Program Manager Mr. A. Sundaram
OVERVIEW OF PROGRESS IN 2014
-
The following highlights serve as indicators of progress in the field of Infrastructure Services and Business Solution Services (including Internet Services) in 2014:
(i) ICT infrastructure resilience and service continuity were further enhanced. Preliminary tests were conducted showing promising results;
(ii) ICT infrastructure for the new WIPO Conference Hall was completed in time for its opening for the twenty-second session of the PBC and the fifty-fourth series of meetings of the WIPO Assemblies;
(iii) Through close collaboration, ICT capacity expectations from key business areas were better understood and documented. As a result, Service Delivery Agreements (SDAs) were established to explicitly capture the ICT needs for the specific business areas and also to enable more systematic tracking and monitoring;
(iv) In response to an ever-changing business environment, technology evolutions were explored with a view to developing a future end-user computing strategy to address the nascent need for greater business mobility, e.g. through the use of handheld devices (tablets and smartphones) as opposed to traditional computing devices (desktops and laptops);
(v) Mobile telecommunications were enhanced with more integrated services offered at lower costs. In keeping up with industry development, a Mobile Device Management (MDM) system was introduced to allow cost-effective communications among WIPO staff through various means regardless of where they are; and
(vi) Further migration of traditional server platforms to virtual servers, consolidation of database licenses, optimizing policies in managing unused user accounts.
-
Whilst much of the work in relation to information assurance was operational, the year 2014 saw several key achievements which greatly contributed to enhancing the protection and security of WIPO’s information and systems.
-
As part of the continuous improvement process promoted by the ISO 27001 Standard, the PCT underwent re-certification to the updated 2013 version of the standard (ISO 27001:2013), with no major or minor non-conformities. As part of this process, a series of third party service provider risk assessments was carried out to ensure improved supply-chain security for services.
-
The Information Security Section (ISS) also contributed to the selection and implementation of an Enterprise Risk Management solution (Acuity Stream) to enhance enterprise risk management capabilities within WIPO, and to enable the complete integration of the ISO-based risk management processes within the organizational risk management approaches. The ISO related risk management activities for the PCT were greatly enhanced by the implementation of this solution which provides better reporting and visualization of current levels of risk and mitigation status.
-
ISS also collaborated closely with the PCT development teams to formulate and implement a Secure Development LifeCycle approach for application development, ensuring that information security requirements and controls are addressed from the beginning of a development project, thus reducing dramatically the amount of re-work required to pass security testing of the applications.
-
A project to fully implement the ArcSight Security Event and Information Management (SEIM) system was completed, providing greater visibility on potential security events within WIPO’s network, and enabling more effective and efficient incident response.
-
The year 2014 also saw the launch of a solution aimed at raising user awareness around the topic of Phishing. The first such campaign resulted in a dramatic increase in the number of phishing attempts being reported by the user community.
-
The number of major incidents related to information security was very low during the year, with only one incident that affected a whole business unit.
PERFORMANCE DATA
Expected Result: IX.1 Effective, efficient, quality and customer-oriented support services both to internal clients and to external stakeholders
|
Performance Indicators
|
Baselines
|
Targets
|
Performance Data
|
TLS
|
ICT Systems are cost-effectively hosted and managed in line with business demands
|
Updated Baseline end 2013:
Enterprise Server Support Monthly cost: $280;
Virtual Server Monthly cost (2 core & 8GB): $229;
High-Performance. Storage Average Monthly cost: $420/TB Backup Average Monthly cost: $53.9
Original Baseline P&B 2014/15:
Unit costs for physical, virtual servers, for storage and backup
|
Unit costs of infrastructure hosting are at the level or below the baseline
|
The rates for 2014 did not change from the 2013 updated baseline.
