Professional Documents
Culture Documents
The ICT Authority is a State Corporation under the State Corporations Act 446
www.ICTA.go.ke
The ICT Authority is a State Corporation under the State Corporations Act 46
www.icta.go.ke
In order to keep abreast of progress in industry, ICTA Standards shall be regularly reviewed.
Suggestions for improvements to published standards, addressed to the Chief Executive Officer, ICT
Authority, are welcome.
Copyright. Users are reminded that by virtue of Section 25 of the Copyright Act, Cap. 12 of 2001 of
the Laws of Kenya, copyright subsists in all ICTA Standards and except as provided under Section 26
of this Act, no Standard produced by ICTA may be reproduced, stored in a retrieval system in any form
or transmitted by any means without prior permission in writing from the Chief Executive Officer.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
DOCUMENT CONTROL
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Contents
FOREWORD..............................................................................................................1
1. Introduction...........................................................................................................2
2. Scope.....................................................................................................................2
3. Application............................................................................................................2
4. Normative references...........................................................................................3
5. Definitions.............................................................................................................4
6. Abbreviations........................................................................................................6
7. Services to be covered......................................................................................6
8. Sub- domains.......................................................................................................6
8.1 Architectural model for e-government applications...........................................................................................................6
8.2 Software acquisition, maintenance and disposal.................................................................................................................7
8.3 Messaging and Collaboration..............................................................................................................................................7
8.4 Websites...............................................................................................................................................................................7
9 Requirements.........................................................................................................7
9.1 Architectural model for e-government applications ...........................................................................................................7
9.2 Software acquisition, maintenance and disposal...............................................................................................................13
9.3 Messaging and Collaboration............................................................................................................................................14
9.4 Websites development management..................................................................................................................................14
ANNEXES................................................................................................................16
Annex A.1 Enterprise viewpoint: fundamentals of e-government..........................................................................................16
Annex A.2 Information viewpoint:..........................................................................................................................................23
Annex A.3 Computational viewpoint......................................................................................................................................23
Annex A.4 Engineering viewpoint: reference infrastructure...................................................................................................31
Annex B.2: Procedure for Selecting Whether to Develop or Acquire.....................................................................................35
Annex B.3 Maintenance...........................................................................................................................................................48
Annex B.4: Disposal................................................................................................................................................................52
Annex C.1: Email and Instant Messaging Policy....................................................................................................................56
Annex C.2: Video and Audio conferencing Policy.................................................................................................................64
Annex C.3: Social Media Use Policy......................................................................................................................................66
Annex C.4: Collaboration tools...............................................................................................................................................69
Annex D.1: Web Governance..................................................................................................................................................70
Annex D.2: Domain Management...........................................................................................................................................72
Annex D.3: Web Design, Inter- operability, Accessibility, Usability..........................................................................................74
AnnexD.4: Web Branding.......................................................................................................................................................76
Annex D.5: Web Content.........................................................................................................................................................80
Annex D.6: Hosting.................................................................................................................................................................82
Annex D.7: Monitoring and Evaluation...................................................................................................................................83
APPENDICES.........................................................................................................84
Appendix 1: Compliance Checklist.........................................................................................................................................84
Appendix 2: SDLC Phases....................................................................................................................................................102
Appendix 3: SDLC Activities and Outputs...........................................................................................................................103
Appendix 4: Mandatory Functionalities for System Testing.................................................................................................107
Appendix 5: Recommended Software.......................................................................................................................................109
Appendix 6: Email etiquette............................................................................................................................................116
Appendix 7: Critical Systems in Government.......................................................................................................................118
Appendix 8: Audit for Outsourced Development......................................................................................................................120
FOREWORD
The ICT Authority has express mandate to, among others, set and enforce ICT standards and
guidelines across all aspects of information and communication technology including systems,
infrastructure, processes, human resources and technology for the public service. The overall
purpose of this specific mandate is to ensure coherence and unified approach to acquisition,
deployment, management and operation of ICTs across the public service, including state agencies,
in order to promote service integration, adaptability and cost savings through economies of scales
in ICT investments.
The ICTA Systems and Applications Standard, which falls under the overall Government
Enterprise Architecture (GEA), has therefore been prepared in accordance with KEBS
standards development guidelines.
The Authority has the oversight role and responsibility for management and enforcement of this
standard. The review and approval of the standard is done by the ICTA Board upon recommendation
of Standard Review Board. The Authority shall be carrying out quarterly audits in all the Ministries,
Counties, and Agencies (MCA) to determine their compliance to this Standard.
The Authority will issue a certificate of compliance to agency upon completion of the audit
assessment. For non-compliant agencies, a report detailing the extent of the deviation and the
prevailing circumstances shall be tabled before the Standards Review Board who will advise on
action to take. All government agencies are required to ensure full compliance to this standard
for effective and efficient service delivery to the citizen. The compliance period is six months from
the effective date.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
1. Introduction
Software is a set of programs, procedures, algorithms and documentation that instruct the
computer how to carry out specified functions. Software is the organization supporting
infrastructure. It covers all the non-physical or operational components, which are required
to ensure computer's performance, primarily computer programs, data files, settings and
documentation.
An application is a type of software that allows you to perform specific tasks. Applications for
desktop or laptop computers are sometimes called desktop applications, and those for mobile
devices are called mobile apps. When you open an application, it runs inside the operating
system until you close it.
Public sector's institutions generally conduct procurement process in order to get the needed
software and applications. Software and application standard shall aim to assure software
quality, ensure software internal usability, and help evaluate the software product. Their
application by the MCAs aims at achieving the following objectives:
2. Scope
This ICTA Standard establishes guidelines for the successful acquisition, deployment and
utilization of software systems and applications.
3. Application
This standard applies to:
● Central Government of Kenya
● County Governments
● Constitutional Commissions
● State Corporations
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
4. Normative references
The following standards contain provisions which, through reference in this text, constitute
provisions of
this standard. All standards are subject to revision and, since any reference to a standard is
deemed to
be a reference to the latest edition of that standard, parts to agreements based on this
standard are
encouraged to take steps to ensure the use of the most recent editions of the standards
indicated
below. Information on currently valid national and international standards can be obtained
from Kenya Bureau of Standards.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
5. Definitions
For the purposes of this Kenya Standard the following definitions apply:
● Digital asset s any form of content and/or media that have been formatted
into a binary source which include the right to use it. A Digital file without the right to use
it is not an asset.
● system software (systems software) is computer software designed to
operate and control the computer hardware and to provide a platform for running
application software. System software an be separated into two different categories,
operating systems and utility software.
● Applications software also called end-user programs include such
things as database programs, word processors, Web browsers and spreadsheets.
● Is :the software used for computer programming,
documenting, testing, and bug fixing involved in creating and maintaining applications and
frameworks involved in a software release life cycle and resulting in a software product.
● Is computer software with its source ode made available with a
license in which the copyright holder provides the rights to study, change, and distribute
the software o anyone and for any purpose.
● Computer programs, procedures, rules, and associated documentation and
data pertaining to the operation of a computer system.
● A programmable machine that receives input, sores and
manipulates data/information, and provides output in a useful format.
● The security goal that generates the requirement for protection from
intentional or accidental attempts to perform unauthorized data reads. Confidentiality
covers data in storage, during processing, and while in transit.
● Groups of information that represents the qualitative or quantitative attributes of a
variable or set of variables. Data are often viewed as the lowest level of abstraction from
which information and knowledge are derived.
● The property that data has not been altered in an unauthorized manner.
Data integrity covers data in storage, during processing, and while in transit.
● Messages, usually text, sent from one person to another via electronic medium. Email
may also be sent automatically to a large number of addresses (mailing list).
● A structured set of activities designed to accomplish a specific objective
● A Governments physical or virtual entities (human or otherwise) that are of
limited availability and can be used to undertake operations or business change.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
● Software Development Lifecycle - A structure imposed on the development of a
software product. The SDLC is a systematic approach to the creation of software or
application. This cycle typically includes a requirements, analysis, design, coding, test,
implementation and post- implementation phases.
● The collection of computer programs and related data that provide the instructions
telling a computer what to do.
● Maintains the systems environment of the website by identifying
system requirements selects, installs and configures server hardware, software and
operating systems, installs upgrades , defines system and operational policies and
procedures, assesses access information and security requirements and monitors system
performance.
● Responsible for the design, layout and coding of a website.
Involved with the technical and graphic design aspects of a website –how the site works
and how it looks. They may also be involved with the maintenance and update of an existing
site. A person who deals only with the graphical and appearance elements would be a web
designer, while the one w focuses on coding is a web developer. These roles are often
combined.
● A web content manager updates websites, blogs and other sites
that require regular update. The person is responsible for editing, posting and removing
content fro the site. The person may or may not be responsible for producing the actual
content.
● Small companies sometimes employ a webmaster who is responsible for all
the job roles described above. A webmaster is also sometimes the role given to a senior
person to establish the overall corporate Web design and policies, arrange all the necessary
technical resources, and supervise the design of the corporate website.
● (XHTML) is part of the family of XML markup
languages. It mirrors or extends versions of the widely used Hypertext Markup Language
(HTML), the language in which Web pages are formulated.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
6. Abbreviations
7. Services to be covered
The document defines three target groups for the Government services
a. Government to Citizens (G2C): services which the government offers its citizens
directly
b. Government to Business (G2B): services which the government offers to
companies
c. Government to Government (G2G): government services for public agencies.
8. Sub- domains
8.1 Architectural model for e-government applications
● The enterprise viewpoint
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
● The information viewpoint
● The computational viewpoint
● The engineering viewpoint
● The technology viewpoint
8.2 Software acquisition, maintenance and disposal
8.4 Websites
- Web Governance
- Domain management
- Web design
- Web branding
- Web Hosting
- Web Content
- Monitoring & Evaluation
9 Requirements
9.1 Architectural model for e-government applications
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
c. The aim is to provide uniform standards that can be used when it comes to
implementing e- government projects. ICTA has adopted the Reference Model of Open
Distributed Processing (RM-ODP) as the approach for describing complex, distributed
e-government applications. The analysis of the application is broken down into different
viewpoints in order to reduce the complexity of the overall architecture.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke 8
This makes the demanding system easier to under- stand and hence better to handle.
Object orientation promotes clear-cut structures, re-usability and updating capability of
the models, components and systems created.
Enterprise
Viewpoint
Information Computational
Process models
Viewpoint Viewpoint
and roles
E-government
Data and Modules and
Hardware
and Standards and
infrastructure techniques
Engineering Technology
Viewpoint Viewpoint
8 The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
a. The enterprise viewpoint specifies purposes, scope, processes and policies for an
application.
b. The information viewpoint describes the characteristics and semantics of the data to
be processed, i.e. the data model.
c. The computational viewpoint represents the decomposition of an application into
functional modules and their interaction interfaces.
d. The engineering viewpoint represents the distribution of the individual elements of the
system to physical resources and their connections.
e. The technology viewpoint describes the technologies used to implement the system.
The five viewpoints can be used both to describe existing systems and to model new systems
and applications. This viewpoints on the can be used as a basis for developing concrete
models for individual e-government applications.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
(citizen, business, other public agency, etc.) to the Annex A.1
rendering of the ser- vice, should be considered. On a
first development stage, these process models should
be left at a relatively abstract level.
New proposals of process definitions should always be
checked with a view to
a. re-usability
b. simplicity and
c. the possibility to be described by existing process
definitions.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Computational a. With this viewpoint a system is broken down into logic, Annex A.3
viewpoint
functional components which are suitable for
distribution. The result is objects with interfaces at
which they offer and/or use services. An e-
government application is generally divided into four
tiers (refer to Figure 3):
b. The client tier represents different access channels
reflecting different users, de- vices, transmission
routes, as well as different applications in order to
interact with the special applications. The terminal
devices referred to are:
● Web access via web browsers or special browser
plug-ins
● Mobile phones and personal digital assistants
(PDAs)
● External systems (such as ERP systems of
industrial companies)
c. The presentation describes the processing of
information for the client and the user's interaction
with the special application. The presentation
component includes all the standards for
communication with the relevant terminal devices of
the client tier.
d. The middle tier includes, in particular, new
developments for e-government and in most cases
constitutes the core of e-government-specific
applications. The specific business logics of the
special applications are linked together in the middle
tier. The presentation of the technical components
focuses on the description and discussion of
standards for the middle tier and its interfaces
because this is where the highest integration demand
is expected within the scope of e- government
solutions. The middle tier processes the data from
the persistence tier.
e. The persistence tier ensures the storage of data. This
is typically accomplished using databases.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
9.2 Software acquisition, maintenance and disposal
This covers developing (or purchasing and installing) and maintaining computer
applications in the whole of Government. The degree to which the responsibility for
development, implementation and maintenance of systems is centralized in a single
administrative ICT department versus decentralized and handled by the functional offices
varies from organization to organization. While these standards will sometimes refer
to the “ICT department”, these standards apply to any department or any vendor engaged
by the MCDAs that undertakes development, installation or maintenance of ICT
applications. The determination for when these standards apply depends on the nature
of the application, not on who is responsible for the development.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
9.3 Messaging and Collaboration
MCAs shall acquire and ensure appropriate use and Annex C.1
management of E-mail and Instant messaging
applications
manage websites
MCAs shall ensure Internet domains are administered Annex D.2
to ensure consistency with the dignity and high quality
of the Government of Kenya
MCAs shall ensure websites are designed with Annex D.3
consistent layout, usability, inter-operability
MCAs shall ensure that websites and portals display in Annex D.5
a manner that is consistent with the dignity and
authority of the Government of Kenya and which is
attractive and Government-branded so that it is easily
recognizable and usable by citizens
MCAs shall develop content in a way that will keep Annex D.7
MCAs shall monitor and evaluate websites to ensure their Annex D.8
availability
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
ANNEXES
Annex A.1 Enterprise viewpoint: fundamentals of e-government
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Existing administrative processes are partly the result
of historical developments and have become extremely
complex during the course of years as a result of many
small changes. The following measures are hence
recommended before special and technical
applications are implemented.
a. Simplification of processes and procedures
b. Deregulation
c. Shortening of process chains
d. Reducing interfaces
e. Avoiding iteration
f. Reducing cycle and dead times 24
This initiative is determined to achieve the fastest
possible simplification of processes and statutory
provisions concerning frequently used services involving
multiple administrative levels.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Legal guidelines must be considered in addition to the
organizational frame of reference.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
E-government services can be generally broken
down according to interaction levels,
i.e. information, communication and transaction.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
As already mentioned, public administration services
not only cover the field of pure services, but also rights
and obligations. A functional classification of
administrations is necessary as a precondition for
standardizing the different types of administrative
activity – and hence the possible transactions.
