 for information security, the source for ISO/IEC 27001, 27002 (former 17799), and 27005

BS 7799 was a standard originally published by the British Standards Institute (BSI) in 1995. It was written by the United Kingdom Government's Department of Trade and Industry (DTI), and after several revisions, was eventually adopted by ISO as ISO/IEC 17799, "Information Technology - Code of practice for information security management." in 2000. ISO/IEC 17799 was most recently revised in June 2005 and was renamed to ISO/IEC 27002 in July 2007.

A second part to BS7799 was first published by BSI in 1999, known as BS 7799 Part 2, titled "Information Security Management Systems - Specification with guidance for use." BS 7799-2 focused on how to implement an Information security management system (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became ISO/IEC 27001. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming quality assurance model), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005.

BS7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.

eSCM-SP - The eSourcing Capability Model for Service Providers (eSCM-SP) is a framework developed by ITSqc at Carnegie Mellon University. The eSCM-SP is a “best practices” capability model with three purposes: (1) to give service providers guidance that will help them improve their capability across the sourcing life-cycle, (2) to provide clients with an objective means of evaluating the capability of service providers, and (3) to offer service providers a standard to use when differentiating themselves from competitors.

CMM - The Capability Maturity Model (CMM) is a process capability maturity model which aids in the definition and understanding of an organization's processes.

The CMM was first described in a book Managing the Software Process by Watts Humphrey (pub. Addison Wesley Professional, Massachusetts, 1989), and hence was also known as "Humphrey's CMM". Watts Humphrey based it on the earlier work of Phil Crosby. Active development of this model by the SEI (US Dept. of Defense Software Engineering Institute) began in 1986. The SEI was at Carnegie Mellon University in Pittsburgh.

The CMM was originally intended as a tool for objectively assessing the ability of government contractors' processes to perform a contracted software project. Though it comes from the area of software development, it can be (and has been and still is being) applied as a generally applicable model to assist in understanding the process capability maturity of organizations in diverse areas. For example, software engineering, system engineering, project management, software maintenance, risk management, system acquisition, information technology (IT), personnel management. It has been used extensively for avionics software and government projects around the world.

The CMM has been superseded by a variant - the CMMI (Capability Maturity Model Integration). The old CMM was renamed to Software Engineering CMM (SE-CMM) and organizations accreditations based on SE-CMM expired on 31 December 2007.

Variants of maturity models derived from the CMM have emerged over the years, including, for example, Systems Security Engineering CMM SSE-CMM and the People Capability Maturity Model.

ITIL - The Information Technology Infrastructure Library (ITIL) is a set of concepts and techniques for managing information technology (IT) infrastructure, development, and operations.

ITIL is published in a series of books, each of which cover an IT management topic. The names ITIL and IT Infrastructure Library are registered trademarks of the United Kingdom's Office of Government Commerce (OGC). ITIL gives a detailed description of a number of important IT practices with comprehensive checklists, tasks and procedures that can be tailored to any IT organization.

Open to the forum for comments and additions!