Government meets international standards for information security

The government of St Vincent and the Grenadines (SVG) has met international standards for the management of information and security.

At a ceremony last Tuesday during which the International Organization for Standardization (ISO) 27001 certificate was presented, minister of economic planning, sustainable development, industry, information and labour Camillo Gonsalves{{more}} said in the immediate aftermath of the hacking of the Government website in May 2015, both he and Director of the Information Technology Services Division (ITSD) Andre Bailey were distressed that systems and procedures were not in place to deal with the incident.

He said the absence of a set of procedures to deal with breaches in information security was partly because information in the digital sense is fairly new to government.

“What took place in the aftermath of the hacking was somewhat less than what would’ve taken place in some other jurisdictions…,” he admitted, hence the decision to work towards ISO certification.

The ISO is an internationally acclaimed organization that deals with standardization for various types of businesses procedures and performance.

“If you are compliant and if you are doing it in a manner that the rest of the world does it then you would get a certificate,” said Gonsalves.

The Minister however noted that the department had no deficiency in talent or competence to deal with security measures and in terms of physical resources, they were not far from where they needed to be.

The deficiences, he said, existed in the areas of process, procedure, culture and leadership and prioritizing the issue of information security.

He thanked the government of Taiwan for their assistance in achieving the certification.

“ISO certification is very common place in Taiwan, in a variety of fields and we thank them for helping us to introduce that type of rigor and discipline to our own processes,” Gonsalves stated.

During remarks at the ceremony, ITSD director Andre Bailey said that the help they got from Taiwan came at a very important time for his department.

Like Gonsalves, he also referred to when the government website was hacked, stating “we at that time were trying to grapple to understand the nature of how we can adapt our procedures and make sure that if it does happen again, that we would be more responsive and we will put things in place.”

Bailey said the standards of the ISO helped them to refine the process, “because IT is a very dynamic industry and what cannot be hacked 10 years ago can be hacked in maybe the next five years,” he explained.

“We have to make sure that we hold on to the procedure and maintain the standards, but at the same time, we still need to evolve overtime, because threats are becoming more complicated especially from the outside and we have to be very vigilant,” he said.

During his remarks at the ceremony, ambassador of the Republic of China (Taiwan) to St Vincent Baushuan Ger noted that this is the first time an institution in SVG has achieved ISO 27001 certification.

“This certification is confirmation that the Information Technology Services Division (ITSD) has successfully adopted and complied with the highest management standards of information security in the world,” he said.

Ger also revealed that Taiwan began its bilateral ICT co-operation project with SVG in 2010.

He further stated that one of the aims of the project is to develop a secure ICT structure.

“The establishment of E-Government Centre in 2013 has turned concepts into reality,” Ger said.

He outlined other goals that have been achieved, such as the consultation for e-Government Developing Strategy, six Government Information Systems, 33 ICT Training courses and workshops, with 1,700 participants enrolled in the training programme.

Ger said with the successful completion of the first phase ICT project last November, the ROC and SVG governments have decided to launch a new phase of co-operation on ICT later this year.

The new US$2 Million project, dubbed Electronic Documents and Records Management System (EDRMs), aims to build a digitized document interchange and management system to be used between governmental agencies at different levels.

“The implementation of the new project will further improve the overall efficiency of document process mechanisms,” he said. (AS)