Standards and Guidelines

Nationwide standards in the IT field
Information Security Policy: 

 The CDO must ensure the confidentiality, integrity, and availability of government data and information systems by implementing appropriate technical, physical, and administrative controls. The policy should also outline the roles and responsibilities of different stakeholders, including government agencies and third-party service providers, in maintaining information security. 

 Data Privacy Policy: The CDO must ensure that the personal data of citizens and residents is collected, used, stored, and processed in accordance with Data Privacy Policy law and ethical standards. The policy should outline the measures that the government must take to protect sensitive information and ensure transparency and accountability in data handling. 

 Open Data Policy: The CDO must promote transparency and accountability in government by making non-sensitive government data available to the public for research and analytics in machine-readable formats. The policy should outline the criteria for data sharing, access, and reuse, as well as the procedures for addressing privacy and security concerns. 

 Accessibility Policy: The CDO must ensure that digital government services and content are accessible to all citizens and residents, including those with disabilities. The policy should outline the measures that the government institutions must take to make its websites, mobile applications, and social media platforms accessible and user-friendly for all users. 

 ICT Procurement Policy: The CDO must ensure that ICT products and services procured by the government are of high quality, meet government needs, and are procured through transparent and competitive processes under the centralised framework contracts provided by RISA. 

 Digital Inclusion Policy: The CDO must ensure that citizens and residents have access to digital technologies and skills, particularly in underserved communities and among marginalised groups.

Sector Blueprint definition guidelines
Currently, RISA developed guidelines for CDOs to develop their sector blueprint. Please refer to the guidelines provided by RISA on Blueprint definition. 

 Indeed, each CDO is supposed to provide his/her sector guidelines to RISA. The elaboration of these guidelines is subject to some principles that are gathered in the guidelines. The institution’s IT blueprint is a basic requirement for RISA’s approval and MINECOFIN’s funding for IT projects. The blueprint results into clear steps namely: the AS-IS situation, the To-Be situation, the Gap analysis and the roadmap. 

 Developing a target blueprint requires careful planning, collaboration, and adaptability. It serves as a guiding document to steer the organisation toward its intended goals while allowing for flexibility to adapt to changing circumstances or opportunities. 

 Developing a target blueprint involves creating a detailed plan or framework that outlines the specific goals, strategies, and actions required to achieve a desired outcome or vision. 

 Here are the steps for the development of the sector’s blueprint set-up by RISA Guidelines: 

 

 Figure 15: Blueprint definition steps 

 For detailed content of each step, please refer to the Blueprint Development Guidelines for GoR document. 

 Following these steps helps ensure a systematic and comprehensive approach to developing a sector blueprint in line with RISA guidelines, facilitating successful implementation and achievement of sector goals. 

 Below a focus on the fifth step, the definition of the Target Blueprint (extract from the GOR blueprint definition guidelines). 

 

 Figure 16: Blueprint definition step 5 (extract from the GOR blueprint definition guidelines)

Standards at the CDO in a sector level: Guidelines per topic to be considered.
RISA has developed guidelines on various topics on which CDOs at sectoral level should comply with. In the section dedicated to KPIs for performance management, a list of KPIs are provided to measure how much the sector ministries and affiliated agencies comply with these guidelines. 

 Please refer to the various institutions, RISA, NCSA and MINICT website for the detailed guidelines. 

 In addition to these guidelines, there are best practices on which the work can be based to build the Guidelines. Comprehensive view on the necessary Guidelines in digital transformation in public sector is presented below: