8 minute read
Security
by MITA
Ltd will pilot these technologies with the aim of setting the stance for product development and implementation in the subsequent year. As early as 2001, MITTS Ltd recognised that it must replace its existing network by one that was scalable, that factored technology neutrality, had redundancy and which could sustain high technological performance. A comprehensive technology reform programme was embarked upon in 2003 which to date has seen the completion of two of the three phases that constitute this reform. The first constituted of a new network infrastructure, now known as MAGNET II, which MITTS Ltd successfully introduced in the summer of 2005 in collaboration with a private sector consortium constituted of Maltacom plc and Melita Cable plc. This phase saw the introduction of a new network infrastructure based on the latest technology (Gigabit Ethernet over fibre) designed to provide full redundancy (i.e. continuity) for each site by providing alternative routes allowing for a high level of up-time. This secures against unscheduled disruption in the ICT service provision, and consequently in the business of Government, to a 99.6% availability.
The second phase which will be practically completed in 2006 is the Enterprise Management Architecture – mainly the configuration of server, desktop and active directory elements on modern and dynamic technology to enable effective management of these elements.
The third phase relates to the consolidation of over 40% of the server population and of more than 70 data-centres (currently spread across Government) within two ‘active-active’ date centres. The two data centres will be housed in state-of-the art facilities and will provide automatic and immediate failover onto one another in the event that one of them faces performance issues thereby ensuring that Government ICT services perform on optimum up-time and that all of the major Government ICT business applications have business continuity coverage.
With its introduction in 2006, the Consolidated Environment will aim to reduce the number of Data Centres by 40% over seven years. MITTS Ltd’s way forward included the issue (in September, 2005) of an EU-wide tender for the selection of a partner to implement a solution that meets Government’s needs. Technology refreshes and changes, lessons learnt and success of the programme will determine the rate at which MITTS Ltd takes the programme forward from beyond the planned phases. To date, the Consolidated Environment remains a flag-bearing solution that caters for higher security, more reliable business continuity, as well as a reduction in TCO on storage and processing facilities.
“MITTS Ltd continues to operate an effective Quality Management System (QMS). This is continuous improvement of the processes through the introduction of tools and changes in the way that the organisation operates”.
“Overall, the level of commitment to provision of a quality service is commendable and the robustness of the QMS is demonstrated by its ability to accommodate changes within the
organisation.”
SGS Audit Summary Report - June 2006
Security:
MERGING INTERNATIONAL EXPERIENCE
Security is central to the Government’s operations and as a result MITTS Ltd has systematically aligned itself to Government’s needs and has been proactive in the field. In 2002, MITTS Ltd took the forward looking business decision to establish security management as one of its core businesses and to set up the Department of Information Security and Risk Management (ISRM). In July 2005 following the review of ICT operation in Government carried out by MIIIT, the Information Security (InfoSec) Authority function carried out by the Central Information Management Unit was merged within MITTS Ltd.
One of the mandates that MITTS Ltd assumes as InfoSec Authority is the management of Twinning Arrangement with QinetiQ of the United Kingdom for the appropriate capacity building in Government for the management of security. The work carried out under the umbrella of the Twinning Agreement is two pronged. The first initiative relates to work that is underway to establish Security management policies and procedures with the initial implementation phases directed at the Government ministries which have responsibility for the handling of EU Classified Information.
Apart from implementing the protocols established by Directive 2001/264/EC titled ‘EC Council Security Regulation’, MITTS Ltd is drawing up the Government’s as well as its own security framework on the basis of the 2005 international security standard ISO/IEC 17799:2005. ISO/IEC 17799:2005 will establish guidelines and general principles for initiating, implementing, maintaining, and improving information framework in the following elements:
- organisation of information security; - asset management; - human resources security; - physical and environmental security; - communications and operations management; - access control; - information systems acquisition, development and maintenance; - information security incident management; - business continuity management; and - compliance.
ISO/IEC 17799:2005 will thus establish control objectives and controls that will result in a far more manageable risk management foundation. MITTS Ltd is targeting that it will implement ISO/IEC 17799:2005 within it and within six sub-registries in Government by the end of 2007.
The second prong relates to the development of a security culture and management competency within Government. Over the past 18 months, MITTS Ltd has organised 2 Information Security training courses encompassing over 50 public officers. Over the same period, MITTS Ltd has organised 2 Information Security Awareness programmes for the general public. The company is targeting that by the end of 2007, the implementation of ISO/IEC 17799:2005 sets the common grounds and practical guideline for developing a Government-wide security standard and effective security management practice. Last but not least it will increase further the confidence that Government already shares with the company.
