Group Technology Solutions (GTS), the Information Technology services division of An Post, and Post.Trust, a subsidiary of An Post offering advanced digital security solutions, have successfully achieved certification to international Information Security Standard ISO 27001. This follows an external audit conducted by Certification Europe, a body accredited by the Irish National Accreditation Board (INAB) the statutory body for quality standards in Ireland. Furthermore Post.Trust has retained its existing accreditation as a qualified Certification Services Provider (CSP) in compliance with the requirements of the EU eSignatures Directive EU 1999/93/EU. What is ISO 27001?
This standard prescribes a comprehensive set of best practices for organisations which wish to attain a high level of security in the operation of Information Technology infrastructure,
application systems and management processes. Certification requires an organisation to implement over 130 security controls across 39 control objectives and 11 major headings
while maintaining a continuous improvement programme. Surveillance audits occur every six months with full re-certification every three years.
Why seek accreditation?
Certification to ISO 27001 enables An Post to prove to its clients and other stakeholders that we are comprehensively managing the security of information held in our possession.
Information is a valuable asset and it needs to be protected and managed as carefully as any other tangible asset particularly when being managed on behalf of customers. Karl Coffey, Chief Enterprise Architect, An Post GTS said: “The ISO 27001 standard is the most popular and widely used global assessment framework for Information Security
Management. It is also increasingly referenced in commercial tenders and compliance information requests from potential and existing corporate customers. Participation in this programme enables us to provide independent assessment of the maturity of our IT security management system to the Board, our customers, shareholders and other key stakeholders.” For example in the case of the Prize Bonds Draw system, the Prize Bond Company can be assured that the system deployed meets the highest international security standards.
Additionally, financial institutions such as AIB for which An Post delivers a range of services can also be satisfied that the level of security in place meets recognised industry standards without having to conduct an independent audit. Existing and prospective customers that An Post wishes to target for new business opportunities can be similarly reassured with regard to this increasingly important aspect of doing business securely.
Post.Trust, a Certification Service Provider (CSP) has successfully maintained its Information Security Management accreditation. Post.Trust has also successfully retained compliance with the EU Directive 1999/93/EC for eSignatures, following a full certification audit by Certification Europe.
What is the EU e-Signatures Directive?
The Directive establishes the legal framework at European level for electronic signatures and certification services. It aims to make electronic signatures easier to use and help them become legally recognised within the Member States. Furthermore, it lays down the criteria that form the basis for legal recognition of electronic signatures by focusing on certification services. The Irish Electronic Commerce Act 2000 transposed the Directive into Irish law. This law provides for the legal recognition of electronic signatures, electronic writing and electronic contracts.
Why seek accreditation?
Compliance with the EU Directive ensures Post.Trust’s compliance with the Irish eCommerce Act 2000. Furthermore, it provides assurance to Post.Trust customers - who use Post.
Trust I.D. on a daily basis to digitally sign and transmit Adobe PDF documents electronically as to the integrity, authorship and legal validity of those documents.
Henry Conboy, Post.Trust Services Manager, said:“Maintaining this standard is vital to Post.Trust business and ensures that we continue to operate to the highest international standards.” Post.Trust is the only CSP in Ireland, accredited to issue legally recognised Qualified Digital Certificates fully compliant with the EU Directive. Post.Trust was first successfully audited against EU Directive 1999/93/EC for eSignatures in 2003. The company undergoes surveillance audits every six months and a full audit every three years for re-certification.
Why adopt digital signatures?
The world is changing quickly; once paper based, information is now largely stored and transmitted digitally. Post.Trust digital certificates enable organisations such as Getty Images, Baxter Pharmaceutical and the Commission for Communications Regulation (ComReg) to increase efficiency by sending document workflows electronically thus eliminating traditional paper related costs. The Private Residential Tenancies Board (PRTB) sought to reduce their reliance on paper-based record systems and the need to maintain physical archives; addressing a key strategic objective of the company to move closer to a paperless office.
GeoDirectory
GeoDirectory has been accredited with ISO 9001 from the National Standards Authority of Ireland
What is ISO 9001?
ISO 9001 is simply about getting things right first time so you don’t have to do them twice. It’s about helping businesses improve the quality of the services they offer to their customers.
And what’s really good is that it is an internationally recognised standard that many companies aspire to but relatively few attain.
Why seek accreditation?
Dara Keogh, CEO, GeoDirectory, explains: “Seeking accreditation allowed us to analyse our processes and identify potential improvements. It both increased the quality of service we offer and freed up time spent on low value activities to be spent on high value income generating activities.” The benefits to-date include improved cash flow, lower volumes of non-sales queries and more time for our high value activities such as researching marketing needs, enhancing the offering and increasing revenues.
What was involved?
All the key processes in GeoDirectory had to be documented. Process maps were then produced for the working procedures, from taking a simple phone call to technical legal review of contracts with clients. Processes were refined to maximise output while minimising inputs. The process maps and the associated procedures were produced, reviewed and submitted to the NSAI in just over six months. This fast turnaround was a credit to the team in GeoDirectory and to the support and input from the quality team in An Post. John McConnell, Head of Quality, An Post said: “Dara successfully applied the Six Sigma continuous improvement methodology from his Green Belt Training to implement ISO 9001 in GeoDirectory. He also leveraged the structures and support from An Post’s main ISO registration to achieve certification.” The quality of the output was so high that Maria McKeown, Auditor from NSAI Certification, would have passed GeoDirectory at the pre-audit phase which is a great testament to the work of all involved.
What next?
The NSAI will make surveillance visits to GeoDirectory - usually once or twice a year. In addition, it will conduct a full reassessment audit every three years. And An Post’s internal audit team will conduct regular checks to see that the current high standards are maintained and continue to help GeoDirectory work on identifying possible improvements.