Thought Leadership

Digital Jewels celebrates esteemed clients on recent accreditation to global best practices and standards.

0
Adedoyin Semi Corp Pic e1621616824538
Share this article


However, the dual potentialities of IT make it a doubled-edged sword that cuts both ways – value and risk.

Digital Jewels Limited is a leading IT Governance, Risk and Compliance (GRC) Consulting & Capacity Building Firm with deep competencies in Information Security, Information Assurance, Project Management, e-business and Knowledge Capacity Building.

In this intriguing interview with the delectable CEO, Mrs. Adedoyin Odunfa, she provided insights into how Digital Jewels is leveraging the extensive knowledge of global best practices within the

context of local operating environments, while celebrating the recently accredited clients to global best practice standards.


Questions


1, Congrats on the recent ISO certification accreditation to some of your esteemed clients. What was the motivation for starting Digital Jewels at a time when the practice of GRC was hardly taken seriously?

Thank you! 13years ago when we started Digital Jewels, it was clear to the discerning that digital will grow, digital will thrive, digital will transform – not just businesses but lives and livelihoods. However, the dual potentialities of IT make it a doubled-edged sword that cuts both ways – value and risk. Many failed to appreciate the consequences of not managing the risk effectively but we could see clearly that e-business, e-banking, e-Government, digital – will not thrive without security and assurance with Governance as an umbrella.


It was also clear that the value of data, information, knowledge and wisdom will grow. Hence, our emphasis on the Information Value Chain which empowers and enables; and which needs to be secured, assured and managed. All these fall under the ambit of IT Governance, Risk and Compliance which is our core area of focus.
The certifications are an effective way of tangifying the best practices we implement through the adoption of standards and frameworks.


We were fortunate to secure some early adopters in our markets of operation that made a big statement. To mention just a few…

  • I recall the certification of Galaxy Backbone to the ISO27001 (global Information Security Management System) standard in 2010. Making it the first public sector in Africa to be certified to a global standard. This feat earned the then Minister of Communications Technology an international award.
  • I also recall the certification of Fidelity Bank to the ISO27001 (global Information Security Management System) standard in 2009, ahead of the CBN Standards blueprint and demonstrating the Banks slogan – “Trust is our Middle Name.”
  • In Ghana, we had the privilege of certifying the first commercial Bank, First Atlantic Bank to ISO27001 in 2013 and PCIDSS in 2014 also ahead of the BoG regulations
  • More recently, In Rwanda, we had the privilege of implementing the ISO27001 standard (2019) for Bank of Kigali – the largest indigenous Bank in Rwanda – making the first commercial Bank in Rwanda so certified.

It was also clear that the value of data, information, knowledge and wisdom will grow. Hence, our emphasis on the Information Value Chain which empowers and enables; and which needs to be secured, assured and managed.


2. What are the key drivers and motivations for any organization in the first place to want to commence the process of certification?

Certification provides evidence of implementing a global best practice standard and typically involves assurance by an accredited independent 3rd party. It provides validation that processes, policies and procedures comply with National or International Standards and helps you avoid re-inventing the wheel.

We focus on IT-related standards and frameworks which help to govern, secure and assure the information value chain. These include ISO27001 (the global Information Security Management System , ISO22301 (the global Business Continuity Management System ), ISO20000 (International standard for IT Service Management ), ISO45001 (Global standard for Occupational Health and Safety ), ISO9001 (global Quality Management System) and PCIDSS (the Payment Card Industry Data Security Standard ) We also implement frameworks such as COBIT (Control Objectives for Information and Related Technology), ITIL (IT Infrastructure Library) amongst others.

Over the years we have conducted well over 100 implementation exercises. We have ourselves taken a taste of our own medicine by implementing and certifying to 2 global best practice standards (ISO 27001 and IS0 9001).
The drivers for the clients we have supported to certification over the years fall into 3 key categories:

  1. Internal motivation for excellence: this happens when the management of an organization chooses to benchmark itself against global best practice and aspires to attain best-in-class processes and systems to differentiate itself from the rest of the pack. These organisations do not need much persuasion and typically ensure an efficient implementation process.
  2. Regulation driven/induced: Regulators across the world have found that mandating the adoption of standards provides an effective and verifiable way of enforcing a minimal baseline for IT practices. E.g., in 2014, the CBN introduced an IT Standards Blueprint which has been revised a number of times and has significantly influenced the adoption of global best-practice standards in Nigerian Banks alongside increasing their maturity levels. Banks, FinTech’s and other players in the ecosystem are mandated to comply. The Bank of Ghana came out with a CyberSecurity Directive in 2019 which also mandated certification to a more discrete set of standards. Overall, most organisations realise that adoption and certification to global best practice standards are for their own benefit though a number comply very grudgingly and thereby miss out on many of the process and system benefits to the organisation, focusing mainly on the documentary evidence for the regulators.
  3. Customer/ Market-driven: in some cases, a significant client, in a bid to eliminate weak links in its service delivery chain, requires its service providers to demonstrate the adoption of global best practices through certification to these standards or risk losing its business. This has been the driver of many providers of a myriad of IT services to large Banks, Telcos or even government institutions.
    The adoption of standards is certainly growing, propelled by globalization, regulation, competition and sustainability. For African markets, the standards provide a verifiable way to compete globally through speaking a common language


3. What are the requirements and scope of ISO Certification and is it limited to specific sectors?

That’s a very general question as there are over 20,000 ISO Standards with different areas of focus. We focus on IT-related standards such as Information Security Management Standard (ISMS), the Business Continuity Management System (BCMS), the IT Service Management (ITSM), the Occupational Health And Safety (OHAS), Payment Card Industry Data Security Standard (PCIDSS), amongst others. The scope is as determined by the specific client – typical scope areas include the Data Centre, Disaster Recovery Sites, Head Office or other locations or the entire organization. The scope is influenced by where the critical information assets are located, client/regulatory requirements, time and budget available amongst other factors.

4. Do you see a strong adoption culture of innovation and compliance standards in the emerging markets of Africa and what factors do you think
are contributing to that?

The adoption of standards is certainly growing, propelled by globalization, regulation, competition and sustainability. For African markets, the standards provide a verifiable way to compete globally through speaking a common language.

The pandemic has accelerated the adoption of technology significantly globally and in Africa. This increased adoption of technology can lead to greater value addition with the adoption of standards like the ISO20000 IT Service Management System on the one side; whilst multiplying threats to business operations and indeed continuity alongside technical and non-technical vulnerabilities on the other side leading overall to a higher risk profile which standards such as ISO27001 (Information Security Management System), the ISO22301 (Business Continuity Management System ) and the ISO45001 (Global standard for Occupational Health and Safety) help to manage.

Digital Jewels Congratulations recently certified clients scaled

5. What are the long-term strategic plans of Digital Jewels?

As an Afro-centric Consulting and Capacity Building IT GRC Firm, we strive to build centers of excellence one institution at a time, one professional at a time. With a footprint in 9 African cities and still counting and with a specialized portfolio of independent IT GRC services, we keep raising the bar and are currently working on a strategic plan to redefine the IT GRC in Africa. Watch this space….


Regulators across the world have found that mandating the adoption of standards provides an effective and verifiable way of enforcing a minimal baseline for IT practices.

 

© 2021 Regtech Africa. All Rights Reserved.

Share this article

SAS launches free data literacy resources to build essential life skills

Previous article

Polaris Bank Nigeria launches VULTe a new Digital Bank

Next article

You may also like

Comments

Comments are closed.