Improving Project Management Abilities
Following the 2002 organisational realignment of MITTS Ltd, project management of business solutions was identified as a core business for MITTS Ltd. In order to strengthen the company’s abilities in this regard, it was decided that MITTS Ltd would adopt an international project management methodology which would be applied consistently across the company and for internal as well as external initiatives. Following a comprehensive review, the methodology applied was PRINCE 2 developed by the former – CCTA – now the Office of Government Commerce (OGC) in the UK. Subsequent to the choice of the methodology, MITTS Ltd undertook a change management programme directed to align its internal process and tools to the new methodology. Moreover, a skills capacity building initiative was embarked upon, and continues today, which has resulted in MITTS Ltd having over 30 employees qualified at PRINCE 2 Foundation Level, and over 20 employees at PRINCE 2 Practitioner Lever.
In terms of the management of be-spoke in-house development, which today is primarily limited to enhancement and maintenance of strategic Government applications such as the Inland Revenue System, the VAT System and the Social Security System, MITTS Ltd adopted the Software Development Lifecycle (SDLC) in order to introduce ex-ante rigour to achieve a higher quality of software at the first iteration.
Seeking National and International Excellence
The Board and executive leadership at MITTS Ltd have aggressively, and in sustained manner, sought to establish MITTS Ltd as a best practice organisation. In seeking to achieve this goal MITTS Ltd has sought to improve its performance, skills, processes and competencies by adopting continuous change for self-improvement as an underpinning philosophy, whilst applying international benchmarks and standards to leverage the attainment of the said goals. Simultaneously in achieving such change, MITTS Ltd embarked on a complementary change programme that saw the company’s full-time complement fall from 300 in 2000 to 262 in 2005 whilst at the same time achieving higher quality output and productivity. It has attained this by being innovative in terms of the employment practices applied and by being a pioneer in promulgating tele-working, job-sharing, and family friendly measures.
MITTS Ltd is proud to state that in 2005, at the first National ICT Awards programme launched by the Malta Computer Society, MITTS Ltd was awarded the prestigious award of the ‘Best Maltese ICT Enterprise’.
MITTS Ltd’s performance, however, is also best demonstrated by the work it has carried out on e-Vehicle Registrations Application (known as the e-Vera). The e-Vera is a trigger based application that brings insurance companies as intermediaries to Government for the issuance of driving licences, integrating with both vehicle registration testing and traffic citation payment whilst providing direct 24x7 interactions for the citizens to renew their driving licence.
In essence the e-Vera is one of the new generation of eGovernment solutions that deal with a heterogeneous environment rather than on a ‘point-to-point’ basis. To this effect, the e-Vera application was submitted by MIIIT to be considered for the ‘Best Practice Rankings Award’ at the Ministers’ of IT Meeting in Manchester. The application was short-listed amongst the top ‘EU Best Practice Applications’ in the eGovernment Services category and was commended as a best practice eGovernment application.
Service Call Centre: This has continued to improve its processes based on the ITIL model. The MARVAL system is now integrated with the Asset Register moreover its Configuration Management Database (CMDB) allows immediate confirmation that the device is supported and the SLAs showing the level of service contracted.
Reporting is highly developed enabling management to identify trends and take appropriate preventive action. Problem management is in place and progress is monitored by senior management. The challenge for the future is to maintain the current high levels of service as the scope of their operations extends to the public sector.
SGS Audit Summary Report January 2006
The effort put into introducing PRINCE2 and the SDLC is now beginning to realise benefits with regard to improved project delivery. The reporting system presentation of management information enables problems to be identified early on and action taken to reduce the impact.
SGS Audit Summary Report January 2005 MITTS Ltd has been constantly undergoing changes in organisation, roles and scope alongside development of its technology and processes. This time is no exception with the formation of a Business Excellence and Compliance Department to provide a focus for the many activities that are necessary for the organisation to comply with internal and external standards, manage change and improve customer satisfaction. This indicates the commitment that management has to effecting improvements.
MITTS Ltd continues to progress and meet the demands of Government for a high level of service. This is achieved by the commitment of all staff and it was encouraging during the audit to see the enthusiasm of staff carrying out their roles.
SGS Audit Summary Report January 2006
