Becoming the first Australian utility to be certified to the AS/NZS 7799 Standard for Information Security Management Systems (ISMS) last year has proved crucial to Yarra Valley Water's (YVW's) system migration efforts.
CIO Simon Soon says integrating ISMS certification with other quality systems across the company is also helping Yarra Valley Water to leverage the benefits these systems offer to drive further improvements.
Victoria\'s largest retail water company, YVW last year won awards for "Best Implementation of Risk Strategy" and "Best Information Technology Security Strategy" at the Australian Risk Management Awards 2004.
\"This was an unprecedented step in the water industry and we are the first Australian utility [water, gas or electricity] to have achieved this certification. We were also the tenth Australian company to achieve this certification,\" Soon says.
\"Certification validates that the security arrangements for our mission critical business systems are of a recognized and independently audited high standard".
\"With increasing focus on information security, physical security and business continuity planning in the case of unforeseen disaster, certification provides a means for us to benchmark our Information Security Management System. It will also foster a security culture with our business partners and staff through heightening security awareness within the organization, improving credibility and customer confidence.\"
The move to certification is in keeping with YVW\'s strategy of seeking certification for its core processes including Quality, Environmental, Occupational Health and Safety and HACCP (Food (Water) Safety systems), wherever possible.
One year ago YVW signed a $1.35 million contract with Intergraph Mapping and Geospatial Solutions to deploy Intergraph's geofacilities management software G/Water and its GeoMedia software as the enabling technologies of a comprehensive Geospatial Resource Management (GRM) system. The utility chose Intergraph because of its ability to support the company's ten-year IT masterplan, which dictates enterprise-wide integration with Windows XP, Microsoft .NET and Oracle environments, and its business goals of increasing customer service and environment management while reducing operational costs.
The GRM system will enable YVW to streamline business analysis, schematics, and mapping and plotting functions, and integrate real-time geospatial data with tabular data from other corporate systems for enterprise wide decision support. The idea is to make pertinent data available to staff across the organization - from engineers who maintain water and sewer assets to planners who determine the location of new services to management for assessing water quality reports or customer complaints.
The utility, which has successfully migrated applications during the first phase of the three-phase project, conducted a risk assessment before the project began. This identified people issues around skills, training and acceptance of the system as the project\'s biggest risks.
Those risks were minimized by a strong governance structure and regular project meetings to air and resolve potential issues and difficulties.
\"We also have regular technical meetings with the vendor to ensure there are no particular performance issues that people are not happy with - they get tackled straight away. As far as our IT facilities go we are the first Australian utility to be certified to AS 7799 so we have strong procedures in there. So from that risk point of view in terms of security we\'re pretty well covered.\"
A December 2004 Auditor-General\'s Report noted YVW\'s strong practices in information security management. \"It had implemented a comprehensive management framework to help it assess, monitor and continually improve security practices across the organization. This included the development and/or enhancement of existing processes and documentation to address a range of IT governance practices such as:
-IT risk management -information security policy development and enhancement -personnel security - access control -IT systems development and maintenance -business continuity.
\"Yarra Valley Water was subsequently able to achieve compliance and certification with Australian and internationally recognized standards in information security management (AS/NZ 7799.2:2003). Ultimately, these initiatives should assist in ensuring that the confidentiality, integrity and availability to systems and data within this agency are maintained,\" the report says.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.