Chief Digital Officers Handbook

• Introduction
• Handbook presentation
• The Digital Context in Rwanda
• Digital Evolution in Rwanda
• Nationwide Strategies (VISION 2050 and NST)
• Smart Rwanda Master Plan
• ICT Strategy 2018-2024
• Legal Framework in the Digital Context
• The Role of the Ministry of ICT
• The central Role of the Rwanda Information Society Authority (RISA)
• Context of The CDO Position
• Presentation: the Concept of “shared services”
• Objectives of the Shared Services Mechanism
• Positions and Reporting Mechanisms under the shared services
• Technical Set-Up of The CDO Unit
• The CDO Unit
• The Resources of the CDO
• The Role of the Business Analyst
• The CDO Team Organisation
• The CDO Network
• Interactions with Internal and External Stakeholders
• Collaboration with other government agencies
• The collaboration between CDOs and DPs and Civil Society
• The Collaboration with own Sector’s Institutions
• The importance of Academia and research institutions
• CDOs Key Functions and Roles
• Strategic Leadership
• Digital Culture and Innovation
• Ensuring a Quality Data Governance
• Ensuring a Quality Cybersecurity
• Quality Management System
• Sector Digital Maturity Assessment and Action Plan
• IT Operations
• Risk Management
• Internal Audit
• Financial Responsibilities
• Procurement and Vendor Management
• Standards, Methodologies, Tools and Technologies
• Digitization Project Methodologies Baseline
• Tools and Technologies Baseline
• Change Management, Communication and Collaboration
• Change Management in Digital Transformation
• Internal Communication
• External Communication
• Collaboration Tools
• Standards and Guidelines
• Nationwide standards in the IT field
• Sector Blueprint definition guidelines
• Standards at the CDO in a sector level: Guidelines per topic to be considered.
• External Contacts and Relations
• Contact with Regional Associations
• Contact with Industry Partners and Technology Providers
• Contact with Standardization and Certification Bodies
• Contact with end-users
• Contact with the Innovation Ecosystem
• How to Grow Professionally
• Recruitment
• Onboarding Process
• Talents Retention
• Career Growth
• Annex

Introduction

The Chief Digital Officer Handbook is a work conducted by the Rwandan Information Society Authority (RISA) in a close collaboration with the Chief Digital Officers (CDO) Network. The Handbook drafting process involved the CDOs, RISA senior managers and division managers, RISA technical working group, the MINICT and all relevant stakeholders.

This Handbook is aimed at Chief Digital Officers and Business Analysts who play the role of CDOs in any Rwandan Ministry and sector.

The first objective of the Handbook is to create a baseline for the CDOs activities and management routines.

Although the Handbook is not aiming at defining with exhaustivity the CDOs practices, the creation of a common base for the CDOs work is the expected outcome of this manual. By distributing the manual among the CDOs, we aim at harmonizing CDOs practices between ministries, what will ease the work for CDOs as well as the overseeing role of RISA. That said, the manual may evolve as the CDO's activities and responsibilities change or as the CDO's working environment evolves.

The second objective of the Handbook is to gather all the best practices among CDOs in terms of project management, working standards, tools, and methodologies.

Every Chief Digital Officer (CDO) or Business analyst relies on a variety of tools, technologies, and methodologies. This Handbook serves as a shared resource to disseminate these tools and techniques, fostering innovation by introducing groundbreaking solutions tailored for CDOs. Consequently, the Handbook will be regularly updated to reflect the latest standards, tools, and methodologies as they emerge.

The third objective of the Handbook is to ease the onboarding of new CDOs and Business Analysts as they join the CDOs network.

The Handbook will help new arrivals to get to grips with their new job more easily.

The Handbook is a guide conceived as a practical tool which can be consulted when needed through an easy-to-use table of content. For example, CDOs and BAs who may be interested in the tools, standards and methodologies used within the CDOs/BAs network can directly refer to Section 5 and take advantage of the content. The manual can also be read from the beginning to the end in order to have a comprehensive view of the CDOs/BAs work and further delve into a specific topic.

The Handbook is subject to updates and constant evolution. It is therefore important to take into account the version of the Handbook that is being used when exploring it.

This Handbook version dated July 2024.

Any comment, remark or suggestion must be addressed to RISA, info@risa.gov.rw

Handbook presentation

The Handbook is composed of 8 chapters. The first two chapters are general about the digital context in Rwanda and the context of the CDOs /BAs position in public administrations. Chapters three and four deep dive into the responsibilities of the CDOs/BAs by presenting the CDO Network, their interactions within the digital ecosystem and their key functions and roles in their position. The following chapter is dedicated to the standards, tools and methodologies to complete the previous one on the CDOs roles while the chapter 6 is on the Change Management in Digital transformation. The last 2 chapters of the Handbook aims at opening the manual by sharing external contacts and dealing with the career path and training that the CDOs and BAs can benefit from during their professional experience.

Each chapter has an introduction part that gives an overview of the chapter’s content, objectives, and structure before going into details.

The Handbook initially outlines the existing landscape of CDO practices. It supplements these with additional best practices that can be implemented subsequently or are already underway within the CDO Network.

Additional chapters can be added in the further versions depending on the evolutions in the CDOs ecosystem, role, or realities.

As the CDO Handbook is written on a certain date, the content of each chapter is divided in two parts: a primary part of what is being done, and a secondary part on best practices to be implemented. The reader must take this differentiation into account.

The Digital Context in Rwanda

Digital Evolution in Rwanda

Rwanda is actively pursuing a digital agenda to boost its socio-economic development, and various initiatives underline the Country's commitment to embracing the digital age. One notable aspect is the focus on widening access to digital infrastructure. Rwanda has made significant investments in building a robust telecommunications network and increasing Internet Connectivity, laying the foundations for widespread digital access.

The Government's commitment to digital inclusion is evident in initiatives such as the National Broadband Policy and the Smart Rwanda Master Plan. These strategies aim to reduce the digital divide by ensuring that even remote and underserved areas have access to high-speed internet, enabling citizens to fully participate in the digital economy.

E-governance plays a central role in Rwanda's digital transformation. The government has set up digital platforms for various public services, streamlining processes, reducing bureaucracy and improving transparency. This not only improves the efficiency of government operations, but also makes it easier for citizens to access services.

In addition, Rwanda's education sector has embraced digital technologies to improve learning experiences. Initiatives such as the "One Laptop per Child" programme and the integration of e-learning platforms into schools are helping to develop a literate population, preparing the workforce for the demands of the digital age.

In the entrepreneurial landscape, Rwanda has fostered an environment conducive to innovation and technology start-ups. The Kigali Innovation City project, for example, aims to create a centre for technology and innovation, attracting local and international technology companies.

Rwanda's digital context encompasses a multi-faceted approach, including infrastructure development, e-governance, education, and innovation, all working together to position the Country at the forefront of Africa's digital revolution.

Nationwide Strategies (VISION 2050 and NST)

Vision 2050

Rwanda's Vision 2050 outlines the Country's long-term development goals and aspirations by the year 2050. Vision 2050 serves as a strategic framework to guide Rwanda's socio economic transformation over the coming decades. It is part of Rwanda's broader development planning initiatives, building upon earlier strategic frameworks like the Vision 2020.

Since the beginning of the 21st century, the Rwandan Government has consistently pursued a vision of transitioning into a knowledge-based economy, initially outlined in Vision 2020 with the objective of elevating Rwanda into a middle-income status. This Vision has been seamlessly carried forward into the forward-thinking Vision 2050. In the short term, Vision 2050 emphasises the promotion of macroeconomic stability and wealth creation to reduce reliance on foreign aid. By the medium term (2035), the focus shifts to transforming Rwanda from an agrarian economy to a knowledge-based one, aiming for upper-middle-income status. The long-term goal (2050) involves creating a robust middle class and fostering entrepreneurship, with success measured by attaining developed-Country status and a high development index.

Central to Rwanda's development and transformation agenda is Information and Communication Technology (ICT). Positioned as a pivotal cross-cutting enabler, the ICT sector plays a crucial role in achieving national goals outlined in the Vision 2050.

The Vision is pursuing 2 main goals around which all the stakeholders will be mobilised.