Generally valid types of transactional services can be
identified on this basis.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
The examination of the case is followed by a decision.
This decision, again, may have to be sent to other
departments or officers for information.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
The following types of basic modules can be defined in
conjunction with the above- described procedure.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex A.2 Information viewpoint:
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Besides avoiding insular solutions and parallel
development work, the reorganization of process
chains is also recommended so as to simplify
complex administrative procedures.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
This standardized approach leads to uniform
interfaces when it comes to drafting and implementing
software projects.
The basic modules must be integrated into software
architecture as a precondition for their use in
conjunction with the implementation of special
applications.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Systems and applications ICTA 2016 First Edition 2016
h. Error tolerance
The system must be capable of handling unforeseen
and invalid system states. Errors or unforeseeable
events may not lead to a crash or uncontrolled
system behavior which the user is unable to
understand. Faultless, transparent operation of an
application is a vital prerequisite for the user's
trust in complex transactions.
i. Updating capability
Operation and updating of e-government systems
should be as simple and easy as possible. External
experts who were not involved in the development
of the system must be capable of ensuring
efficient system maintenance and updating even
without longer familiarization time.
The software architecture outlined here involves
several fundamental design decisions. These are the
mandatory use of object-orientated software
development paradigms and a component-based
software development approach on this basis.
Component-based software development enables the
compiling of software from existing components and
their reuse. This system is expected to yield several
positive effects, such as:
a. faster development and provision of the application
b. lower costs
c. higher quality
d. less complex structure
e. flexible application systems and modern system
architectures
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
In order to develop robust, reusable components,
clear-cut functional definitions of the components
are necessary in order to generate maximum
benefits by reducing parallel development efforts.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
The data processed by the presentation tier as well as
the user interface are visualized.
b. The presentation tier is responsible for presenting
the application data (for ex- ample, as a website).
c. The middle tier, also called the application tier,
accommodates the most important components for
implementing the application logic irrespective of
their presentation. This is where the program
sequence is controlled. The data from the
persistence tier is processed accordingly and
passed on to the presentation tier where user
entries are validated or authorization is granted, for
example. An optional part of this tier integrates
central components, legacy or ERP systems, when
necessary. External services can be given access
via application interfaces to the application without
having to use the presentation tier.
The persistence tier is responsible for the storage of
data objects. It abstracts from the database. The
back-end as a collective term represents
functionalities of the operating system, specific
databases as well as existing, non-SAGA-con-
forming special applications, legacy or ERP systems.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Figure A: four-tier architecture for e-government applications
30 The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex A.4 Engineering viewpoint: reference infrastructure
The selection of the appropriate infrastructure is a
central success factor when it comes to planning,
designing and operating e-government applications. A
stable and secure IT infrastructure is the basic
precondition for the reliable operation of e-government
applications with high reliability. Today's data
protection, data security, efficiency and availability
requirements for e-government set high standards
for operators of applications and infrastructures.
The reference infrastructure for e-government
applications is modelled on the basis of the engineering
viewpoint according to RM-ODP and describes the
encapsulation of system units and their connections.
Not every public agency requires its own, complete e-
government infrastructure. Smaller institutions may
well use the Government Data Centre or sister
agencies.
Design of an The introduction of a reference infrastructure in SAGA
e-government serves the aim of defining the infrastructural
infrastructure preconditions necessary for the operation of e-
government applications and the required system
architecture. The following goals are to be achieved
by defining parameters or a reference infrastructure
in the sense of an operating environment.
a. Physical protection of systems
b. Maximum availability of systems
c. Increasing the security of systems and system
components through classification on the basis of
their protection demand
d. Classification of systems and system components
according to separate security zones
e. Scalability of systems and infrastructures
f. Simple service, efficient maintenance and updating
of complex e-government applications and system
components by operating personnel
The figure below shows a general overall view of a
distributed e-government application with the user,
network and infrastructure areas.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Figure 5:
The ICT Authority is a State Corporation under the State Corporations Act 446
32 www.icta.go.ke
Physical The protection of systems against external influences,
infrastructure the elements and unauthorized access requires the
provision of suitable space. Computer centres
designed to host e- government applications should
hence at least feature the following proper- ties.
a. Fire resistant, structurally enclosed security space
protected against radio interference.
b. Access control, including personal authentication
c. Fire-extinguishing system with non-corrosive and
non- toxic extinguishing agents
d. Redundant power supply, including uninterruptible
power supply
e. Redundant air conditioning system
f. Data backup media in a fire-resistant vault outside
the computer centre
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
XML (Extensible Markup Language) is to serve as the
universal and primary standard for the exchange of
data between all the information systems relevant
for administrative purposes.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
identity/origin:
Measures are taken to ensure that an entity or
resource (such as an individual, process, system,
document, and information) actually is what he, she
or it claims to be.
– protection against failure of IT systems:
The properties of an entity and/or resource can be
accessed and/or used when this is attempted by an
authorized entity.
Information encryption (cryptography) is an important
tool for securing confidentiality, integrity and
authenticity.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
For enhancements and program fixes, document
user participation (in the form or a log or other
format, including e-mail) so it is clear that
changes were not made at the discretion of the
technical staff alone. If changes do not affect
the functionality of an application (e.g., a
calculation) and are done for security,
reliability, or performance reasons, user
participation is not necessary. Follow
procedures for the:
• Receipt of requests for enhancements or
identification of system problems
• Identification, discussion, and resolution of
issues associated with the proposed changes
• Priorities for proposed changes, and discussion
and resolution of differences regarding
priorities
• If appropriate, cost and time estimates for
proposed changes
• User review and acceptance of testing
• User review and acceptance of completion of
the changes and readiness for production
System Development tracks and phases: The standard
describes the phases of a systems development
project. The exact methods employed for systems
development will vary depending on the specific
project. Although every systems project is unique,
there are three key characteristics which will
influence the overall approach chosen for systems
development:
• The overall size and complexity of the application
• The technology to be used for developing the
application
• Whether the system will be a purchased package,
or custom developed
Three separate development approaches or "tracks"
have been identified for consideration:
• Prototyping: appropriate for custom development
of smaller systems or systems that use newer
technology such as Web-based development tools.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
• Traditional life cycle approach: more suited to custom
development of larger systems, such as mainframe
applications
• V e n do r pac kag e : c o v e r s t h e pu r c h ase an d
implementation of vendor packages.
Some phases of project development apply to a
combination of two or more approaches, whereas others
are unique to one approach. The Project Leader is
responsible for making recommendations regarding the
best approach for a project, and keeping appropriate
records. Prototyp Traditio Vend
Development
ing nal or
2.1 Project proposal X X X
Planning 2.2 Request for info X
Planning 2.3 System Definition X
Analysis X X Analysis
2 . 5
2.6 Request for proposal X Analysis
2.7 Feasibility *Optional *Optional Required Analysis (*see
below) 2.8 Vendor Contract Plan X Analysis
2.4 Prototyping X Prototyping
2.9 General Design X Design
2.10 Detail Design X Design
2.11 Programming/ testing X Development/
testing 2.12 System testing X X X Testing
2.13 Implementation X X X Implementation
2.14 Final Documentation X X X
Implementation
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
a. The software development process shall adopt a
project management approach as stipulated in
project management standard.
b. MCAs in collaboration with ICTA shall ensure that
an optimal system development methodology
such as software development lifecycle is adopted
in order to obtain a useful system.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
required level of service without disruption from
software failure. This is achieved through robust
and/or redundant (e.g., fault tolerant) software.
Operational readiness will include the ability of
users and operators to access the system, in a
timely fashion, to perform its intended functions.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Below are the minimum requirements that must be
considered in the acquisition of COTS:
a. This cost includes initial costs
such as purchase, installation and training, plus the
on-going cost of maintenance and support.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Systems and applications ICTA 2016 First Edition 2016
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Other criteria are
explicitly used for specifying the acceptable set of
COTS software products. For example, vendor
viability, licensing restrictions, potential product
market share, customer recommendations, and
product volatility (e.g., frequency of upgrades
and potential obsolescence) may be important.
Acquisition of such software shall follow a project
management approach as per the project
management standards and shall follow a
development methodology
In developing information systems, MCAs shall to
the greatest possible extent develop, create and
procure software based on the use of open
standards.
For specialized applications,the functional
requirements are
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Systems and applications ICTA 2016 First Edition 2016
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
vi. Speed of development.
vii. Performance of compiled code.
viii. Assistance in enforcement of code
ix. Portability; can the application developed be
used in an operating systems other than the one in
which it was created without requiring major rework.
x. Fitness of the software for the application being
developed.
MCAs shall ensure that all systems have the
following documentation
a.Project initiation documentation detailing the
business case
b.Feasibility study detailing the proposed
solution
c. Detailed user and technical requirements
d. High level and detailed system design
documents
e. System testing and commissioning
documentation
f. Evidence of user and technical training
g. User and technical manuals
h. Certificate of completion
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex B.2: Procedure for Selecting Whether to Develop or Acquire
This decision may be taken early in the project if some of the following questions can be
answered during Project Initiation. However, in some cases, the Ministry or Agency may have
to wait till the Functional Specifications are available before it can decide.
(Review the Analysis of Requirements and the Functional Design processes in the Project
Planning Phase).
In all cases, the response should be fed through the Evaluation Framework presented in a
separate segment which requires two types of criteria.
Here are the broad steps to go through along with the evaluation criteria to be used.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke 48
Step 1: Decide on the Mandatory Conditions
Acquire the software if any of these questions apply and are positive:
Develop the software if any of these questions apply and are positive:
- Are the requirements very specific to the organization so they cannot be found in the
market?
- Is available commercial package prohibitively priced?
- Will software vendor not supply source code or supply it at prohibitive prices?
- Is support critical AND not available?
Assuming that a clear choice was not arrived at in Step 1, it follows that the decision has to
be made based on evaluating different criteria that describe the situation for developing or
acquiring software.
The ICT Authority is a State Corporation under the State Corporations Act 446
49 www.icta.go.ke
Figure B-2: Criteria for Deciding Whether to Develop or
Notice that the first two criteria are pre-filled for developed software since it is assumed that
for the first criterion, the developed software is very close to all the requirements. Secondly,
the cost of the source for developed software is zero.
On completing the above evaluation as per the procedures of the Evaluation Framework, the
Ministry or the Agency will be able to decide whether to acquire or develop the software.
If the decision is to acquire software, then using the Requirements Definition Document as
well as the Functional Specifications both developed during the Planning Phase, the
Ministry or the Agency can evaluate the most suitable offer based on the various criteria
defined in these two documents.
The diagram on the following pages shows the steps taken in a typical software
applications project. It shows the decisions to be made when deciding on acquisition
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Figure B-2: Activities in the Phases of a Software Application
The ICT Authority is a State Corporation under the State Corporations Act 446
51 www.icta.go.ke
ANNEX B.3 Maintenance
The MCA shall gather the cost for each application with
the following attributes:
- the original capital value/ estimated
replacement cost of the application.
- Operational costs
- Depreciation costs
- Licensing costs
- Maintenance costs
- Development and enhancement costs
- Annual estimated cost of operation
The MCA shall assess future business value of the
applications and prepare a report in terms of :
- Functional percentage utilization
- % link to business objectives
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- Business priorities support
- Legislative and political support (does it support political or
legislative requirements).
- Enhanced service delivery.(expected to enhance the current delivery
of services to customers).
- Future measurable benefits. (Expected to provide additional
realizable benefits in the future).
- Future risk reduction. (Contribute to the reduction of business
risks).
- Future organizational innovation, (change and growth enables
individuals or business units to quickly respond to opportunities,
changes in the operating environment and the changing needs of
stakeholders).
Future fiscal benefit.( expected to increase revenue or reduce
operating costs in the future).
The MCA shall prepare a report on the condition of the applications in
terms of:
- : (supports
organizational architecture principles, policies, positions and
standards.
- supports
GEA architecture principles, policies, positions and standards.
- level of integration with existing systems
- : type and level of authentication for access and if
there is an audit capability being used
- Some skills available. Documentation OK. If
applicable, some compliance with corporate coding
standards. Partially automated scheduled deployment
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- level at which it can easily
accommodate heavier loads i.e. new users and/or
new sites.(e.g Requires total or highly significant
investment or Heavier loads i.e. new users and/or
new sites can be accommodated to a certain
degree or Can easily accommodate heavier loads
i.e. new users and/or new sites or Requires little
or no significant investment or threshold
limitations lead to performance degradation).
- :
Occasional performance issues.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
54
a. Other than vendor supplied patches,
commercial-off-the-shelf (COTS) software
shall not be modified except in exceptional
circumstances when needed for a critical
business requirement. This requirement
shall be documented and approved by the
Information Owner and Information
Custodian
1. If changes to COTS software are required,
the Information Owners and Information
Custodians shall determine:
● The effect the change will have on
the security controls in the software;
● If consent of the vendor is required;
● If the required functionality is included
in a new version of the software; and
● If Central Government and MDAs will
become responsible for maintenance
of the software as a result of the
change.