New rates negotiated in 2014 to take effect in 2015:
-
Unit cost of Servers: 448 CHF/month; Unit cost per TB of storage: 299 CHF/month
-
Unit cost of backup per TB of storage: 370 CHF/month (End-2014)
-
Number of service incidents with medium or high impact: 1.75 per month
|
On Track
|
No. of SLAs for hosted systems and services that are compliant with ICT SLA framework
|
Standard ICT SLA Framework in place
|
% of SLAs that comply with the ICT Framework
|
6 new SDAs signed (Enterprise Communication System, IRIS, IRPI, PCT, PEARL, SIGAGIP) in compliance with the ICT framework (100%)
|
On Track
|
ICT Service Continuity of critical systems
|
Updated Baseline end 2013: 2 closely linked Data Centers established; server infrastructure and network architecture Centers partially developed to support the 2 centers; 38 core ICT services were assessed and suitable measures implemented for mitigating risks and ensuring their enhanced availability.
Original Baseline P&B 2014/15:
Data backed-up offline, data restore may require several days
|
Critical systems can be recovered in a timely manner without data loss in the event of localized major disruptions
|
ICT infrastructure resilience and service continuity were further enhanced. Preliminary tests were conducted showing promising results
|
On Track
|
Performance Indicators
|
Baselines
|
Targets
|
Performance Data
|
TLS
|
% end-users and business sectors who are satisfied with ICT services
|
Updated Baseline end 2013:
2013 Helpdesk Survey: "Highly satisfied" rating by 64% of participants
Original Baseline P&B 2014/15:
Business managers' satisfaction at the beginning of the biennium
|
Maintain or improve against the baseline
|
2014 Helpdesk Survey: "Highly satisfied" rating by 67% of participants
|
On Track
|
Comprehensive and integrated communication technologies easily accessible to staff
|
Available on desktops (and laptops)
|
Available on other mobile devices
|
Access to Intranet and Corporate voice-mail via WIPO mobiles
|
On Track
|
Expected Result: IX.4 An environmentally and socially responsible Organization in which WIPO staff, delegates, visitors and information and physical assets are safe and secure
|
Performance Indicators
|
Baselines
|
Targets
|
Performance Data
|
TLS
|
Information security is reinforced to protect against increasing attacks on the Internet
|
No major breaches to WIPO information systems
|
No major breaches to WIPO information systems
|
No major breaches to WIPO information systems
|
On Track
|
Status of ISO 27001 Certification and Information Risk management processes
|
Updated Baseline end 2013:
156 outstanding mitigation activities
PCT certified to ISO27001:2005 (October 2013);
The Information Security Risk Registry was updated biannually and was reviewed in detail in the context of the ISO 27001 certification of the PCT operations.
Original Baseline P&B 2014/15:
No. of outstanding risk mitigation activities at commencement of biennium; PCT Section ISO 27001 certified
|
90% of baseline resolved within biennium; 60% of new risks mitigated within 3 months of identification; organizational units certified, as needed; PCT certification maintained
|
17 out of the 156 baseline risks remained open end Q4 (11%)
12 new risks identified during/carried forward to Q4, of which 8 were mitigated within 3 months of identification (66%).
PCT transition to ISO 27001:2013 from 27001:2005 was successfully completed. Certification was awarded in October 2014.
|
On Track
On Track
On Track
|
Effectiveness of Information Security controls (internal and external facing)
|
5 or less incidents per year
|
2 or less incidents per year
|
1 major incident for the year.
|
On Track
|
RESOURCE UTILIZATION
Budget and Actual Expenditure (by result)
(in thousands of Swiss francs)
Budget and Actual Expenditure (personnel and non-personnel)
(in thousands of Swiss francs)
NOTE: The 2014/15 Budget after Transfers reflects transfers as of March 31, 2015 to address needs during the 2014/15 biennium in line with Financial Regulation 5.5.
A. Budget after Transfers 2014/15
-
The overall increase of approximately one million Swiss francs in the 2014/15 Budget after Transfers as compared to the 2014/15 Approved Budget is primarily due to an increase in non-personnel resources which is the net result of, on the one hand, cost efficiency measures implemented in 2014/15, and, on the other hand, additional resources provided to the Program to cover UNICC costs, the implementation of a resilient infrastructure for External Offices and costs related to the hosting of the Pearl Terminology database. The increase in personnel resources is primarily due to reclassifications and completed regularizations. The increases are reflected under Expected Result XI.1.
B. Budget utilization 2014
-
Budget utilization is within the expected range of 40-60 per cent for the first year of the biennium and is on track.
Share with your friends: |