The first objective is the Economic Growth and Prosperity for Rwandans:
Generating wealth for all Rwandans is the essence of economic prosperity, necessitating sustained and robust long-term economic growth. This involves ensuring regional and global competitiveness, continual enhancement of productivity, and the creation of quality employment opportunities through strategic investments in both economic and human capital. Rwanda's aspirations are articulated in the goal of achieving upper-middle-income Country (UMIC) status by 2035 and progressing to high-income Country (HIC) status by 2050. To realise these ambitions, specific economic targets include attaining a GDP per capita surpassing USD 4,036 by 2035 and exceeding USD 12,476 by 2050.

The second main objective is to achieve High Quality and Standards of Life for Rwandans

Ensuring an elevated quality of life for Rwandans involves broadening societal participation in national development. This includes augmenting investments in human capital and guaranteeing universal access to essential services, safety, and security. The objective is not only to empower youth, women, men, and the elderly to actively contribute to sustainable development but also to ensure that no one is excluded from the benefits of progress. This commitment aligns not only with Rwanda's principles of good governance but also with the positive values driving societal transformation.

 The Rwanda Vision 2050 is built on 5 pillars:

Figure: Pillars of the Vision 2050

The detailed version of the Vision 2050 is available on the MINECOFIN website for consideration.

Rwanda's policy aspirations are translated into action through successive seven-year National Strategies for Transformation (NST1 and the ongoing NST2), supported by detailed sectoral strategies designed to attain the objectives of the Sustainable Development Goals (SDGs).

NST- 1 & NST-2

The "National Strategy for Transformation (NST 1)" in Rwanda is a 7 years Government Program that refers to the Country's overarching development plan. NST 1 is designed to guide Rwanda's economic, social, and political transformation over 2017-2024.

NST 1 is part of the Rwanda 2050 Vision which aspires to take Rwanda to high living standards by the middle of the 21st century and high-quality livelihoods.

NST-1 has 3 domains of priorities: Economic transformation, social transformation, and transformational Governance. Each domain has specific measurable goals and activities.

As NST-1 will end up this year 2024, the Government of Rwanda is currently working on NST-2 and the release of the Strategy before the end of the year 2024.

Smart Rwanda Master Plan

The Smart Rwanda Master Plan is a strategic initiative developed by the Rwandan government to harness information and communication technologies (ICTs) for the Country's overall development. The plan aimed to leverage digital innovations to drive economic growth, improve service delivery, and enhance the quality of life for Rwandan citizens. Here are some key components and objectives associated with the Smart Rwanda Master Plan:

Digital Infrastructure Development: The plan focused on expanding and enhancing the Country's digital infrastructure, including broadband networks and connectivity. A robust ICT infrastructure is fundamental for supporting various digital services and initiatives.

E-Government Services: One of the primary goals was the implementation of electronic government services to streamline administrative processes, reduce bureaucracy, and enhance transparency. This involves the digitization of government operations for improved efficiency and accessibility.

Digital Literacy and Inclusion: The plan recognized the importance of ensuring that all citizens have access to and can benefit from digital technologies. Initiatives related to digital literacy and inclusion were likely included to empower individuals and communities through technology.

Innovation and Entrepreneurship: Supporting a culture of innovation and entrepreneurship in the technology sector is a common feature of such plans. Incubators, startup support programs, and initiatives to attract tech investments may have been part of the Strategy.

Cybersecurity: Given the increasing reliance on digital technologies, ensuring the security of information and communication systems is crucial. The Smart Rwanda Master Plan was designed to put in place cybersecurity measures to protect against potential threats and vulnerabilities.

ICT Strategy 2018-2024

The Government of Rwanda has set up a 7YGP (7 years Government Program) known as National Strategy for Transformation (NST-1) which covers the period from 2017 to 2024. Since 2000, in order to support the Vision 2020 and the 7YGP of Rwanda, the ICT sector has been developing and implementing its own strategies and plans. Then in 2017, the ICT sector drew its Strategy which was based on the timeframe and initiatives of NST-1 that will go from 2018 to 2024.

The plan aims to achieve set of targets which will culminate Rwanda to fast track its path of continued socio-economic transformation.

With the general objective of fast-tracking Rwanda’s transformation to a knowledge-based society as stated in the SRMP Strategy, the ICT Strategy targets three specific objectives:

1. Broadband for all by 2024
2. Government Digital Transformation by 2024
3. Digital Literacy for all

In this sense, the Strategy identified eight challenges that must be addressed in order to achieve the vision of becoming a leading continental ICT Hub.

Figure : ICT sector challenges identified in the 2018-2024 Strategy.

The Strategy highlighted 3 strategic objectives described below:

The ICT Strategy highlighted strategic programs and projects are categorized into 4 categories:

• Flagship projects
• Quick wins
• Priority 1 programs
• Priority 2 programs

Figure: Categories of projects of the ICT Strategy 2018-2024

A more detailed action plan of the Strategy is contained in the ICT Strategy that can be found on the MINICT website.

Under the overall management of MINICT, the plan implementation responsibilities are shared among several institutions. RISA will be mainly responsible for monitoring evaluation, and Information Security. More detailed roles of RISA are: progress review of the plan, Strategy alignment and resource mobilization.

Legal Framework in the Digital Context

Rwanda has several laws and regulations governing information and communication technology (ICT) within the Country.

According to the ICT Regulatory Tracker (International Telecommunication Union, Geneva 2021), Rwanda is a fourth generation (G4) regulator but already has a G5 mindset. As a Country that has put ICTs at the centre of its development since 2000, Rwanda has duly earned its recent entry into the small but growing club of African countries to be rated at the G4 level. G4 is characterised by integrated regulation, led by economic and social policy goals.

The main laws (not limited) governing ICT in Rwanda are:

Law No. 18/2010 of 12/05/2010 Relating to Electronic Messages, Electronic Signatures and Electronic Transactions. This Law governs electronic transactions, electronic messages and prevention of misuse of computers in electronic transactions, electronic signature and all other applications relating to information technology.

Law N° 22/2016 of 17/06/2016 Relating to Electronic Messages, Electronic Signatures, and Electronic Transactions: This law addresses matters related to electronic communications, signatures, and transactions in the digital environment.

Law No. 60/2018 of 22/08/2018 on Prevention and Punishment of Cyber Crimes: This law Regulates Cybercrime prevention and punishment in Rwanda. It focuses on cybersecurity measures and addresses offences related to cybercrime.

Law N° 70/2018 of 31/08/2018 Regulating Information and Communication Technologies (ICT): This law provides a comprehensive framework for the regulation of ICT activities in Rwanda, covering aspects such as cybersecurity, electronic transactions, and data protection.

Law N°24/2016 of 18/06/2016 governing information and communication technologies: This law defined a regulatory framework for telecommunication operators to promote services or products in a fair and competitive manner in Rwanda.

Law No. 058/2021 of 13 October 2021, relating to the protection of personal data and privacy: The law protects personal data and ensures privacy of individual users.

Law n° 029/2023 of 14/06/2023 governing population registration in the national single digital identity system.

Rwanda's policy framework further reinforces the nation's dedication to addressing climate change issues within the Conference of the Parties to the United Nations Framework Convention on Climate Change.

The advancement that is needed in the legal framework of Rwanda is the progress to reach the fifth-generation level, which has the important additional aspect of deep and meaningful collaboration as a means of achieving development-oriented digitalization and digital transformation.

The Role of the Ministry of ICT

The Ministry of Information Communication Technology and Innovation (MINICT) plays a crucial role in overseeing and promoting the development of information and communication technology (ICT) in Rwanda. MINICT has the mission to address national priorities relating to economic growth and poverty reduction through development and coordination of national policies and programs related to information, technology, communication, and innovation as well as citizen’s empowerment.

The Ministry of ICT and Innovation is responsible for overseeing and assessing the implementation of national policies, strategies, and programs aimed at fostering technology and communication. Additionally, it is tasked with formulating and distributing policies, strategies, and programs related to ICT and Innovation. The Ministry's operational activities are managed through two main departments: Digital Government Transformation and Innovation and Business Development. Moreover, the Ministry administers a program known as Innovation and ICT Private Sector Development.