2. If changes are made to COTS software the
original software shall be kept unaltered
and the changes shall be:
● Logged and documented, including a
detailed technical description;
● Applied to a copy of the original
software; and
● Tested and reviewed to ensure that
the modified software continues to
operate as intended.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
• MCAs should ensure that there is Service level
agreements signed with the vendors.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex B.4: Disposal
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
large attachments is always
inappropriate, no matter whether it is
being sent or received for business or
personal reasons.
● Personal email use must not affect the email
service available to other users. For
instance, sending exceptionally large files by
email could slow access for other employees.
● Users may access their own personal
email accounts at work via government
Internet connection. For instance, a staff
member may check their Yahoo or Google
Mail during their lunch break.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Acquisition
m.
- E-mail software shall meet specifications on
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- Administrators of Email systems in MCAs shall
ensure high conformity to license requirements as
stipulated by the License Agreement statements,
copyright and intellectual property requirements
by software developers.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Systems and applications ICTA 2016 First Edition 2016
● Contain both upper and lower case characters (e.g., a-z, A-Z)
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- The definition of inappropriate content or material also
covers any text, images or other media that could
reasonably offend someone on the basis of race, age, sex,
religious or political beliefs, national origin, disability,
sexual orientation, or any other characteristic protected
by law.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
● broadcasting unsolicited personal views on social,
political, religious or other non-business related
matters
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- The standard government email template shall include an
email disclaimer. Users must not remove or change this
disclaimer when sending email messages.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex C.2: Video and Audio conferencing Policy
a. MCAs shall ensure that all VOIP communications and systems are
secured by ensuring:
● 323 protocol is secured by using TLS and S/MIME encryption for SIP.
● Adequate physical security is in place to restrict access to key VoIP
servers and components.
● Firewalls designed for VOIP protocols are employed to secure the VOIP
systems.
● V O I P T e r m i n a l s a r e se c u r e d t h r o u g h pa ssw o r d
authentication and user authorization. User accounts shall be
administered and anaged by the ICT units.
● WiFi Protected Access (WPA) where mobile units are to be integrated
with the VOIP system.
● Disabling of HTTP and Telnet services
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
● Where softphones are used, PCs shall be adequately secured to
protect from worms, viruses, and other malicious software.
b. Creating awareness to users on how to secure use VOIP systems
c. MCA' shall ensure where possible that end-to-end encryption of the
VoIP conversations is employed.
d. Where possible, MCA shall endeavor to separate voice and data traffic
logically on the network due to bandwidth, security and Quality of service
requirement of VOIP.
a. VoIP Services must ensure Quality of Service to maintain the sound quality
of conventional phones.
b. Where possible, MCAs shall endeavor to separate voice and data traffic
logically on the network due to bandwidth, security and Quality of service
requirement of VOIP.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex C.3: Social Media Use Policy
he ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
The MCA IT Administrators shall:
1. Limit Internet access Social Media web sites according to the
MCA's acceptable use policy, while allowing authorized Users
to reach content necessary to fulfill the business requirements.
Limitations may include:
● Opening Internet access only to the government sub-
domains on the Social Media web sites.
● Allowing Internet access to Users who are specifically
authorized.
● Preventing unnecessary functionality within Social Media
web sites, such as instant messaging (IM) or file exchange.
● Minimizing and/or eliminating the addition of web links to
other web sites, such as “friends”, to minimize the risk of
exposing a government user to a link that leads to
inappropriate or unauthorized material.
2. Enable technical risk mitigation controls to the extent
possible.
These controls may include:
● Filtering and monitoring of all Social Media web site
content posted and/or viewed.
● Scanning any and all files exchanged with the Social
Media web sites.
● Users shall connect to, and exchange information with,
only those Social Media web sites that have been
authorized by MCA management in accordance with
the requirements within this and other mca and
Government policies.
● Users shall minimize their use of “other than
government” sections of the Social Media web sites.
● Users shall not post or release proprietary, confidential,
sensitive, personally identifiable information (PII), or
other government Intellectual Property on Social Media
web sites.
· Users who connect to Social Media web sites through
Government information assets, who speak officially on
behalf of the MCA or the Government, or who may be
perceived as speaking on behalf of an MCA or the
Government, are subject to all MCA and Government
requirements addressing prohibited or inappropriate
behavior in the workplace, including acceptable use
policies, user agreements, sexual harassment policies,
etc.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
● Users shall not speak in Social Media web sites or other
on-line forums on behalf of an MCA, unless specifically
authorized by the MCA management or the MCA’s Public
Information Office. Users may not speak on behalf of the
Government unless specifically authorized by the top
management.
● Users who are authorized to speak on behalf of the MCA
or the Government shall identify themselves by: 1) Full
Name; 2) Title; 3) MCA; and 4) Contact Information, when
posting or exchanging information on Social Media
forums, and shall address issues only within the scope
of their specific authorization.
● Users who are not authorized to speak on behalf of the
MCA or the Government shall clarify that the information
is being presented on their own behalf and that it does
not represent the position of the MCA or the Government.
● Users shall not utilize tools or techniques to spoof,
masquerade, or assume any identity or credentials except
for legitimate law enforcement purposes, or for other
legitimate Government purposes as defined in MCA
policy.
● Users shall avoid mixing their professional information
with their personal information.
● Users shall not use their work password on Social
Media web sites.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex C.4: Collaboration tools
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex D.1: Web Governance
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Meetings This committee shall meet whenever a major decision
about the digital asset is required, but not less than
once per quarter (for performance review.)
The ICT Authority is a State Corporation under the State Corporations Act 446
71 www.icta.go.ke
Annex D.2: Domain Management
i. be a personal name;
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex D 2: Domain Management
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex D.3: Web Design, Inter- operability, Accessibility, Usability
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
iii. Major projects and Schemes
iv. Public Services
v. Publications e.g. Annual reports, strategy
documents, portfolio budget statements
vi. Customer Service Charter
vii. Government Tenders
viii. Press Releases / Announcements
ix. Associated Organizations (Related Links) c.
Contact Addresses / Telephone Number / Email of the
Senior Officers and Important Functionaries of the
Ministry/Department
d. A feedback/comment page and FAQS
e. Search Engine
f. Site Map
g. The design of the website or Web application is regularly
evaluated and improved through usability testing, such as
observing users completing tasks, throughout its life cycle.
h. Websites should be validated and tested with both automatic
tools and human review.
i. Ensure that users using assistive technology can complete
and submit online forms.
j. To aid those using assistive technologies, provide a means
for users to skip repetitive navigation links.
k. Provide a text equivalent for every non-text element that
conveys information.
l. Applets, plug-ins and other software can create problems
for people using assistive technologies, and should be
thoroughly tested for accessibility.
m. Provide text-only pages with equivalent information and
functionality if compliance with accessibility provisions
cannot be accomplished in any other way.
n. To ensure accessibility, provide equivalent
alternatives for multimedia elements that are
synchronized.
o. Design Web pages that do not have flashing lights/banners
and should not cause screen to flicker.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
AnnexD.4: Web Branding
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
ii. Active and read links should be marked through a
standard colour-coding convention.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Since each photograph will download individually,
keep the number of photographs on a web page to a minimum.
