International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Issues of Harmonization of ISO 9001 Standard and the Law 09-08. Protection of Personal Data in Morocco: Potentials and Risks

  • Adil CHEBIR (Research laboratory in organizational management sciences, Ibn Tofaïl University) ;
  • Ibtissam EL MOURY (Laboratory in electronic systems, information processing, mechanics and energy. Ibn Tofail University) ;
  • Adil ECHCHELH (Laboratory in electronic systems, information processing, mechanics and energy. Ibn Tofail University) ;
  • Omar TAOUAB (Research laboratory in organizational management sciences, Ibn Tofaïl University)
  • Received : 2023.10.05
  • Published : 2023.10.30
Download PDF
⟨ Previous Next ⟩

Abstract

Since 2009, Morocco has had a law governing the processing of personal data, the law 09-08, and a supervisory authority, the CNDP (National Commission for the Protection of Personal Data). Since May 2018, the European General Regulation on the Protection of Personal Data (GDPR) entered into force, which applies outside the EU in certain cases and therefore to certain Moroccan companies. The question of the protection of personal data is primarily addressed to the customer. The latter may not only be a victim of crime linked to ICT, but also have to face risks linked to the collection and abusive processing of his personal data by the private and public sectors. Often the customer does not really know how their data is stored, nor for how long and for what purpose. This fact raises the question of satisfying customer requirements, in particular for organizations that have adopted a quality approach based on ISO 9001 standard.In order to master these constraints, Moroccan companies have to adopt strategies based on modern quality management techniques, especially the adoption of principles issued from the international standard ISO 9001 while being confirmed by the law 09-08. It is through ISO 9001 and the law 09-08 that these companies can refer to recognized approaches in terms of quality and compliance. The major challenge for these companies is to have a Quality approach that allows the coexistence between the law 09-08 and ISO 9001 standard and this article deals within this specific context.

Keywords

References

  1. B. Froman, J.-M. Grey & F. Bonnifet. " Qualite, securite, environnement construire un systeme de management integre ". Afnor; 1st Edition (2010) .PP 17. ISBN-10: 2124651978 
  2. C. Yoo, J Yoon, B. Lee, C. Lee, J Lee, S. Hyun & C. W . "A unified model for the implementation of both ISO 9001:2000 and CMMI by ISO-certified organizations". The Journal of Systems and Software 79 (2006) 954-961. doi:10.1016/j.jss.2005.06.042 
  3. C Pardo, FJ Pino, F Garcia, M Piattini, MT Baldassarre "An ontology for the harmonization of multiple standards and models. Computer Standards & Interfaces 34 (2012). PP.48-59 doi:10.1016/j.csi.2011.05.005 
  4. B. McMichael & M. Lombardi. ISO 9001 and Agile Development ", Proceedings of the Agile Conference. Washington, United States. Computer society. 2007, Volume: 1, PP :262-265. DOI: 10.1109/AGILE.2007.36 
  5. T. Stalhane and G.K. Hanssen .The Application of ISO 9001 to Agile Software Development. Product-Focused Software Process Improvement: 9th International Conference, PROFES 2008, Monte Porzio Catone, Italy, June 23-25, 2008, Proceedings. , 2008., pp. 371-385. ISBN: 3540695648.
  6. T. Mataracioglu " Comparison of PCI DSS and ISO/IEC 27001 Standards " ; ISACA JOURNAL. VOLUME 1, 2016 pp: 51-55;  https://doi.org/10.2307/j.ctt19qgf5h.16
  7. "Mapping PCI DSS v3.2.1 to the NIST Cybersecurity Framework v1.1". PAYMENT CARD INDUSTRY SECURITY STANDARDS COUNCIL. July 2019
  8. V. Diamantopoulou., A. Tsohou. and M. Karyda. "From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls" ; Information and Computer Security. PP:11-12. June 2020 Emerald Publishing Limited. DOI: 10.1108/ICS-01-2020-0004 
  9. T. Tzolov "ISO 27552 as a Model for Establishment Personal Information Management Systems"; Proceedings of the 2019 IEEE International Conference on Information Technologies (InfoTech-2019) 19-20 September 2019, St. St. Constantine and Elena, Bulgaria 
  10. M. Tzanou. Personal Data Protection and Legal Developments in the European Union. PP 149. Editeur : IGI Global, 2020 ISBN 1522594914, 9781522594918 
  11. J.M. STEWART. COMPTIA SECURITY+ REVIEW GUIDE : exam sy0-601. Page 452. Edition : 5 , Editeur John Wiley & Sons, 2021. ISBN 9781119735380 
  12. K. Beckers " Pattern and Security Requirements: Engineering-Based Establishment of Security standards". April 2015. PP :15. Publisher: Springer International Publishing ;. ISBN 978-3-319-16663-6 ; DOI : 10.1007/978-3-319-16664-3 
  13. S Asbury, R Ball. " The Practical Guide to Corporate Social Responsibility: Do the Right Thing ". First Published 2016 by Routledge. PP 13. . ISBN :978-1-138-90184-1 
  14. A.B. Makulilo. African Data Privacy Laws. Volume 33 de Law, Governance and Technology Series Issues in Privacy and Data Protection.2016. PP :40 ISBN 3319473174 
  15. D. Boeri. « Maitriser la qualite : Tout sur la certification et la qualite totale ». Maxima Paris 2003. 2nd edition. PP 27. ISBN: 2-84001-313-4. 
  16. E. GIESEN. « Demarche qualite et norme ISO 9001. Une culture manageriale appliquee a la recherche ». IRD Edition, Paris 2008 . PP 25. ISBN : 978-2-7099-1631-8 
  17. S. Faucher « Systeme integre de management - Qualite Securite Environnement ». AFNOR. 1st edition (2006). PP 39. ISBN: 2-12-475530-7 
  18. R.Tricker "ISO 9001:2015 for Small Businesses" Published October 4, 2016 by Routledge; 6th Edition. PP 19. ISBN 9781315774855; 
  19. M.B. Ahmed, A.A. Boudhir, D. Santos, M. El Aroussi & I. R. Karas. Lecture Notes in Intelligent Transportation and Infrastructure. Innovations in Smart Cities Applications Edition 3: The Proceedings of the 4th International Conference on Smart City Applications. 2020. PP :956. doi:10.1007/978-3-030-37629-1
  20. White Paper by AUSIM (the Association of Users of Information Systems in Morocco). Donnees a caractere personnel :Quels enjeux et comment se preparer a la loi 09-08. Edition: February 2012. Page 5 & 8. ISBN 978-2-918872-12-2EAN9782918872122 
  21. CNDP. « Rapport d'activite 2016 » pp 45 & 56 - 59. ISBN: 978-9954-35-944-0 
  22. D. Collier - The Comparative Method - University of California, Berkeley - 1993 
  23. ISO Survey of certifications to management systems standards - Full results - 2017 , 2018 and 2019 Internet: https://isotc.iso.org/livelink/livelink?func=ll&objId=18808772&objAction=browse&viewType=1[February 17, 2021] 
  24. CNDP Bulletin. Tiers de confiance numerique. N° 01, June 8, 2020.PP: 6. Internet: https://www.cndp.ma/images/bulletin/BulletinCNDP_Tiers-de-Confiance-Num%C3%A9rique-N01.pdf [February 17, 2021] 
  25. Law 09-08 - Official Bulletin N° 5714 - 7 Rabii I 1430 (March, 5th 2009) 
  26. INTERNATIONAL STANDARD Quality Management Systems-Requirements - Fifth edition 2015-09 
  27. JG Gomez, M Martinez Costa & A. R. Martinez Lorente. EFQM Excellence Model and TQM: an empirical comparison.. ISSN: 1478-3363. Total Quality Management & Business Excellence. Vol. 28, No. 1PP :89. December 2016. DOI:https://doi.org/10.1080/14783363.2015.1050167. 
  28. EFQM Excellence Model 2013 
  29. IMPACT SOCIAL & ECONOMIQUE DE LA CRI SE DU COVID-19 AU MAROC. Note strategique realisee dans le cadre d'une collaboration entre Haut-Commissariat au Plan, Systeme des Nations Unies au Maroc et Banque mondiale. July 2020. Internet: https://www.unicef.org/morocco/media/2186/file/NOTE%20STRATEGIQUE.pdf. [ February 17, 2021] 
  30. Note d'Orientations Generales pour le developpement du digital a horizon 2025. Mars 2020 .PP :14. Royaume du Maroc, Le Chef du Gouvernement. Internet: https://add.gov.ma/storage/pdf/Avril_NOG_ADD_fr_SITE_VF.pdf. [February 17, 2021]