...

NITA Gets Three ISO Certificates At A Go

NITA Gets Three ISO Certificates At A Go
Richard Okyere-Fosu, Director-General of NITA (middle) receiving one of the ISO certificate from an official of A4S

Ghana’s ICT industry regulator, National Information Technology Agency (NITA) has been presented with three ISO certificates at a go for its prowess in the areas of information security, business continuity, and IT service management.

The presentation was jointly done by Deloitte Ghana and the external auditors of NITA, A4S at a cocktail event in Accra to bring the curtains down on the maiden National ICT Week which happened between Monday, August 26 and Friday, August 30, 2024.

The three certificates were ISO 20000:2018 for IT Service Management, ISO 22301:2019 for Business Continuity, and ISO 27001:2022 for Information Security, which is a new one and the first of its kind to be presented to a public sector institution in Ghana.

It took months of rigorous assessment for the certification bodies to determine that NITA had the right frameworks, support systems, policies and practices that are sustainable to qualify them for the ISO Certifications.

Richard Okyere Fosu Director General of NITA speaking after the ISO certificates presentation
Officers of NITA and Deloitte Ghana display the three ISO certificates presented to NITA

Officers of NITA and Deloitte Ghana display the three ISO certificates presented to NITA

IT Service Management

With regards to IT Service Management, a candidate is required to have systems in place to ensure that IT services are delivered optimally both within and outside of the organization.

This drives client and public confidence in the services of the organization and has the ripple effect of ensuring that corporate clients like the public institutions NITA serves, are also able to deliver reliable and excellent services to their clients.

NITA has the biggest and best-in-class data centre in West Africa, managed by its private sector partner, Smart Infraco.

The certified Tier 3 data centre has enough capacity to provide both affordable and very reliable IT services to all public institutions and even private businesses who care to access the services of NITA.

Business Continuity

To qualify for ISO certification for Business Continuity, an institution is required to have systems in place to ensure that in the event of either internal or external disruptions, the operations of the business are not interrupted in anyway.

For instance, in case of an external disaster that destroys a data centre or some critical infrastructure, there should be enough redundancy/backup arrangement in place to keep the business’ operations and its services to clients intact. Indeed, in case of the death or resignation of a key person in the business, that should also not affect operations.

One of the ways NITA proved its prowess in business continuity was in March 2024, when there was a nationwide internet disruption due to the multiple undersea fibre cuts.

NITA was able to reconnect all state institutions to the internet within 24 hours because it had a number of redundant subsea cables coming from different directions into Ghana, which were not part of the four that were cut.

As a result, government business continued smoothly, while two major telcos, several ISPs and banks remained in the woods for days because they did not have the right redundancy/backup arrangements in place like NITA had.

Again, NITA has a certified Tier 3 data center, which has multiple paths for power, cooling and systems in place to update and maintain it without taking it offline.

A Tier 3 data centre has an estimated 99.982% uptime in a year, which means it is highly unlikely for service to be disrupted.

Information/Cyber Security

This is where an organization is required to have security systems in place to ensure that information in its custody is not disclosed to unauthorized persons; the integrity, completeness and accuracy of the information is intact at all times, and the information is readily available to all authorized persons upon request.

NITA’s certified Tier 3 Data Centre runs a locally hosted Cloud in Ghana, fully functioning, supported, very resilient and properly protected, so most of the traffic/data at NITA do not go outside Ghana.

Apart from the fact that hosting data locally ensures maximum security, it also ensures affordability because NITA uses virtual servers, which means clients do not have to pay for physical servers, and they also charge in cedis and not in dollars like others do.

To further deepen data security at NITA, its private sector partner, Smart Infraco recently signed a strategic agreement with Trend Micro to deploy Trend’s antivirus and cybersecurity suites across all end nodes (computers, phones, tablets etc) used in accessing the networks of government institutions for work. This prevents cyber attacks through external and authorized devices.

IMG 20240902 WA0001

Richard Okyere-Fosu, Director-General, NITA

Director General of NITA, Richard Okyere-Fosu told Techfocus24 that the journey to obtaining the three ISO certifications had not been an easy one but it was necessary because as the ICT regulator and the host of government data, NITA needed to boost the confidence of public sector institutions in its ability to provide them with the best-in-class, most reliable and secure IT services.

ALSO READ  2nd Canada-Africa Business Conference To Take Place In Nairobi From 19-20 February 2024

He said obtaining the ISO certifications is just the beginning of the journey because NITA is committed to maintaining and improving upon the standards to ensure that its clients get the best of services.

The NITA Boss believes that, with these ISO certifications, NITA is well positioned to provide all government institutions and even private businesses the reliable, affordable and secured IT services they need to help them cut down on needless wastage of resources on securing IT services from other sources.

Richard Okyere-Fosu said NITA is also coming up with the Common National Digital Architecture (CNDA), which will insist that any entity seeking to provide ICT or digital services to government must fit into a specific framework or “we are not interested.”

Meanwhile, since NITA started focusing on its regulatory role in 2021, it has been working to put various ICT industry regulations and guidelines together over the years.

These new regulations and guidelines are due to be rolled out by March 2025.

“What I can say is that with the policies, frameworks, systems and measures we have put in place over the years, NITA is at a much better place than I met it,” the NITA Boss said.