National ID Cards are adopting the security of PKI and to be recognized internationally, ISO 27001 Certification is the preferred option.
The e Government strategy for the Kingdom of Bahrain is spearheaded by the Central Informatics Organization [CIO]. In 2005, the decision was taken to digitize the Bahrain National ID card using smart cards.
Given the extensive PKI experience within the CIO and the need to protect the integrity of the electronic data that would be stored on the new smart card ID, it was decided that PKI was the best security option.
Following best practice according to the World Trade Organization [WTO] for Government projects, the CIO published their requirements and invited the world leaders in PKI to a workshop open forum in April 2006. Every CA & PKI vendor was in attendance and as the official offerings were submitted, every offering was ‘the same’. Only Digi-Sign had the foresight to stress the importance of support, management and international accreditation according to ISO 27001.
Every CA/PKI vendor will promise the best in service, the best experience, the best people and the best support. However, few can clearly demonstrate this prior to purchase. Moreover, few will guarantee third party accreditation of their offering.
In 2004, the Digi-CAST™ Methodology was pioneered by Digi-Sign to address this critical need. Rather than having the customer use complicated matrices for vendor selection and then attempting to ‘work through’ the delivery, Digi-CAST™ offers the customer a tried and tested project planning, documentation, delivery and management system according to internationally recognized ‘best practice’.
In 2006, BS 17799 became ISO 27001 and is now the defacto international standard for IT Security. The Digi-CAST™ Methodology ensures that this standard is delivered to the customer according to their specific needs and then guarantees certification to ISO 27001 on completion.
The results from this international tender process and the fact that Digi-Sign was awarded this project are now a matter of public record. And the reason for the successful bid, was partly due to the fact that implementing ISO 27001 was stipulated by Digi-Sign as part of the submission.
Most importantly, the project was delivered through close co-operation with the CIO personnel at every level of the organization. User Acceptance Testing [UAT] was completed in November 2007 and the Board of the CIO has implemented its ISO 27001 policy on schedule, awaiting audit in Q1 2008, as planned.
The overall project and the subject of the original specification was to provide a PKI system capable of protecting the millions of National ID cards that would be issued.
It was Digi-Sign’s insistence that best practice be followed and that this was supported by a genuine methodology for delivery combined with a system for subsequent ongoing management that ensured the project’s success.
In addition to following a specific methodology for delivery, the Digi-TaSC on line system for managing the environment was also provided to the CIO. This powerful system enables the tracking and tracing of all policies, procedures and personnel in accordance with the ISO 27001 manual for the environment.
This same system extends to manage all support and support escalation, case logging, ticketing and reporting and is a valuable tool to any organization seeking to implement a National Trust Centre for any e Government initiative.
The newest release of the Digi-CA™ Xg for national and large scale projects was used on the CIO project. As probably the most advanced and sophisticated CA system available anywhere in the market today, this system was modified to meet the precise requirements of the CIO and was delivered in less than nine weeks (after detailed specification was agreed). No other vendor can meet the efficiency that Digi-CA™ offers and this is one reason why Digi-CA™ remains the most competitively priced CA system in the market today.