Here are Key domains of intervention of MINICT:

Figure: MINICT domains of intervention

To accomplish these responsibilities and help the Ministry to achieve its mission, MINICT has the following affiliated agencies:

Agencies	Mandate
RISA: Rwanda Information Society Authority	Planning and coordinating the implementation of national ICT for Development Agenda
RURA. Rwanda Utilities Regulatory Authority	The mandate within the ICT sector is to licence, monitor and enforce licence obligations, manage scarce resources, advise policy makers on ICT related issues and represent Rwanda in international organisations on issues pertaining to ICT
C4IR: Centre for the Fourth industrial revolution	Accelerating the inclusive and responsible adoption of emerging technologies for the benefit of society
NCSA: National Cyber Security Authority	Authority in charge of securing Rwanda’s Cyber space
RSA: Rwanda Space Agency	RSA mandate is to regulate and coordinate all space activities in the Country while also creating an environment that promotes entrepreneurial and industrial development
NPO: National Post Office	NPO mandate is to competitively deliver communication, parcels, and related services. To continually research, innovate and apply international best practice. It aims to fulfil the Universal Service Obligation by seeking to serve the needs of every person and geographical region of Rwanda.
NIDA: National Identification Agency	Modernise and integrate both civil registration of vital events and national population registry through digital and secure identity information system for legal identity and right for all with an accurate authentication of data responding to the needs of all stakeholders.

Table: MINICT affiliated agencies

The central Role of the Rwanda Information Society Authority (RISA)

Established under the Ministry of ICT and Innovation, the Rwanda Information Society Authority “RISA” is a public institution established in 2017, governed by the Presidential Order N° 077/01 of 09/12/2022. RISA derives from the former IT Department of Rwanda Development Board, RDB. Currently, it is an affiliated institution to the Ministry of ICT and Innovation.

RISA plays a critical role in the development of Rwanda's ICT sector and is focused on promoting the use of ICTs to drive socio-economic development and improve the lives of Rwandans.

RISA has been put in place to be at the forefront of all ICT projects’ implementation and streamline research, infrastructures, and innovation within the ICT sector. Furthermore, RISA oversees the implementation of Smart Rwanda Master Plan initiatives.

RISA has the mission of digitising the Rwandan society through increased usage of Information and Communication Technologies and innovation technology as a cross-cutting enabler for the development of the other sectors spearheading Rwanda’s digital and social economic transformation.

Rwanda Information Society Authority is mandated to coordinate the implementation of projects that deliver information and communication technology services, this is done through supporting government institutions to deliver their ICT initiatives to be accessed by the institution workers and the citizens. RISA is also in charge of digitising government services and ensures that they are easily accessed by the citizens.

Rwanda Information Society Authority is headed by the Chief Executive Officer and two deputies: Chief Technology Officer  and Chief Operations and Strategy Officer

RISA’s responsibilities include:

(a) to participate in initiating and implementing national Information and Communication Technologies policies and programs in order to fast-track socio-economic growth;

(b) to implement strategies which expand the access and affordability of Information and Communication Technologies infrastructures and services;

(c) to accelerate community development through mainstreaming Information and Communication Technologies in national socio-economic sectors;

(d) to prepare and coordinate programs that increase the required skills in the field of Information and Communication Technology in order to achieve a knowledge based economy;

(e) to establish and strengthen innovation programs in Information and Communication Technology;

(f) to coordinate the implementation of projects and digitization initiatives that deliver Information and Communication Technology services;

(g) to cooperate and collaborate with national, regional and international institutions with a similar mission;

(h) to coordinate national Information and Communication Technology procurement for commonly procured Information and Communication Technology goods and services;

(i) to advise Government on all activities which can fast track the development of Information and Communication Technology;

(j) to provide technical assistance related to Information and Communication Technology as needed in public institutions;

(k) to promote use of public key Infrastructure based technology in order to ensure authenticity, data integrity, confidentiality and accountability;

(l) to promote and enhance general Information and Communication Technology knowledge, sensitization and awareness and Emerging Technologies;

(m) to establish necessary Information and Communication Technology guidelines and Blueprints based on national, regional and international principles and monitor their implementation;

(n) to recruit and deploy Information and Communication Technology Staff in public organs;

(o) to perform any other responsibility, which is not contrary to its mission, as may be assigned by law or by competent organs.

Context of The CDO Position

Presentation: the Concept of “shared services”

The words “Shared service by sector” is defined by the Ministry of Public service and Labor as follows:

“Job positions which were integrated in the organisation structures of the line Ministries to serve institutions in the same sector excluding those that were relocated to secondary cities and other few exceptions due to the nature of some institutions. Those shared services by sector include Planning and M&E, Human Resource Management, Legal Affairs, Internal Audit and IT function”.

The initiative accompanied a redesigned IT governance structure. The core idea involves aligning institutions with similar mandates into sectors, where a "sector" denotes a leading Ministry with its affiliated agencies operating in the same line of business. This Strategy revolves around shared IT services and personnel to cater to the collective needs and plans of the entire Sector. Ministries with shared IT units are overseen by either a Chief Digital Officer or an IT Business Analyst.

Figure: The framework of Shared Services

The consolidation approach is implemented by clustering Government institutions within the same business sector. In this setup, IT resources are shared within the Sectors and at the National Level (RISA, NCSA & MINICT). The IT workforce is mobile and dynamically allocated to different locations based on prevailing needs and priorities.

Example of a Sector IT (Environment and Disaster Management Sector) Institutions under the “Environment and Disaster Management” Sector include the Ministry of Environment, Rwanda Land Management Authority, Rwanda Mining Board, Meteorological Agency and other affiliated institutions.

Figure: Example of a sector IT: case of the Environment and Disaster Management Sector

Objectives of the Shared Services Mechanism

The reorganisation for IT departments around Shared services will enable a successful digital transformation and meet the various demands and expectations from citizens, stakeholders, partners and employees. More specifically, the objectives are as follows:

• Accelerating the digitization efforts for Rwanda in response to national targets in National Strategy documents and promoting innovation;
• Promoting IT standardisation, reducing spending on systems procured from abroad, removing duplications and achieving efficient service delivery across the entire Government;
• Consolidating and modernising technology platforms to ensure better quality of service to citizens;
• Reducing the cost of IT resources by achieving economies of scale through consolidation of IT purchases at Ministry level;
• Achieve greater consistency and satisfaction for the end-users through the introduction of better citizen-oriented design principles;
• Stronger data governance to drive best-practice in intelligent reporting and business insights paving the way for more elaborated use cases of Analytics and Artificial intelligence;
• Focus on preventive management rather than reactive management to achieve greater stability of IT systems (i.e.; preventive maintenance).

Positions and Reporting Mechanisms under the shared services

The clustering approach revolves around establishing a unified IT Team, headed by a Chief Digital Officer (CDO) or an IT Business Analyst. This team is responsible for offering IT leadership, support, and the development of IT systems for all institutions within the Sector. The remaining members of the IT Team are distributed under the lead Ministry and within each of the sector's institutions. Additionally, the CDO maintains a direct reporting line to RISA, serving as the supervising authority.

Figure 8: Example of an organisation structure of sector IT: case of the Ministry of Environment

Figure 9: Shared services, key principles

Shared services within a leading Ministry and its affiliated agencies involve the centralised provision of certain functions and resources to achieve efficiency, cost savings, and improved collaboration. Here are some common shared services in the ICT context for a Ministry and its affiliated agencies. Implementing shared services in these areas promotes consistency, cost-effectiveness, and improved overall performance across the Ministry and its affiliated agencies in the realm of Information and Communication Technology.

Area 1: IT Infrastructure Management:

•  Centralised management of IT infrastructure, including servers, networks, and data centres.
• Maintenance and updates of hardware and software across all affiliated agencies.

Area 2: Network Services:

Shared network services such as internet connectivity, VPNs (Virtual Private Networks), and intranet services.

Area 3: Cybersecurity Services:

• Centralised cybersecurity measures, including firewalls, intrusion detection systems, and antivirus solutions.
• Monitoring and response to cybersecurity threats across all affiliated agencies.

Area 4: Data Management and Analytics:

• Centralised data storage and management services.
• Analytics services for extracting insights from data shared across different agencies.