- To retain the interest of the user, a web page should take between
3 and 18 seconds to load. Ensure that multimedia page elements
do not slow down the loading of a page beyond this point.
- Avoid automatic streaming of Voice, video and Podcast that can
unwittingly use up a user's credit when they are using a mobile
phone to browse your website.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
i. The copyright of all content displayed on a website should
be visually acknowledged.
ii. All content that is not the copyright of the Government
of Kenya should only be displayed after the necessary
permissions or licenses are obtained from the copyright
holder.
iii. The source of all content items should be acknowledged
through a properly formatted citation.
iv. The conditions for use of Government of Kenya
copyright materials displayed on your website should
be stated at a suitable location on your website.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex D.5: Web Content
● Every image, video file, audio file, plug-in, etc. shall have
an alt tag
● MCAs shall make sure the page does not contain repeatedly
flashing images
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
● MCAs shall check to make sure the page does not contain
a strobe effect
● When form controls are text input fields use the LABEL
element
● When text is not available MCA shall use the title attribute
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex D.6: Hosting
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Annex D.7: Monitoring and Evaluation
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
APPENDICES
APPENDIX 1: COMPLIANCE CHECKLISTS
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
5
The MCA has assessed future business value of
the applications and included this in the
systems/applications asset register :
- Functional percentage utilization
- % link to business objectives
- Business priorities support
- Legislative and political support (does it
support political or legislative
requirements).
- Enhanced service delivery.(expected to enhance
the current delivery of services to customers).
- Future measurable benefits. ( expected to
provide additional realizable benefits in the
future).
- Future risk reduction. (contribute to the
reduction of business risks).
- Future organisational innovation, (change and
growth enables individuals or business units to
quickly respond to opportunities, changes in the
operating environment and the changing needs
of stakeholders).
- Future fiscal benefit.( expected to increase
revenue or reduce operating costs in the future).
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
-
: supports GEA
architecture principles, policies, positions and
standards.
- : level of integration with existing
systems
- Authentication: type and level of
authentication for access and if there is an
audit capability being used
- : Some skills available.
Documentation OK. If applicable, some
compliance with corporate coding
standards. Partially automated
scheduled deployment
- : L o o s e ly c o u ple d with
supporting technologies. All or nearly all
application components can easily be
deployed in another technology
environment or Tightly coupled with
supporting technologies. Deploying in
another technology environment
extremely difficult.
- level at which it can easily
accommodate heavier loads i.e. new users
and/or new sites.(e.g. Requires total or highly
significant investment or Heavier loads i.e.
new users and/or new sites can be
accommodated to a certain degree or Can
easily accommodate heavier loads i.e. new
users and/or new sites or Requires little or no
significant investment or threshold
limitations lead to
performance degradation).
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- level of Reliability (e.g. Very
unreliable -often down or causes data
errors. Availability < 95%, Crashes
regularly, Reliable and small outages for
maintenance. 99.9% or better.)
-
: Occasional performance issues.
- : How it is Users avoid it whenever
they can. Difficult to use. High number of
calls for help from users. Requires
significant training. Easy to use. Few calls
for help from users. Requires minimal
training. Help easily accessible.
10 -
The MCA has documented evidence that the
software integrates seamlessly with existing
systems
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- The MCA has documented changes and
11
modifications to the systems
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
The MCA has for each system
a. Project initiation documentation detailing the
business case
b. Feasibility study detailing the proposed
solution
c. Detailed user and technical requirements
d. High level and detailed system design
documents
e. System testing and commissioning
documentation
f. Evidence of user and technical training
g. User and technical manuals
h. Certificate of completion
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- Email Account management.
- Security; Real-time spam and Junk mail
filtering, password management and
client/server system patching
- Adequate disk quota for all email users.
- Back up of user mailboxes.
- Push to email support for mobile devices.
- The protocols that shall be supported
by email solutions acquired by MDA‟ s
shall include but not limited to SMTP,
MIME, POP3, IMAP4, LDAP version 3, ,
SSL , TLS and Secure MIME.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke 90
- Defines what is considered authorized and
unauthorized use and provide clear
definitions, comprehensive examples and
permitted levels of such use;
- Defines the responsibilities of employees
- Defines E-mail retention periods and archiving
procedures
- Defines security procedures for maintaining
confidentiality, availability and integrity of E-mail
government records
- Define the range of disciplinary procedures and
penalties which may be applied as a
consequence of unauthorized use of Internet
and email including that the penalty in the case
of an employee being found to h a v e
intentionally accessed, downloaded, stored
or distributed pornography using government-
owned ICT facilities and devices is, subject to
industrial and procedural fairness, termination
of employment; and
- Defines who has access to monitoring reports
and the delegation chain of authority for dealing
with reports generated from this activity.
- Defines procedures for termination of an
employee's e-mail account upon his/her departure
- Defines maximum mail capacity
- Defines maximum E-mail sending capacity
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
25 All staff are facilitated with an E-mail account
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- Potential avenue for exposure or leakage of
sensitive or protected information such as
copyrighted material, intellectual property,
personally identifying information, etc; and
- Potential avenue for malware introduction
into the organization's IT environment.
- The potential use of “other than
government” sections of Social Media web sites.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- Workflow systems to manage the
collaborative flow of documents and tasks.
- Intranet portal integration.
- Support different client operating platforms.
- Support common standards for
interoperability with collaboration systems in other
MCAs.
- Support email push to mobile devices.
48 The MCA has the right domain name as per its type
of organization
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- express a political statement or bear any
semantic connection to a registered political
party;
- contain obscene or offensive language or
otherwise prejudice the reputation or credibility
of the gov.ke domain;
- Infringe the intellectual property rights of other
parties. It is the responsibility of the Registrant to
ensure compliance with this requirement.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
vi. ICT Networking Representative
vii. ICT Database Representative
viii. Information Representative
The committee has documented responsibilities as
per the standard
ix. There is evidence that the committee meets
not less than once per month
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
where applicable, MCA name, and colors of
national flag where applicable.
b. About the MCA, and links to that shall
contain among other(where
applicable):-
i. Organizational set-up
ii. Role and Functions (Mission, Vision,
Mandate)
iii. Major projects and Schemes
iv. Public Services
v. Publications e.g. Annual reports, strategy
documents, portfolio budget statements
i. Customer Service Charter
ii. Government Tenders
iii. Press Releases / Announcements
iv. Associated Organizations (Related Links)
a. Contact Addresses / Telephone Number /
Email of the Senior Officers and Important
Functionaries of the Ministry/Department
b. A feedback/comment page and FAQS
c. Search Engine
d. Site Map
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
66 Placement and precise measurement of the main
elements of the page such as the banner, coat of arms,
and primary menu are precise and conform to the
official graphic design template;
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
photographer;
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
91 The website has a color code assigned by ICT
Authority
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
111 All Java applets, scripts and plug-ins
(including Acrobat PDF files and
PowerPoint files, etc.) and the content
within them are accessible to assistive
technologies, or else an alternative means
of accessing equivalent content is provided
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Appendix 2: SDLC PHASES
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke 102
APPENDIX 3: SDLC ACTIVITIES AND OUTPUTS
NO. PHASE ACTIVITIES OUTPUT/DELIVERABLE
1. PROJECT 1. Collection of information to 1. Scope of the project prior to
DEFINITION determine if a project committing funding and resources,
warrants the investment of including the project timetable with
personnel resources and milestone dates and resource
funding. estimates, and a formalized
approval/authorization or disapproval
of the project based on the project
definition.
