UNOG ADMINISTRATION AWARDED WITH ISO/IEC 27001 CERTIFICATION

SERGIO DA SILVA, ONU/STIC

Management system refers to what the organization does to manage its processes, or activities, so that its products or services meet the objectives it has set itself, such as satisfying the customer’s quality requirements, complying with regulations, or meeting environmental objectives. Anthony Griffith, the project leader at UNOG for ISO27001 certification, provides us with some answers related to this subject.

What does ISO certified mean ?
Certification refers to the issuing of written assurance by an independent external body that it has audited a management system and verified that it conforms to the requirements specified in the standard. If an organization meets the requirements, it is then “registered” meaning that the auditing body records the certification in its client register.

Why is adopting ISO standards so important ? What are the benefits ?
Management system standards provide a model to follow in setting up and operating a management system. This model incorporates the features on which experts in the field have reached a consensus as being the international state of the art. To be really efficient and effective, the organization can manage its way of doing things by systemizing it. This ensures that nothing important is left out and that everyone is clear about who is responsible for doing what, when, how, why and where. ISO’s management system standards make this good management practice available to organizations to adopt.
For UNOG, the adoption of these management system standards enables the organization to implement industry tested best practices and measure our performance with the standard. Basically, ISO standards help us improve and provide higher quality services.

What sort of effort was required to achieve this result ?
The most significant commitment came from the UNOG Management Team. Because adoption of best practices and alignment with industry standards were given high priority within the organization, through this commitment, the necessary resources and training necessary to achieve a favorable result were made possible.
On the part of the staff involved, documentation of existing security procedures required the most effort. It was really challenging to prepare and create documentation relevant for different units within ICTS. Finally, staff had to increase the frequency of monitoring access logs etc, password changes, and clean their desks of sensitive materials. It sounds easy, but in practice it is really challenging to accomplish.

What’s next ?
This is the first milestone along a path of many other goals. UNOG will be exploring the possibilities of implementing service, quality, environment, and social responsibility management systems. Although we celebrate our first achievement, the work continues.
The key to deciding which standards are suitable for adoption is to ensure that the goal is driven by mission and “business” drivers. Implementing a standard or best practice must be motivated by its value as an enabler to the mission of the organization. The end goal is to use these industry designed management systems to help the organization perform more efficiently and effectively.

Where can I get more information ?
A great starting point is the International Organization for Standardization web site (http://www.iso.org). If an organization is interested in starting their own ISO project, we would welcome the opportunity to share our experiences. Readers may contact Mr. Jason Bellone (jbellone@unog.ch), UNOG/ICTS for more information.