Malta: Information And Communications Technology

Data Protection compliance through ICT Implementation

EMD has developed software and a number of work programmes aimed at bringing our clients in line with the requirements of the Maltese Data Protection Act 2001 and introduce procedures to remain compliant. Our methodologies and solution set will help the client simplify as much as possible, the implementation of the new rights and obligations arising from the Act by focusing on the practical aspects of such implementation.

Our data protection team is made up of consultants practising in the legal, information technology, and compliance fields. The team is in regular contact with the Data Protection Commission, and through this relationship with the local authority, we have established practical resolutions to arguable issues arising out of the legislation. We have also compiled templates and legal clauses that would be used on contracts and documents.

The focus of our approach is on guiding our clients in taking the required steps to get in line with the act whilst avoiding any unnecessary "re-engineering" of the organisation's procedures.

EMD is also in a position to act as Data Protection Representative as defined in the law, relieving the organisation of the notification processes and supervising ongoing compliance.

ICT Project Management

The key to success in today's complex ICT environment is the ability to manage projects efficiently and effectively. This takes strong skills and experience from people and teams that have succeeded in taking projects from their inception to completion.

Our project management services utilise proven experience and methodologies to deliver ICT solutions that meet the business technology needs of our clients. The skills of our project leaders and team members are broad and deep, with expertise in all aspects of ICT systems and technology solutions.

EMD can deliver project management skills to your organisation quickly and efficiently. We can provide your organisation with project leaders for virtually any ICT implementation or development project. Our experience in delivering complex solutions for our clients has taught us that success requires skills both in working with clients as business partners, and in providing the leadership to manage complex consulting engagements.

Regardless of the size and scope of your project management needs, we can deliver the skills and resources you need to guide your project to completion – on time, on budget, and accordingly to plan.

Information Security

Information is critical to every organization. Increasing dependence on ICT systems for storage, generation and transfer of business information makes the processes for managing those ICT systems vital for businesses to perform effectively and achieve their strategic objectives.

Protecting an organisation's information in the face of ever-increasing advances in technology is a continuing challenge for management. An adequate level of information security is a basic need for every organisation and today, also due to the locally enacted Data Protection Act 2001, the implementation of information security is a legal requirement for any organisation processing personal data.

Establishing and implementing the right level of information security is of paramount importance to every organisation. "How far should I go?" and "How much should I spend (on information security)?" are frequently asked questions. Finding the right balance, many a times requires specialist assistance.

Our consultants can carry out a high-level security review to assess how your organisation currently measures up to the ISO 27001 (previously ISO 17799 part 2) information security management system standard and recommend steps your organisation could take to improve security in areas of weakness.

ISO 27001 is an established international standard for information security management systems that represents a combination of best in class security practices.

This standard focuses on the protection of an organisation's information, and the mechanisms for handling it. The standard provides an objective means of measuring and comparing best practice in information security management, and promotes confidence in electronic inter-company trading.

Our methodology addresses all key areas of ISO 27001. However, as every organisation is different, we will tailor the scope of the review to your needs. At the end of each assignment, if there are areas of weakness compared to the standard, we shall develop a plan for addressing these risks. For each risk, we will design and implement the relevant and cost-effective security countermeasures.

ICT Risk Management

Most organisations are fully dependent on technology when carrying out their day-to-day operations. Along with the obvious benefits that technology has brought about, there are now new areas of risk that need to be understood and managed.

Managing risk in technology can be extremely complex. With rapid growth through technological advancements, keeping up is a challenge. Technology change is a driving force behind operational and organisational change.

By combining organisational change with technology dependency and the extent of risk becomes obvious. The leading organisations are those that manage this risk, while continuing to exploit the opportunities and benefits that technology brings to their business. Risk can only be managed effectively once it has been identified and well understood. This is not an easy task in itself as technology is becoming increasingly complex. Many organisations today have various technology environments with different systems communicating with each other.

Our consultants can help you gain a clear picture of the overall risk brought about by the technologies in place at your organisation. Our services can directly benefit your organisation by:

• Exposing the main areas of technology risk associated with your organisation's current technology infrastructure;
• Carrying out a detailed assessment of the controls and procedures being relied upon for the availability of systems, integrity of data, and general security.
• Adapting the scope of the review to your organisation's needs; thus we will only review the security components that provide you with assurance. The focus, the depth and the duration of the assignment will be determined by you.
• Presenting a set of prioritised recommendations for improvement so you can make the right information technology investment decisions.

All assignments will be a joint effort on both ends, using our experience and proven methodologies for the end result to be of real value to your organisation.

ICT Disaster Recovery

An efficient organisation plans ahead to meet demand efficiently so as to maintain customer loyalty. However, few organisations have planned how to deal with certain events that would disrupt the operations such as:

• a breakdown in the computer systems
• a breakdown in the telecommunications equipment
• loss of key in-house ICT personnel
• non-availability of major third-party system support

Effective disaster recovery planning significantly reduces the impact and loss of profits arising from any disruption to normal business operations. Such planning can be defined as the method of minimising the risk of suffering from either a natural, accidental or man-made malicious disaster and then recovering if one occurs.

It is of utmost importance for a client to find the right balance between doing too much (over-investment in back-ups, documentation, etc) and too little (taking preventive measures is usually cheaper than dealing with a disaster).

Our approach is focused, practical, and economical. Our focus is on what matters most - identifying and protecting the critical business processes and resources required to maintain an acceptable level of operation.

IT Technical Support and Software Development

Amongst other services, we assist clients in the selection and implementation of systems - software, hardware, networks, telecommunications, etc. These tend to be one-off assignments with a start and finish.

However, as there is a growing dependency on ICT systems amongst our clients, and due to ever-increasing HR related costs, many clients are increasingly becoming interested in outsourcing their ICT support or even part of their ICT staff complement. Thus, in reaction to this reality, we have extended our professional services to include ICT technical support and software development services. Once engaged, we do not attempt to replace our clients' hardware or software vendors. Rather, we take the role of the ICT manager/ systems administrator and thus take on full responsibility and become the single point of contact within the client's organisation for all ICT matters. If deemed necessary, we can also interact with the various suppliers or service providers on our client's behalf. However, when carrying out any of the abovementioned work, we shall ensure that our clients' management retains ICT ownership and direction.

If our client already has a number of ICT roles being fulfilled, we can assist and complement them. Our clients can also opt to outsource to EMD, part or all of their software development, or any other related work; our qualified and experienced software development team will be able to assist efficiently and effectively.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.