NextDC (ASX: NXT) has received a quality management system certification from the International Organisation for Standardisation (ISO).
iso - News, Features, and Slideshows
In a move that seemed like a veritable blast from the past, the World Wide Web Consortium has announced that a group of web services technologies, including SOAP (Simple Object Access Protocol) 1.2, were accepted as international standards by ISO (International Organisation for Standardisation) and IEC (International Electrotechnical Commission).
W3C made the announcement along with a joint technical committee from the other two standards organisations, emphasising that the technologies would derive interoperability benefits gained from formal recognition of national standards bodies. But is anybody really listening to standards organisations all that much anymore?
SOAP, as you recall, was considered red-hot as a web services mechanism around eight years ago. Among the other W3C Web services technologies being endorsed by ISO/IEC is MTOM (Message Transformation Optimisation Mechanism), which also dates back to the middle of last decade.
The problem with SOAP and the so-called WS-* (remember those?) standards was so many of these started emerging that it became pretty much impossible to keep up with them all. But W3C still sees value in SOAP even if others have moved on to the more-palatable REST (Representational State Transfer) mechanism for web services. SOAP, like XML, is widely used, especially in B2B communications, says W3C representative Ian Jacbos.
Still, we're hearing more about REST these days than SOAP. That's why Ruby on Rails framework founder David Heinemeier Hansson and the Rails development crew dropped SOAP from the framework in December 2007 in favor of REST. "SOAP fell out of favor years ago. The only people left on that scene are the people paid to design or use it," Hansson says.
Jacobs also points out the use of SOAP in SOA, but these days, SOA has taken a distant backseat to mobile computing in the minds of IT connoisseurs. iPads, iPhones, and Android are trendy; SOA is not. That's the way it is.
SOAP is not the only example of people not necessarily listening to a standards body. With HTML5, a W3C official last year had advised caution in implementing it in websites, arguing it was not quite ready for prime time. But HTML5 already had caught fire. The endorsement of Apple's then-CEO Steve Jobs, who had championed the HTML upgrade for use with Apple's iOS devices, probably did more to make it a standard than all of W3C's efforts combined.
Although standards bodies like W3C focus on noble and difficult efforts, the marketplace is the ultimate decider of standards themselves. It certainly moves faster.
The Cloud Security Alliance (CSA) announced at the CSA Summit at Infosecurity Europe in London last week that it will partner with ISO to develop key standards for cloud security.
“It is important that IT projects in any organisation are governed at a strategic board level and not just by the IT department. In the public sector, implementing IT projects impacts a wide group of stakeholders beyond those of the organisation. There are lots of gains to be made for the public sector from corporate IT governance.”
This was the opening remark from Standards New Zealand chief executive Debbie Chin at the recent workshop ‘Corporate governance of information technology’ that was held in Wellington recently. And it set the scene for a wide-ranging debate, the main topics of which are are summarised below.
Cloud computing governance
Interest in cloud computing is growing rapidly in the International Standards Organisation (ISO) community. Cloud computing delivers economies of scale and can be used to develop, deploy, and maintain business critical systems quickly and flexibly.
An international study group is presently looking at Standards for cloud computing. When developed, these Standards will help to address cloud computing challenges including data location and recovery, security, ediscovery, availability, reliability and portability. It is through Standards New Zealand that this country contributes to the development of international Standards, such as the new cloud computing Standard, by participating in ISO committees and running mirror committees locally.
Standards New Zealand is scoping a New Zealand cloud computing Standard to ensure the country is recognised as a secure environment to host cloud computing services. Key issues in cloud computing are sovereignty, privacy and portability, and in understanding these requirements this country could be considered a favourable place to host services for an international audience.
Digital forensic risk ‘readiness’
The area of digital forensics concerns any digitally-stored evidence. There is some risk in digital forensics — legal, professional, ethical and IT technical risk. However, many organisations have not put in the necessary preparation to handle these risks.
At the workshop Dr Brian Cusack, leader of the AUT University Digital Forensic Research Laboratories, discussed a draft working document to provide guidelines to identify, collect and/or acquire and preserve digital evidence. These guidelines will help organisations to identify the specific treatment for digital forensics and to assure the board that digital forensic risks are being managed.
Governing the use of IT means managing reputation risk, financial risk, and operational risk when deploying IT business systems. The standard for corporate governance of IT (AS/NZS ISO/IEC 38500:2010) includes principles that provide a checklist for IT investment decisions and a framework to evaluate, direct and monitor the use of IT in organisations.
Owners, board members, directors, partners, senior executives, or people in similar positions can use this Standard to understand and fulfil their legal, regulatory, and ethical obligations for the use of IT within their workplaces.Organisations of all sizes can also use the Standard to save money associated with IT, by avoiding failures.
Mark Toomey, a leading expert in top level governance of IT, presented case studies where a lack of governance has caused problems, such as Queensland Health’s payroll and related issues. While he used Australian case studies, these issues are relevant to organisations here.
He also discussed common problems in IT projects – often it is not the technology itself he says, but the way organisations use it. Common problems in IT projects include trying to apply one solution to all areas, not understanding fundamental issues, not enough analysis up front, shortened testing times, lack of checking systems regulations and not preparing the workforce for new systems.
Governing IT-enabled change involves more than governing technology activities. Any organisational change needs to address people, processes, structure and technology, along with paying attention to every facet of business models and practices.
The International Organization for Standardization (ISO) has published the specification for a Microsoft-created file format that caused bitter debate during its path to become an international standard.