Area 5: Software Development and Support:

• Shared services for software development, customization, and support.
• Collaboration on common applications and platforms to avoid duplication of efforts.

Area 6: Help Desk and User Support:

• Centralised help desk services for providing technical support to users across affiliated agencies.
• Standardised procedures for issue resolution and user assistance.

Area 7: ICT Procurement:

• Centralised procurement of ICT hardware and software to leverage bulk purchasing and negotiate better deals.
• Standardisation of ICT procurement processes.

Area 8: Training and Development:

• Shared training programs for building ICT skills among employees.
• Centralised resources for continuous professional development in the ICT domain.

Area 9: Cloud Services:

• Utilisation of cloud services for shared storage, computing power, and applications.
• Collaboration on cloud-based solutions to enhance efficiency and reduce costs.

Area 10: Collaborative Platforms:

• Implementation of collaborative platforms for communication and project management.
• Shared tools for document sharing, collaboration, and workflow automation.

Area 11: ICT Governance and Policy:

• Development and enforcement of standardised ICT governance and policy frameworks.
• Oversight and compliance monitoring across all affiliated agencies.

Technical Set-Up of The CDO Unit

The CDO Unit

The CDO: Definition and Role

The Chief Digital Officer (CDO) is responsible for developing and deploying an overall digital Strategy, implementing and monitoring digital projects within government departments, and implementing the government's vision for the digitisation of citizen services.
More specifically, the CDO oversees the overall IT Strategy of the Sector and oversees the IT Team under his/her supervision.
In other words, the Chief Digital Officer (CDO) is an executive that oversees the digital transformation needs of the entire Sector (Ministry and all the affiliated institutions or institutions with similar mandate) to ensure that they support the entire Sector’s vision and goals.  Therefore, he/she is responsible for planning, implementing and managing the overall use of information technologies, streamlining operations by implementing relevant technologies, developing technological systems that will improve customer satisfaction, and managing the information technology department.

The CDO is expected to be comfortable working in the fast-changing technology landscape and with the responsibility and pressure that comes with leading transformative initiatives to success in this environment. 

The specific duties and responsibilities of the CDO position include (not limited): 

Strategic Planning and Leadership:

• Advise the Sector Leadership in all IT related matters
• Be responsible to establish and infuse the sector’s digital culture
• Strategic planning of the Sector to create business value, promote innovation, and contribute to growth objectives using technology
• Plan and oversee Sector’s IT projects, develop and approve technology programs and budgets for the entire Sector
• Ensure tech systems, infrastructure and procedures lead to outcomes in line with business goals, develop strategies to improve the efficiency and efficacy of technological initiatives
• Oversee the development of customer service platforms
• Establish IT policies, strategies, and standards for the Sector (Policies, Strategies, IT Enterprise Architecture, digital literacy development, digital infrastructure, tools and content, sector-specific digital advancement, and innovations)

Team Management and Development:

• Manage IT and development team personnel for the department and coaching the members of the IT teams.
• Set, measure, and report IT department's KPIs on a regular basis

Enterprise IT Governance and Risk Management:

• Develop, operate and maintain the Enterprise IT architecture and adoption of innovation.
• Oversee IT risk management and align it with enterprise-wide risk management.
• Ensure the Sector's data remains secure by keeping up to date on the latest cyber security threats and finding ways to guard against them on an organization-wide scale as well as ensuring good Data Governance.

Vendor Management and Financial Oversight:

• Review and approve department purchases, vendor proposals, negotiate contracts with vendors, and service providers in accordance with the proper guidelines from relevant institutions including MINECOFIN, MINICT, and RISA
• Prepare cost-benefit analyses for every change.

Communication and Collaboration:

Communicate with other executive members, employees and end-users to make sure all parts of the Sector use technology in the best ways possible.

The Resources of the CDO

The Chief Digital Officer is provided with essential resources crucial for accomplishing their responsibilities, including:

• Human resources
• Financial resources
• Tools and technologies

Human resources:

The Chief Digital Officer is supported by various IT specialists. The CDO of a sector has a team composed of Business Analysts, Senior software developers, Network specialist, System Administration Specialist, developers, Database Administration Specialist, IT Help Desk Officer. The provision of the different profiles in terms of number largely depends on the needs, the size and the organisation of the particular sector. Also, there is a need to add specific IT talents such as cyber security experts, data engineers, devOps and data scientists. Such new positions can be hired as contractual, outsourced, or directly added to the existing structure in the future.

Financial resources:

Each sector's IT department has two distinct types of budgets available, tailored to the sector's priorities and budget constraints:

1. Operational Budget: This budget is allocated for acquiring, maintaining, and updating the IT infrastructure within the sector. It covers expenses related to hardware, software, networking, and ongoing maintenance to ensure smooth and efficient IT operations.
2. Development Projects Budget: This budget is designated for digital transformation initiatives aimed at enhancing and modernizing the sector through digital solutions. It funds projects that drive innovation, improve digital capabilities, and support the sector's strategic objectives.

The Chief Digital Officer (CDO) is responsible for the entire budgeting process. This includes:

1. Budget Planning: The CDO meticulously plans both the operational and development projects budgets, aligning them with the sector’s strategic priorities and goals.
2. Submission: The CDO submits the detailed budget proposals to both the sector leadership and the Rwanda Information Society Authority (RISA) for review and approval.
3. Management: Once the budgets are approved, the CDO oversees the allocation and expenditure of funds, ensuring that the budget is used efficiently and effectively to achieve the intended outcomes.
   

By managing these budgets, the CDO ensures that each sector can maintain its IT infrastructure while also pursuing transformative digital projects that enhance its performance and service delivery.

Tools and technologies:

In terms of tools, some tools are developed or acquired by RISA and made available to IT teams in the public sector.
The reader can refer to the Standards, Methodologies, tools and technologies in the section 4 of this Handbook to learn more about this topic.

The Role of the Business Analyst

The Business Analyst’s main role is to work with all entities within their respective Sector to help them improve their processes and systems using Digital Technologies. She/he conducts research and extensive analysis to come up with solutions to business problems and helps in introducing the systems to end-users and customers. She/he acts as a link between core businesses and IT teams. 
The Business Analyst will engage with business leaders (sector management board) and users to understand how data-driven changes to process, products, services, software, and hardware can improve efficiencies and add value.

The Business Analyst is expected to have a natural analytical way of thinking and be able to explain difficult concepts to non-technical users as he/she is expected to work closely with developers, stakeholders, system architects and various subject matter experts.

The specific duties and responsibilities of the Business Analyst position include (not limited): 

The specific duties and responsibilities of the Business Analysts for the position include: 

Business Analysis and Requirements Gathering:

• Elicits, analyses, specifies, documents, and validates the business needs of the Sector, stakeholders, including customers and end users by outlining problems, opportunities, and solutions.
• Prioritises requests and needs from different entities/business units of the Sector and consolidates them into implementable projects.
• Conducts interviews and gathers customer requirements through various methods such as workshops, questionnaires, surveys, site visits, etc.
• Researches, reviews, and analyses the effectiveness and efficiency of existing requirements-gathering processes and develops strategies for enhancing or leveraging these processes.
• Analyses and verifies requirements for completeness, consistency, comprehensibility, feasibility, and conformity to standards.
• Translates conceptual customer requirements into functional requirements in a clear manner that is comprehensible to developers/project teams.
• Develops and utilises standard templates for writing accurate and concise requirement specifications and provides basic training for template utilisation.
  

Documentation and Process Modelling:

• Creates process models, specifications, diagrams, and charts to provide direction to developers and/or the project team.
• Develops and conducts peer reviews of the business requirements to ensure that requirement specifications are correctly interpreted.

Stakeholder Collaboration and Communication:

• Collaborates with project sponsors to determine project scope, vision, and stakeholders.
• Assists with the interpretation of customer requirements into feasible options and communicates these back to the business stakeholders.
• Communicates changes, enhancements, and modifications of business requirements to project managers, sponsors, and other stakeholders so that issues and solutions are understood.

Requirement Management and Quality Assurance:

• Manages and tracks the status of requirements throughout the project lifecycle, assessing competing resources and priorities to enforce and redefine as deemed necessary.
• Participates in the Quality Assurance of purchased solutions to ensure features and functions have been enabled and optimised.

Tools and Processes Optimization:

Participates in the selection of requirements documentation software solutions that the organisation may opt to use, considering emerging technologies and future trends.

The CDO Team Organisation

First and foremost, at Sector level, an IT Team is provided at the organisation structure of the leading Ministry and it covers the IT functions for the entire Sector. Thus, the IT function is headed by a Chief Digital Officer (CDO) for the harmonious coordination of IT Strategy. In Sectors without CDO, the IT function is headed by a Business Analyst. The Chief Digital Officer (CDO)/Business Analyst (BA) is an employee placed within the sector (line Ministry) but under the supervision of RISA as said before.

The BA and IT Team under the supervision of the sector’s CDO is attached to the Sector’s line Ministry as their reporting line and primary location. Based on proper planning and workload evaluation, the CDO/BA dispatches the allocated IT Team within the Sector to ensure full support and optimum utilisation of resources including staff and IT systems. Staff under the CDO/BA’s office are allocated to the leading Ministry and serve dynamically the institutions under the Sector to ensure the smooth operation.

The team is directly attached to the lead Ministry and dispatched across the sector’s institutions to address emerging IT needs. The Digital Office has also a direct reporting line to RISA as supervising authority.

Each CDO organises its team as needed, depending on the Ministry organisation and the size of the team. However, each CDO team is composed of:

 i. At the leadership and management level

The CDO or BA is the leader of the whole team and the rest of the team works under his/her supervision.

They organise  the team around the vision and specific objectives and projects of the sector they are in charge of.

 ii. The IT technical team

1. Senior Software Developer: As a key team member, the Senior software developer is responsible for development, design and implementation of new software solutions or modification and upgrade of the existing ones, providing quality assurance and technical evaluation of new and legacy systems and software products in the sector. The Senior Developer will lead Developers to ensure the application of best practices and professional software development methodologies, relevant tool suites and technologies, creativity and innovation in all software development projects of the sector.
2. Network Specialist: the network specialist is responsible to maintain reliable, secure and efficient data communications networks in the Sector (Ministry, Lead Institution, Affiliated institutions).
3. System Administrator Specialist: The System administrator Specialist is responsible for the installation, maintenance, configuration, and reliable operation of computer systems and servers in the Sector (Ministry, Lead Institution, Affiliated institutions). The System Administrator Specialist will actively resolve problems and issues with computer and server systems to limit work disruptions within the Ministry.
4. Software Developers:  In support of the Senior Software Developer and under the supervision of the CDO and Business Analyst, the Developers (Software Developers) are responsible of the development, design and implementation of new software solutions or modification and upgrade of the existing ones, toward digitization of the institutions and sector’s services. The developer is expected to work closely with other developers, Business analysts, UX and UI designers, database experts, Software architects and projects managers from RISA and the sector to ensure he/she develops solutions that meet requirements and standards.
5. Database Administration Specialist: The responsibility of the database administration specialist is to create, ensure and maintain the performance, integrity and security and disaster recovery of databases. He/ she is involved in the planning and development of the database, as well as in troubleshooting any issues on behalf of the users.
6.  IT Help Desk Officer: under the supervision of CDO/BA, the IT Help desk officer supports personnel, and acts as focal point when end-users face hardware, software, or system issues, Administers desktop computers, printers, IP telephony, servers and related equipment (monitor, hard drive, keyboard, etc..), software deployment, security updates and patches, Keep inventory of all equipment, software, and licences, Monitor and work on responding quickly to incoming requests related to IT issues.

 Some key objectives should guide the CDO in his/her team’s composition and organisation:

Find the right balances

• Between the technical vision and the functional vision: a CDO office is no longer an IT support service, supposed to maintain applications and network; it is about introducing the most efficient solutions for the administration to deliver its mission. Therefore you would need to recruit staff able to understand the sector and the missions of the ministry as well as translate users’ needs into digital services.
• Between build and run: while some digital services need to be maintained and monitored, you need to have sufficient available staff to launch new ones. It implies having a clear view on ongoing projects/services and future needs, as well as recruiting people who can proactively identify and design new projects and services. 

 Articulate recruitment with the ways of working and mid-term challenges:

• Because of the switch towards product and agile methodologies, RISA will tend to recruit people with adapted hard and soft skills. It implies looking for profiles such as UX/UI designers and user researchers, product owners and managers, product ops, dev ops, business developer, community facilitator, communications officer;
• As digital transformation in the public sector faces new challenges - cybersecurity, data, privacy, etc. – there will be a need to integrate cutting edge profiles: data-scientists, data-engineers, API manager, cybersecurity specialists, and not to mention the need to have profiles mastering the legal framework of digital and data..

Build a delivery-centred organisational and  managerial structure: in order to break silos and make sure the CDO can build and operate services safely and efficiently, it could be useful to transform the organisational structure. For instance, rather than having a tech-focused organisation (software service, architecture service, …), the CDO can structure the teams by the projects they are running/operating, and have some transversal divisions linked.

The CDO Network

CDO Network overview

The establishment of the CDO Network aims at ensuring that all digital initiatives are aligned with their respective organisation’s goals and objectives, as well as bring alignment with RISA’s vision and mission.
The CDO Network gathers all the CDO officers from different sectors. They are organised in this way to coordinate the work of the CDOs, oversee the collective work of all CDOs across diverse administrations and share internal best practices developed within sectors. They can also work on cross-cutting projects to address specific challenges that they all have.

CDO Network Areas of Focus 

The CDO Network has key areas of focus for its activities.

Discuss Digital Transformation Agenda

The CDO Network addresses various challenges associated with digital transformation. The Network can conduct discussions on:

• Deployment of the nationwide digital strategies: Ensuring that the nationwide strategies such as Smart Rwanda Master Plan, NSTs are well deployed by the CDOs Network in the Rwandan administrations.
• Cultural Shift: Overcoming resistance to change and fostering a digital-first mindset across public administrations.
• Citizens Experience: Enhancing citizens engagement through digital channels and personalised experiences.
• Scalability and Flexibility: Ensuring that digital solutions are scalable and adaptable to changing business needs.

Address Cross-Cutting Challenges

The CDO Network meets to raise and address Cross-cutting challenges that affect multiple aspects of digital transformation and that require collaborative solutions.

The Network can discuss together how to address:

• Governance scheme: The Governance of the sector, the top-down and bottom-up approach of the Governance in the digital transformation ecosystem
• Regulatory framework: Navigating complex regulatory environments and ensuring compliance with data protection laws.
• Interoperability: Ensuring that different systems and technologies can work together seamlessly.
• Innovation Management: Encouraging innovation while managing the risks associated with new technologies.
• Procurement and Vendor Management: The procurement process in the public sector and its challenges, Vendor Management, the interactions between the CDOs and the suppliers etc…
• Framework Contracts and their management
• Talents’ availability
• Contractors’ management and management of the outsourcing process 
  

Share Knowledge and Practices

The CDO Network facilitates the sharing of knowledge and best practices among members:

• Use cases and best practices: Presenting successful digital transformation initiatives and lessons learned.
• Research and Reports: Disseminating the latest research findings and industry reports relevant to digital transformation.
  

Share Communications among the Network

The Network strives to ensure that all Chief Digital Officers (CDOs) are aligned on key communications. During meetings, essential communications are shared, and CDOs are expected to both understand and implement them. Additionally, feedback on the current communications implementation is discussed to facilitate continuous improvement.

Publication of new policy, new regulations, new framework contracts, conferences, an event to attend…

Resource Sharing Among CDOs

Resource sharing enables the Network to leverage collective expertise and assets:

• Tools and technologies: Sharing digital transformation toolkits, frameworks, and templates. The best tools can be shared among the Network as well as feedback on their usage to enhance the tools deployment.
•  Expertise: Facilitating the exchange of expertise through secondments and collaborative projects.
  

Sharing Best Practices

Identifying and promoting best practices helps standardise successful approaches across the network not limited):

• Best practices in Project Management: management style, methodologies and tools used are shared.
• Best practices in Software Development: lessons learned and practices that can be useful to the Network.
• Best practices in Third parties’ management: How the suppliers and contractors are managed by the CDOs and successful stories to share.
  