2. Identify the customer, user,
mandate, and basic operating
concept.
3. Identification of the program and
project manager as well as projected
costs for training and sustaining
efforts after the project is completed.
4. Preliminary risk analysis and high
level cost- benefit analysis to
determine if the project has a
favorable return on investment
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
3 HIGH LEVEL 1. Research and 1. The key output of this phase is a
ANALYSIS AND documentation summary document of
DESIGN 2. Review high level analysis system/data requirements that
and design document with explains what the system should
sponsors be built to, how data should be
processed, and what technical or
support requirements may exist.
In addition, security and internal
control related requirements are
also developed as appropriate to
the scope of the project.
2. Explicit written sponsor
approval of agreed upon
solution
3. Resources assigned to project
by sponsor
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
SYSTEM 1. Create test scripts 1. Functioning Prototype
BUILD/PROTOTYPE/BUILD 2. Coding 2. Updated system test plan
3. Unit test 3. Preliminary implementation
4. Verification, validation plan
and testing 4. Unit level test scripts with unit
5. Code review tests results documented
6. Update system test
plan
TESTING 1. Completed system test
1. System Testing 2. Test scripts with system testing
2. Integrated systems results documented
testing 3. Completed integrated
3. User Acceptance systems test
4. Pilot testing 4. Test scripts with integrated
5. Finalize system testing results
implementation plan documented
5. Explicit written Sponsor and
User Group approval of system
test results (approval template
available)
6. Test scripts with user
acceptance testing results
documented
7. Functioning application in
pilot environment
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
POST 1. Periodic reviews 1. Written sponsor approval
IMPLEMENTATION 2. Maintenance and 2. Closed request
enhancements
3. Security evaluations 4.
Setting KPI
5. Continous improvement
6. Quality assurance and
user satisfaction
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
APPENDIX 4: MANDATORY FUNCTIONALITIES FOR SYSTEMS TESTING
Input data Ensure the validity and integrity of data input to the new systems by:
validation
● Limiting fields to accept specific ranges of data (e.g., defining out of range
values or upper and lower data volume limits);
Internal Verify that the new systems include audit trails to:
processing
● Detect unauthorized or incorrect changes to information;
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Output data Verify that processes are documented to validate the data output from
validation systems by:
●Software testing The use of live data for testing new system or system
c hanges shall only be permitted where adequate controls for the integrity
and security of the data are in place.
● New systems shall be tested for capacity, peak loading and stress
testing. They shall demonstrate a level of performance and resilience
which me ets or exceeds the technical and business needs and
requirements of the Company.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke 108
Appendix 5: RECOMMENDED SOFTWARE
The latest stable versions of office productivity suites shall be installed in user computers
Security and software updates are made as soon as they are released.
Where a previous version is to be used adequate justifications are to be provided.
Users shall be adequately trained on the use of any office productivity suites purchased
All office productivity suites acquired is adequately supported and maintained by the vendor.
MDAs shall ensure that all computers and servers are installed the minimum utility software. These
include and are not limited to
- Disk Defragmenters
- Registry Cleaners
- Backup Utility Software
- Data Recovery
- Antivirus Utility Software
To adequately cater for their security requirements, MCAs shall implement security software deemed
appropriate from the following proffered set:
- Encryption systems
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
MDAs shall ensure that all database software has and is not limited to the following features:
2. Data visualization; the software should enable one to analyze data and information graphically of in
raw streams.
3. Performance; the database software should be able to efficiently utilize just about any reasonable
hardware platform on which it runs. It should also be able to manage multiple high - speed
processors, clustered servers, high bandwidth connectivity and fault tolerant storage technology.
4. Reporting; the database software should be able to modify existing reports and create new custom
reports on an ad-hoc basis to meet specific organizational management information needs both in
the present and in the future.
MCAs shall ensure that all corporate email software solutions acquired provide for: -
● Email archiving.
7. Security; Real-time spam and Junk mail filtering, password management and client/server
system patching
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
9. Back up of user mailboxes.
11. The protocols that shall be supported by email solutions acquired by MDAs shall include but not limited
to SMTP, MIME, POP3, IMAP4, LDAP version 3, , SSL , TLS and Secure MIME.
12. Scalability
13. Compatibility
14. Ensure that the server is protected with a firewall and Antivirus so ftware is installed and regularly
updated.
15. Email transmission is secured through the use of encryption technology such as SSL or TLS among
others.
1. Support Features such as email messaging, IP telephony, instant messaging, personal voice service,
conference call services, data conference services, document and file sharing, collaborative document
and file sharing, forums, data conferencing (sharing of a white board), short message service, chat,
internal bulletin, address book, video and single sign -on.
6. Project management systems to schedule, track and charts step in a project as it is being
completed.
10. Support common standards for interoperability with collaboration systems in other MDAs.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
5.7 Voice over Internet Protocol
To ensure compatibility and interoperability, MCA� s shall ensure that all VOIP equipment shall
employ adopt commonly used protocols standards which include;
● H.323 or the Session Initiation Protocol (SIP) signaling protocols that sets up, maintain
and terminate a VoIP call.
● Media Gateway Control Protocol (MGCP) that provides a s ignaling and control protocol
between VoIP gateways and traditional PSTN (Public Switched Telephone Network)
gateways.
MDA shall ensure that all VOIP communications and systems are secured by ensuring:
● H.323 protocol is secured by using TLS and S/MIME e ncryption for SIP.
● Adequate physical security is in place to restrict access to key VoIP servers and
components.
● Firewalls designed for VOIP protocols are employed to secure the VOIP systems.
● VOIP Terminals are secured through password authentication an d user authorization.
User accounts shall be administered and managed by the ICT units.
● WiFi Protected Access (WPA) where mobile units are to be integrated with the VOIP
system.
● Disabling of HTTP and Telnet services
● Where soft phones are used, PCs should be adequately secured to protect from
worms, viruses, and other malicious software.
● Creating awareness to users on how to secure use VOIP systems.
MCA� s shall ensure where possible that end-to-end encryption of the VoIP conversations is
employed.
