Ghana's ICT industry regulator, the National Information Technology Agency (NITA) has been presented with three ISO certificates at a go for its prowess in the areas of information security, business continuity, and IT service management.
The presentation was jointly done by Deloitte Ghana and the external auditors of NITA, A4S at a cocktail event in Accra to bring the curtains down on the maiden National ICT Week which happened between Monday, August 26 and Friday, August 30, 2024.
The three certificates were ISO 20000:2018 for IT Service Management, ISO 22301:2019 for Business Continuity, and ISO 27001:2022 for Information Security, which is a new one and the first of its kind to be presented to a public sector institution in Ghana.
It took months of rigorous assessment for the certification bodies to determine that NITA had the right frameworks, support systems, policies, and practices that are sustainable to qualify them for the ISO Certifications.
IT Service Management:
With regards to IT Service Management, a candidate is required to have systems in place to ensure that IT services are delivered optimally both within and outside of the organization.
This drives client and public confidence in the services of the organization and has the ripple effect of ensuring that corporate clients like the public institutions NITA serves, are also able to deliver reliable and excellent services to their clients.
NITA has the biggest and best-in-class data centre in West Africa, managed by its private sector partner, Smart Infraco. The certified Tier3 data centre has enough capacity to provide both affordable and very reliable IT services to all public institutions and even private businesses who care to access the services of NITA.
To qualify for ISO certification for Business Continuity, an institution is required to have systems in place to ensure that in the event of either internal or external disruptions, the operations of the business are not interrupted in any way.
For instance, in case of an external disaster that destroys a data centre or some critical infrastructure, there should be enough redundancy/backup
arrangements in place to keep the business operations and its services to clients intact.
Indeed, in case of the death or resignation of a key person in the business, that should also not affect operations.
One of the ways NITA proved its prowess in business continuity was in March 2024, when there was a nationwide internet disruption due to the multiple undersea fibre cuts. NITA was able to reconnect all state institutions to the internet within 24 hours because it had a number of redundant subsea cables coming from different directions into Ghana, which were not part of the four that were cut.
As a result, government business continued smoothly, while two major telcos, several ISPs, and banks remained in the woods for days because they did not have the right redundancy/backup arrangements in place like NITA had.
Again, NITA has a certified Tier 3 data center, which has multiple paths for power, cooling, and systems in place to update and maintain it without taking it offline. A Tier 3 data center has an estimated 99.982% uptime in a year, which means it is highly unlikely for service to be disrupted.
Information/Cyber Security:
This is where an organization is required to have security systems in place to ensure that information in its custody is not disclosed to unauthorized persons; the integrity, completeness, and accuracy of the information is intact at all times, and the information is readily available to all authorized persons upon request.
NITA’s certified Tier 3 Data Centre runs a locally hosted Cloud in Ghana, fully functioning, supported, very resilient, and properly protected, so most of the traffic/data at NITA do not go outside Ghana.
Apart from the fact that hosting data locally ensures maximum security, it also ensures affordability because NITA uses virtual servers, which means clients do not have to pay for physical servers, and they also charge in cedis and not in dollars as others do.
To further deepen data security at NITA, its private sector partner, Smart Infraco recently signed a strategic agreement with Trend Micro to deploy Trend’s antivirus and cybersecurity suites across all end nodes (computers, phones, tablets, etc) used in accessing the networks of government institutions for work. This prevents cyberattacks through external and authorized devices.
Director General of NITA, Richard Okyere-Fosu told Techfocus24 that the journey to obtaining the three ISO certifications had not been an easy one but it was necessary because as the ICT regulator and the host of government data, NITA needed to boost the confidence of the public sector institutions in its ability to provide them with the best-in-class, most reliable and secure IT services.
He said obtaining the ISO certifications is just the beginning of the journey because NITA is committed to maintaining and improving upon the standards to ensure that its clients get the best of services.
The NITA boss believes that, with these ISO certifications, NITA is well-positioned to provide all government institutions and even private businesses the reliable, affordable, and secured IT services they need to help them cut down on needless wastage of resources on securing IT services from other sources.
Richard Okyere-Fosu said NITA is also coming up with the Common National Digital Architecture (CNDA), which will insist that any entity seeking to provide ICT or digital services to the government must fit into a specific framework or “we are not interested.”
Meanwhile, since NITA started focusing on its regulatory role in 2021, it has been working to put various ICT industry regulations and guidelines together over the years.
These new regulations and guidelines are due to be rolled out by March 2025.
"What I can say is that with the policies, frameworks, systems, and measures we have put in place over the years, NITA is at a much better place than I met it," he said.