Establishing Communities of Practice

The CDO Network, composed of CDOs with similar profiles in their Office, have the opportunity to establish Communities of Practice in order to bring together members with common interests and expertise.

The Network can establish a community for each type of practice in their teams: community of developers, Database Administration specialists’ community, Help Desk specialists community, Network specialists community…
In addition, certain groups can be created, focused on specific areas such as AI, IoT, data analytics, data protection, Cybersecurity, etc…

A Peer Learning system can be developed to encourage peer-to-peer learning and mentorship within these communities.

Develop Common Projects

The network can develop Collaborative Projects that leverage the collective knowledge and skills of the community. Collaborative projects drive innovation and shared learning:

• Pilot Programs: Launching pilot programs to test new digital solutions and approaches.
• Research Initiatives: Conducting joint research initiatives to explore emerging trends and technologies.
• Innovation Labs: Establishing innovation labs for co-creating and prototyping new digital solutions.
• Sharing common tasks/ supporting a project from one sector as other sectors can be stakeholders

Increase Awareness and Host Events

Raising awareness and hosting events foster engagement and visibility:

• Conferences and Summits: Organizing large-scale events to bring together thought leaders and practitioners.
• Publications and Media: Publishing articles, white papers, and case studies to highlight the network’s achievements and insights.

Interactions with Internal and External Stakeholders

Interactions within the MINICT ecosystem

Interactions between the Ministry of ICT & Innovation (MINICT) and the CDO:

In the digital transformation landscape, the Chief Digital Officer (CDO) operates as a pivotal figure within the structure, positioned under the Rwanda Information Society Authority (RISA) and, ultimately, the Ministry of ICT. This placement fosters interactions between the CDO and both institutional bodies.

Within MINICT, the primary point of contact for a Chief Digital Officer (CDO) or Business Analyst is the Permanent Secretary. This official serves as the main liaison or interlocutor for matters concerning digital Strategy, technology initiatives, business analysis or IT projects implementation in general in the Ministry or sector.

As a key digital transformation value chain actor, the CDO placed under RISA which is placed under the MINICT has interactions with both institutions. CDOs are invited each year to define their own goals that will be discussed with RISA and the PS of MINICT. Once the goals are validated; they are considered as Ministry’s IT Goals.

The initiation of the goals is then the responsibility of the CDO who must carry it with great attention. Not only must they serve the Ministry priorities, but also be aligned with Smart Rwanda guidance, MINICT and RISA guidance as well.

Once the goals are initiated and validated, they become the goals of the CDO who has to achieve them as he/she will be evaluated on them by RISA and MINICT. In that sense, CDO reports to MINICT through the PS. The frequency of reports can vary from a year to another, but once in minimum.

In addition to these duties, a CDO has the prerogative to engage directly with MINICT to address specific topics pertinent to his/her role. This could encompass discussions on the implementation of sector-specific guidelines or initiatives crucial to the ongoing projects.

Within the Ministry of ICT (MINICT), the Permanent Secretary occupies a pivotal role as the main intermediary or point of contact for Chief Digital Officers (CDOs) and Business Analysts. This individual acts as a central figure responsible for overseeing and managing various aspects related to digital transformation, technological strategies, and analytical endeavours within the Ministry.

The collaboration between the Permanent Secretary and CDOs involves a dynamic exchange of information, guidance, and decision-making. CDOs and Business Analysts often interact with the Permanent Secretary to communicate their insights, proposals, and initiatives regarding digital initiatives, technological advancements, data analysis, and other relevant matters within the Ministry's purview.

This interaction signifies a vital communication channel wherein the expertise, recommendations, and strategic plans of CDOs and Business Analysts are relayed, discussed, and often implemented under the oversight or guidance of the Permanent Secretary. The Permanent Secretary's role involves providing direction, support, and leadership to ensure the alignment of CDOs' efforts with the overarching goals and strategies set forth by MINICT.

Finally, MINICT has the authority to extend invitations to Chief Digital Officers (CDOs), Business Analysts, and their respective teams for participation in specific activities deemed essential by the Ministry. These activities can vary widely, encompassing diverse formats such as working sessions, seminars, orientation sessions, and more. These invitations signify MINICT's recognition of the expertise and contributions that CDOs and Business Analysts, along with their teams, can bring to the table. They serve as opportunities for collaborative engagements, aimed at fostering a deeper understanding, sharing knowledge, and collectively addressing critical topics or initiatives aligned with the Ministry's objectives.

Working sessions often involve focused, hands-on collaborative efforts where professionals collaborate intensively on specific projects, strategies, or problem-solving tasks. Seminars offer a platform for knowledge exchange, where experts can present insights, trends, or best practices relevant to the Ministry's technological landscape.

Orientation sessions may serve as introductions to new policies, frameworks, or technologies, allowing participants to gain a comprehensive understanding of their implementation within the Ministry's context. These sessions can aid in aligning strategies, refining approaches, and enhancing the overall efficiency and effectiveness of digital initiatives.

By inviting CDOs, Business Analysts, and their teams to these activities, MINICT leverages their expertise, fosters collaboration, and ensures alignment with the Ministry's goals. It reflects a commitment to a collaborative and inclusive approach, harnessing collective knowledge and skills for the advancement of digital innovation within the Ministry.

Interactions between Rwanda Information Society Authority (RISA) management and the CDOs

Objectives Definition:

Annually, CDOs are tasked with formulating forthcoming year objectives, which they submit to RISA and MINICT, as detailed in the previous interactions with MINICT. These objectives necessitate a SMART approach, aligning with the broader Smart Rwanda Strategy while also eliciting commitment from the CDO.

Annual goals refer to specific, measurable, achievable, relevant, and time-bound objectives set by individuals or organisations to be accomplished within a year's time frame. These goals serve as a roadmap, outlining key priorities, targets, and milestones to be achieved within the designated period. They are typically aligned with broader strategies, vision, or organisational objectives and are used as a benchmark for evaluating progress and success at the end of the year.

Ultimately, at year-end, the CDO's performance evaluation hinges upon the achievement of these established goals.

The evaluation process of CDOs is based on KPIs that can be found on the dedicated part of this Handbook and in the annex.

Vision guidance, advice, and communication sessions:

CDOs may be invited to specific and strategic sessions with the RISA in the framework of their work. Although the frequency of these meetings is not fixed, it should be noted that participation is compulsory for CDOs. It can also be working sessions with the RISA, on dedicated topics, or seminars and workshops where CDOs and BAs must attend.

Reports and Follow-up:

In its capacity as the overseeing body for CDO operations, RISA ought to receive project reports, performance updates, and team management insights as integral components of the CDO's responsibilities. Communication channels, including reporting, meetings, and monitoring, between the CDO and RISA can take on either formal or informal structures but must be maintained for the duration required.

Recruitment needs:

As a supervisor of the IT team, the CDO addresses the recruitment needs to RISA, the supervisory authority. RISA launches the recruitment procedure, advertising and pre-selecting candidates after checking that the position is listed in the organisation chart.

In accordance with the Ministry of Public Servants and Labour’s guidelines, in the realm of IT job vacancies within public institutions, when a position becomes available, the CDO shares a roster of these openings with RISA for a comprehensive recruitment Strategy. RISA takes charge of all recruitment procedures for IT roles within streamlined public institutions. Upon successful completion, candidates are assigned to the institutions with open positions, aligning with their exam performance and prioritising requests based on the sequence of submissions from public institutions (following a "first come, first served" approach).

Other types of interactions:

RISA can involve a CDO in collaborative projects, such as the CDO Network collaborative projects. Additionally, RISA can arrange sessions focused on sharing experiences and Ministry-level best practices among CDOs.

The collaboration between National Cyber Security Authority (NCSA) and the CDO

As the primary Cyber Security Authority at the national level, the National Cyber Security Authority (NCSA) assumes a critical role in assisting CDOs in fulfilling their cybersecurity responsibilities. These interactions are multifaceted and can be initiated by either the NCSA or the CDO, establishing a collaborative framework essential for effective cybersecurity management within organisations.