VoIP Services must ensure Quality of Service to maintain the sound quality of conventional
phones.
ICT units shall document and maintain an inventory of authorized VoIP instruments and shall
ensure that the VoIP systems only register and use authorized term inals. To avoid use of VOIP
facilities by unknown terminals or PCs, MCA� s are advised to employ use of device
authentication through the use of MAC address.
Where possible, MCA� s shall endeavor to separate voice and data traffic logically on the
network due to bandwidth, security and Quality of service requirement of VOIP. 47
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke 112
VoIP software should provide for:-
● Traditional calling features including call by name, caller ID, last number redial, hold, call
waiting, call forwarding , transfer, divert, park, retrieve, v oice mail, return call and call
conferencing
● Call Coverage Make it easy to ensure that important calls are answered by
administrative assistants or team members, via user -controlled Delegation and Team
Calling respectively.
● Telephone Directory.
● Maintain Call history.
●Local Number portability, that is, ability to maintain phone numbers when one changes
service provides.
Protocols that are supported include:-
● Real- Time Transport Protocol.
● Session Initiation Protocol.
● ITU-T H.323
● Media Gateway control protocol
● IPSec, TLS and S/MIME for encryption.
Mobile Automatic filters-To sort inbound messages into appropriate response categories to
ensure that text messages that are received are acknowledged in some form.
● Address Book- store names, mobile numbers and notes. The database shall reside behind a
highly secure firewall. Message History with status reports –keep a log messages and their
status.
● Group Messaging - The software should setup of groups in the addre ss book and enable
sending of SMS to everyone in that group messages
● Report- The software should enable creation of reports and export to other
documentations software’s for report creation
● Purge Failed Numbers- Allow MDAs to purge numbers based on a chosen number of
consecutive SMS delivery failures.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
113
● Scheduling- Allows MDAs to send out the messages at a chosen date and time. Setup
recurring and automated messages to be sent out at certain days and times of the
week, month, or year
● Centralized management of the entire video conferencing network; incl uding statistics,
directories, and software updates for the system.
● End- to-end management for video conferencing endpoints and infrastructure; managing
endpoints, Multiple Control Units, video and recording solutions, gatekeepers and
gateways
● integration with email and collaboration systems to schedule meetings and conference
data.
MCA’s should ensure that network management software acquired should be able provide the
following but not limited to this features
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke 114
MCAs shall use Bandwidth management software to optimize the bandwidth that carries t raffic over
networks.
Bandwidth or the amount of data transferred over a communication channel in a specific amount of
time shall be controlled by bandwidth management tools, or traffic or packet shapers.
These tools shall enable network managers to control communications by allowing high-priority traffic to
utilize more bandwidth than something given a lower priority status as well as enable them identify
network traffic patterns, establish priorities, optimize application performance, and allocate resources.
As the number of Internet users shall continue to increase and demand for media -rich and peer- to-peer
applications rises, bandwidth management shall continue to play a role in network management.
MDAs shall use Network management software to manage their internal networks.
This software shall continuously monitor performance, events and faults. MDAs shall ensure that all
Networks monitoring software can produce regular and customized reports.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
Appendix 6: Email etiquette
1 Check the address Double-check the recipient’s e-mail address; you
don’t want to send your e -mail to the wrong person,
especially if you are sending important, private or
sensitive e-mails.
2 Fill in the subject box E-mails without a subject heading are often ignored as
unimportant or deleted as junk mail.
3 Use the BCC function When you are sending information to a large number
of people, use the BCC function. It sends the e -mail
out to each recipient individually. The only other e -
mail address that will appear in the recipient’s
mailbox is that of the sender.
4 Do you need to send an An enormous amount of time and energy is wasted by
6 Your response should be first: If you respond to an e-mail and want to include text
from the original e-mail, make sure that your response
is at the top of the e-mail being sent.
7 Consider file size Large files take longer to download, use up space on
e -mail servers and are sometimes undeliverable.
Consider whether images are needed, and if large
files can be compressed.
8 Plain text and HTML do not mix It is best to respond to an e-mail in the format in
which it was received as this ensures that the
recipient will be able to read it. If you respond to a
plain text message by using HTML then the message will
be, at best, difficult to read and often unreadable.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke 116
9 Do not use CAPITAL LETTERS If possible, avoid using capital letters, not only are
capital letters difficult to read but they are
associated with shouting and considered rude.
10 Some messages should be Tragic news or an emotional reaction such as anger is
delivered in person handled best in person and not through e -mail. The
problem is that with an e-mail the words are
separated from the physical emotion in your voice
and face — even your body language can speak
volumes.
11 Pause before you hit the send If an e -mail was written in anger, it is best to calm
button down and think before sending it. A problem is best
solved with a clear and calm frame of mind.
12 Personal stationary should not When sending or responding to business e -mail it is
be used for personal e-mail best not to use personal stationary and graphics.
13 Do not forward chain e-mail Chain e -mail is not only tacky, but it is banned from
many corporate networks. Inboxes are already
inundated with chain letters and junk mail, and you
can stop the procession by deleting it upon receipt.
Most Internet Service Providers (ISPs) have some
method of identifying and blocking junk e-mail.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
117
Appendix 7: Critical Systems in Government
No SYSTEM DESCRIPTION
1 IFMIS (Integrated Financial Management System) Integrated Financial
Management Information
System(IFMIS) is an automated
system that enhances efficiency
in planning budgeting,
procurement, expenditure
management and reporting in
the National and County
Governments in Kenya
2
32 E-CITIZEN PLATFORM This is a system for Kenyan
Citizens and Foreign Residents
to apply for Government to
Citizen (G2C) services and pay
via mobile money, debit Cards
and e-Citizen agents.
3
4 IPPD The integrated payroll and
personnel management
database (IPPD) is a system for
managing Government
employee records
4
5 IPRS The Integrated Population
Registration System (IPRS) is an
initiative aimed at
consolidating population
registration information into a
single database for ease of
verification by both
Government and private
bodies.
5
I.D SYSTEM The I.D system at the National
Registration Bureau is used for
secure production and issuance
of secure identification documents,
management of a comprehensive
database of all registered persons
and detection and prevention of
illegal registration.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke 118
6 GDC Applications The Government Data Centre
(GDC) is designed for processing
and storage of Government
applications and data.
7 Applications on CCP The County Connectivity project
aims at ensuring that county
government offices are connected
to the internet and promote online
services using telephones, emails
and teleconferencing.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
APPENDIX 8: AUDIT FOR OUTSOURCED DEVELOPMENT
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- Lead times for
- Technology assumptions are properly
purchasing, receiving,
validated through internal experience
installing and testing
or external site visits.
new hardware have
- Links to existing applications are been properly reflected
totals)
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
- Data is accurately mapped from the - Project plans are
old system to the new. properly updated to
reflect issues noted in
- Key data elements are screened using
data conversion that
software (or manually in some cases)
must be resolved.
to ensure anomalies are removed.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke