ISO – International Organization for Standardization

The International Organization for Standardization (ISO) is an organization for the creation of international standards made up of various organizations national standardization.

ISO 31000 points to a family of risk management standards in standards codified by the International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and guidelines for risk management and the process implemented at the strategic and operational level.

ISO/IEC 27001 is an Information technology – Information security management systems – Requirements, approved and published as an international standard in October 2005 by the International Organization for Standardization and the International Electrotechnical Commission.

Specifies the requirements for establishing, implementing, maintaining, and improving an information security management system.

ISO 9001:2008, developed by the International Organization for Standardization (ISO), determines the requirements for a Quality Management System, which can be used for internal application by organizations, regardless of whether the product or service provides a public organization or private company, whatever their size, for certification or for contractual and current purposes.

ISO 22301 Business Continuity Management specifies the requirements for a management system charged with protecting your company from incidents that cause an outage, reducing the likelihood of them occurring, and ensuring recovery of your company.

ISO/IEC 38500:2008 was published in June 2008, based on The Australian standard AS8015:2005. It's the first in a series about IT governance.

It aims to provide a framework of principles for organization management to use when evaluating, directing, and monitoring the use of information technologies (IT's).

It is aligned with the principles of corporate governance set out in the "Cadbury Report" and the "OECD Principles of Corporate Governance"

COBIT (Control Objectives for Information and related Technology)

It is the generally accepted standard that provides good practices for IT management and control.

The COBIT framework has a threefold approach:

  • Management-focused: Since it provides Management with a best practice base with which IT and investment decisions can be made.
  • Focused on IT users: Due to the security it provides them for the control of objectives and processes
  • Auditor-focused: Because it identifies IT control issues within the company's IT infrastructure.

COBIT consists of five domains, each of which are organized into processes (37 in total) that in turn are sub-divided into control activities and objectives

The processes of these COBIT domains are implemented within the policies and specifications of business requirements, determined by the information criteria, which establish the performance levels.

ITIL (Information Technology and Infraestructure Library)

It is the most widely known standard for managing IT services. As explained above, proper service management enables a high level of availability of such services and a high level of customer and employee satisfaction of the company.

ITIL processes are aligned with the ISO 9000 quality standard and are linked to the EFQM (European Foundation for Quality Management) Model of Excellence, which is used by more than 1,000 companies worldwide.

ITIL focuses on providing high quality services to achieve maximum customer satisfaction at manageable cost. To do this, it is part of a strategic approach based on the process-people-technology triangle. In other words: determine how to execute standard processes aided by technology to achieve the satisfaction of people, users of IT services.


It is a process improvement methodology, focused on reducing the variability of the same, managing to reduce or eliminate defects or failures in the delivery of a product or customer service. The goal of 6 Sigma is to reach a maximum of 3.4 defects per million events or opportunities (DPMO), understood as a defect any event in which a product or service fails to meet the customer's requirements.

Six sigma uses statistical tools for the characterization and study of processes, hence the name of the tool, since sigma is the standard deviation that gives an idea of the variability in a process and the goal of the six sigma methodology is to reduce the process is always within the limits set by the customer's requirements.


The PMBOK Guide identifies the subset of project management fundamentals that is "generally recognized" as a "good practice". "Generally recognized" is a question of referring to the knowledge and practices applicable to most projects, most of the time; where there is consensus on its usefulness and importance; while "good practice" implies that there is a general agreement for the application of knowledge, skills, tools and techniques that can increase the chances of success across many projects.

The PMBOK Guide is process-based, which means that it describes the work applied in the processes themselves. This approach is consistent, and very similar, to the same approach used in other management standards (e.g. ISO 9000 and CMMI). Processes overlap and interact throughout the project phases.

The 5th edition of the guide provides guidelines for the management of individual projects, and defines concepts related to the management of the same. In addition, it describes the life cycle and processes related to the project


It is a methodology focused on the reduction of waste in the execution of the productive processes of your company, maximizing the creation of value for the customer. This methodology was born in Japan, at Toyota's production plants in the 1930s.

The key principles of the Lean methodology are:

  • Minimize waste
  • Continuous improvement
  • Flexibility
  • Perfect quality from the first time
  • "Pull" processes, pulled out by customers

Its goal can be translated as "Get the right things, in the right place, in the right amount and at the right time", being open and flexible to change.