When the NCSA initiates interactions, their focus revolves around imparting crucial guidance and setting standards pertaining to cybersecurity. This guidance serves as a fundamental compass for IT teams, ensuring adherence to recognized cybersecurity protocols. Furthermore, the NCSA conducts comprehensive training sessions dedicated to enhancing the proficiency of IT teams in handling cybersecurity issues. Their cybersecurity awareness platform stands as a reservoir of invaluable resources, offering training modules and guidance that prove instrumental for both CDOs and IT teams in navigating the complex realm of cybersecurity.

In addition to guidance and training, the NCSA shoulders the responsibility of providing cybersecurity solutions, ensuring robust protection against cyber threats. Moreover, they manage the licences associated with these cybersecurity solutions, fortifying the cybersecurity infrastructure and safeguarding digital assets within departments.

On the other hand, interactions instigated by the CDO typically occur when potential or real cybersecurity threats are identified. In these instances, the CDO promptly engages the NCSA, seeking immediate intervention and resolution. Throughout this process, the CDO remains actively involved, collaborating closely with the NCSA to ensure a swift and effective response to the identified cybersecurity issue.

To further enhance and streamline these interactions, there's an ongoing project aimed at formalising and structuring the engagement between CDOs and the NCSA. This structured approach entails subjecting each interaction to a ticketing process, establishing a systematic means of tracking and documenting the resolution of cybersecurity incidents. Moreover, the CDOs will have the opportunity to provide instantaneous feedback on the NCSA's interventions, contributing to a culture of continuous improvement in cybersecurity practices. This initiative aims to strengthen communication channels, optimise response mechanisms, and elevate cybersecurity resilience across departments, fostering a more secure digital environment. Part of the project also involves integrating an SLA process and establishing specific KPIs to be followed. The interactions follow-up will be handled by RISA.

Collaboration with other government agencies

The collaboration between Rwanda Governance Board (RGB) and the CDO

The Rwanda Governance Board is the Authority in charge of promoting good governance, ensuring accountability, and supporting the development and implementation of governance policies and strategies in Rwanda. It plays a crucial role in promoting and sustaining good governance practices, fostering accountability, transparency, and effective leadership across different sectors of the Rwandan society. Below are key responsibilities of RGB:

• Policy Formulation: RGB is responsible for formulating policies, frameworks, and strategies related to good governance and national development. It works in collaboration with various government entities to develop policies that promote transparency, accountability, and effective governance practices.
• Capacity Building and Training: RGB conducts training programs, workshops, and seminars aimed at enhancing the capacity of public institutions, civil society organisations, and individuals in matters related to governance, leadership, and accountability.
• Monitoring and Evaluation: It oversees the implementation of governance-related policies and programs across various sectors. This involves monitoring the performance of institutions and assessing their adherence to governance standards.
• Promoting Accountability and Transparency: RGB advocates for and supports initiatives that promote accountability, transparency, and ethical conduct in both public and private sectors. It encourages organisations to adopt best practices in governance to improve service delivery and foster public trust.
• Advisory Role: RGB provides advisory services to government institutions, offering guidance on governance-related matters and assisting in the development of action plans to enhance governance practices.
• Research and Advocacy: It conducts research and studies on governance issues to identify challenges and opportunities for improvement. RGB uses this research to advocate for policy changes and reforms that strengthen governance structures. It also explore citizens’ perception with service delivery and disseminate the findings;
• Collaboration and Partnerships: RGB collaborates with various stakeholders, including government agencies, civil society organisations, and international partners, to foster partnerships aimed at advancing good governance practices and achieving national development goals.

The Rwanda Governance Board (RGB) actively engages with various Ministries to facilitate and promote good governance practices across the Country. This engagement involves working collaboratively with Ministries to develop, implement, and enhance policies and strategies that foster transparency, accountability, and effective service delivery.

As part of its functions, the RGB manages the citizen's scorecard—a tool used to assess citizens' perceptions of public service delivery and the transparency of governmental operations. This scorecard serves as a feedback mechanism, allowing citizens to voice their opinions on the quality of services provided by different government agencies and the transparency maintained in these processes.

When it comes to interactions with the RGB, these engagements can be particularly valuable for gaining insights into the perception of citizens regarding specific digitization efforts managed by a Chief Digital Officer (CDO). For a CDO leading digital transformation initiatives within a public service sector, understanding citizens' perspectives becomes crucial. Insights gathered through the RGB's citizen scorecard can provide valuable feedback, offering a glimpse into how citizens perceive the digital services being implemented.

This insight isn't solely beneficial in ensuring a citizen-centric approach; it also plays a vital role in managing project performance and outputs. By incorporating citizens' perceptions and feedback into the project evaluation process, the CDO can effectively gauge the success of digitization initiatives. This feedback loop aids in refining strategies, optimising service delivery, and ensuring that the digital services align closely with the needs and expectations of the citizens they serve. Ultimately, leveraging RGB interactions and citizen feedback enhances the overall effectiveness and success of public service digitization efforts overseen by a CDO.

The Collaboration between CDOs and Regulations Authorities

Effective collaboration between Chief Digital Officers and ICT regulation authorities is essential for achieving a balance between innovation and regulatory compliance in the evolving digital landscape. This collaboration ensures that digital strategies contribute to economic growth, societal benefits, and regulatory adherence. In Rwanda, RURA is responsible for regulating the ICT sector which oversees the regulatory and standardisation aspects to be observed by both consumers and network/service providers. The CDO network can play a key role in providing consolidated and common inputs to RURA for the sector regulation.

Below are some areas of collaboration:

Policy Alignment and regulatory compliance:

CDOs and CDO Network and ICT regulation authorities should collaborate to ensure that digital strategies align with existing and emerging regulations. This involves understanding regulatory frameworks and incorporating them into digital transformation initiatives. CDOs need to work closely with ICT regulation authorities to ensure that digital initiatives comply with relevant laws, standards, and regulations. This includes data protection, privacy, cybersecurity, and other regulatory aspects.

Dialogue and Consultation:

There can be some ongoing dialogue and consultation channels between CDOs and CDOs Network and ICT regulation authorities. This process will involve regular communication to address challenges and identify opportunities for improvement.

Risk Management:

CDOs and CDOs Network and regulation authorities should collaborate on risk assessments related to digital initiatives. This includes identifying and managing risks associated with technology adoption, data governance, and cybersecurity.

Innovation Promotion:

Collaborative efforts can be directed toward promoting innovation within the bounds of regulations. ICT regulation authorities can create frameworks that encourage responsible experimentation and the adoption of emerging technologies.

Standards Development:

CDOs and CDOs Network can contribute to the development of industry standards by actively participating in standardisation processes. This ensures that digital innovations adhere to established norms and facilitate interoperability.

Data Governance and Privacy:

Given the importance of data in digital initiatives, collaboration is vital in establishing robust data governance and privacy frameworks. CDOs should work with ICT regulation authorities to define guidelines for responsible data management.

In order to enhance collaboration between CDOs and regulation authorities, there is a strategic and proactive approach to run. Here are some keys to foster effective collaboration:

Key 1: Establish Regular Communication Channels and Promote Trust and Transparency:

Set up regular meetings, forums, or workshops for ongoing communication between CDOs and ICT regulation authorities. These platforms provide opportunities for dialogue, information exchange, and addressing emerging issues.

Define clear communication protocols to streamline the exchange of information between CDOs and regulation authorities. This includes processes for submitting feedback, addressing queries, and collaborating on regulatory compliance.

Foster a culture of trust and transparency between CDOs and regulation authorities. Open communication and transparency build confidence and facilitate collaborative problem-solving.

Key 2: Participate in Regulatory Consultations:

CDOs should actively participate in consultations organised by ICT regulation authorities. This involvement allows them to provide insights, share industry perspectives, and contribute to the development of regulations that align with technological advancements.

Key 3: Create a Joint Task Force or Working Group:

Establish a joint task force or working group that includes representatives from both CDOs and regulation authorities. This collaborative team can focus on specific issues, share expertise, and work together on regulatory challenges.

Key 4: Educate and Build Awareness:

CDOs should actively engage in educating regulation authorities about the digital landscape, emerging technologies, and industry trends. Building awareness helps regulators understand the complexities of digital innovation and formulate regulations that are informed and practical.

Key 5: Involve CDOs in the Regulatory Development Process:

Invite CDOs to contribute to the development of ICT regulations. This involvement ensures that regulatory frameworks consider the practical implications of digital initiatives and encourage responsible innovation. Encourage the adoption of industry standards and best practices in regulatory frameworks. CDOs can provide valuable insights into global standards, ensuring that regulations align with international norms.

Key 6: Joint Capacity-Building Initiatives:

Collaborate on capacity-building initiatives, such as training programs and workshops, that enhance the understanding of digital technologies, cybersecurity, and data governance among both CDOs and regulation authorities.

Key 7: Collaborate on Incident Response Planning:

Work collaboratively on incident response planning and cybersecurity measures. Establish protocols for information sharing in the event of cybersecurity threats or incidents that may impact both private and public interests.

Key 8: Establish a Feedback Loop:

Create a feedback loop where CDOs can provide constructive feedback on the effectiveness and practicality of existing regulations. This iterative process helps refine regulations based on real-world experiences. Create feedback mechanisms where CDOs can provide insights to regulation authorities on the practical implications of regulations. This helps in refining policies based on real-world experiences.

 Enhancing collaboration between CDOs and ICT regulation authorities is essential for creating a regulatory environment that supports innovation while ensuring compliance and responsible digital practices. By fostering strong partnerships, both parties can contribute to the development of a dynamic and effective regulatory framework.

The collaboration between CDOs and Service Providers

In their daily work, CDOs may interact with other institutions apart from those mentioned above, mainly internet and other resources providers.

The collaboration between Connectivity Providers and the CDO

Frequent communication channels are established between CDOs and the connectivity providers companies, primarily centred around resolving internet access issues. These issues could range from minor glitches to more complex challenges disrupting connectivity. The norm involves resolving these issues remotely, leveraging technology and expertise to troubleshoot and rectify problems without physically being present at the location.

However, for specific and critical issues that demand hands-on attention or intricate on-site diagnosis, the partner team is engaged for on-premise interventions. This direct, in-person approach allows for a more comprehensive understanding of the issue and facilitates tailored solutions to rectify the problems swiftly and effectively.

The collaboration between CDOs and Connectivity providers reflects a responsive and proactive approach to maintaining an efficient and secure digital ecosystem. It signifies a commitment to ensuring uninterrupted connectivity while reinforcing the robustness of the network infrastructure. Through a combination of remote problem-solving and targeted on-site interventions, both parties work synergistically to address challenges and uphold the reliability and efficacy of the digital systems.

CDOs must consult the guidelines that are published by RISA for network connectivity, service providers management guidelines while dealing with these partners.

The collaboration between National Data Center and the CDOs

The National Data Center is responsible for hosting all government data. The entity in charge of managing the national data centre works with the CDOs by offering them hosting and security services. It also manages the network and security systems, implementing regular updates and providing technical assistance to the CDOs.

While interactions with these partners lack a structured framework currently, upcoming projects aim to establish clear service follow-up methods to streamline operations and improve service quality. These methods may include implementing ticketing systems, Service Level Agreements (SLAs), and Key Performance Indicators (KPIs) focused on customer satisfaction.

CDOs must consult the guidelines that are published by RISA on data centres and cloud.

 The collaboration between E-service provider and the CDO

The E-Service provider entity collaborates with CDOs to work together on government services digitalization. This collaboration should extend to seeking inputs or guidance from the CDO's team for expertise or advice. Conversely, CDOs should also require inputs, expertise, or specialised services from the partner to bolster their initiatives aimed at improving public services.

Guidelines on Suppliers management published by RISA are applicable here as well.

Collaboration with Software development companies

Software development companies collaborate with government agencies, companies, and organisations to create outstanding user experiences, secure solutions, and support and maintenance across the product/solution lifecycle.

The interactions between the CDOs and these companies are various. CDOs may engage with them given their expertise in web and mobile application development, information security consultancy, and network security services.

The collaboration between CDOs and DPs and Civil Society

Primary development partners help Rwanda in its development vision. CDOs can therefore apply for funding individually or through the supervisory administration (sector/Ministry, MINICT or RISA), in collaboration with development partners. Whether they are investors, sponsors, or supporters, development partners play a pivotal role in providing financial and strategic support. Here are some strategies to enhance collaboration with development partners:

Clearly define Goals and Expectations:

Establish clear and transparent goals for the collaboration. Clearly articulate what you aim to achieve and discuss expectations from both parties. This clarity helps in aligning efforts and avoiding misunderstandings.

Regular Communication:

Foster open and regular communication with development partners. Provide them with updates on the progress of the project, key milestones, and any challenges faced. Regular communication builds trust and keeps backers engaged.

Create a Collaborative Culture:

Cultivate a culture of collaboration where feedback and input from development partners are valued. Encourage an open dialogue where they feel comfortable sharing their thoughts and ideas.

Actively seek input and feedback from development partners on various aspects of the project. Their insights can be valuable in refining strategies, improving products, or addressing challenges.

Involve development partners in Decision-Making:

Include development partners in important decision-making processes. Seek their input on key strategic decisions, service development, or other critical aspects of the project. Involving them enhances their sense of ownership.

Transparency in Finances:

Maintain transparency in financial matters. Clearly communicate how funds are being utilized and provide financial reports. Transparency builds trust and confidence in the way resources are managed.

Showcase Impact and Results:

Demonstrate the impact of development partners' contributions by showcasing tangible results. Whether it's service releases, business growth, or social impact, highlighting achievements helps development partners see the real-world outcomes of their support. The impact and results presentation must be orientated to the centres of interest of the development partners (UN sustainable development Goals, social inclusion, poverty reduction, gender equality, environmental issues…).

Acknowledge and Appreciate:

Acknowledge the contributions of development partners and express genuine appreciation for their support. Publicly recognize their involvement through social media, newsletters, or other platforms. Feeling appreciated strengthens the relationship.

Provide Regular Updates:

Keep development partners informed with regular updates through newsletters, emails, or dedicated communication channels. Highlight progress, share success stories, and address any setbacks transparently.

Organise development partners’ events:

Arrange events or webinars specifically for development partners. This creates an opportunity for direct interaction, allowing backers to ask questions, share their thoughts, and feel more connected to the project.

Offer Collaborative Opportunities:

Explore collaborative opportunities where development partners can actively contribute to the project beyond financial support. This could involve partnerships, mentorship programs, or other ways to leverage their expertise.

Secondly, collaboration between CDOs and civil society is essential for building trust, promoting social good, and ensuring that data is used responsibly for the benefit of communities and society at large. It requires a commitment to inclusivity, transparency, and the shared goal of using data for positive social impact.

Civil Society can be involved in these ways:

Open Dialogue and Engagement:

• Objective: Foster open communication and engagement between CDOs and civil society organizations.
• Activities: Organize regular meetings, forums, or workshops to facilitate discussions on data policies, initiatives, and concerns. Create channels for feedback and input from civil society.

Data Accessibility and Transparency:

• Objective: Ensure that data is made accessible to civil society organisations in a transparent and usable format.
• Activities: Collaborate on initiatives to publish relevant datasets, adhere to open data standards, and provide user-friendly interfaces. Seek input from civil society on data priorities. The management of the open data set must be under the management of RISA.

Capacity Building:

• Objective: Enhance the data literacy and analytical skills of civil society organisations.
• Activities: Provide training sessions, workshops, or resources to help civil society understand and effectively use data. Collaborate on educational initiatives to build capacity within the civil society sector.

Joint Advocacy and Awareness Campaigns:

• Objective: Work together on advocacy efforts and awareness campaigns related to data rights, privacy, and responsible data use.
• Activities: Collaborate on public awareness campaigns, jointly advocate for policies that protect data rights, and address concerns related to data privacy and security.

Project Collaboration:

• Objective: Undertake joint projects that leverage the expertise and resources of both the CDO's organisation and civil society.
• Activities: Identify areas where collaboration can lead to positive social impact. Develop and implement projects that address social challenges using data-driven approaches.

Inclusive Decision-Making:

• Objective: Include civil society representatives in decision-making processes related to data governance and policies.
• Activities: Establish advisory committees or forums that include representatives from civil society to provide input on data-related policies, initiatives, and projects.

Feedback Mechanisms:

• Objective: Establish mechanisms for civil society to provide feedback on data-related initiatives and policies.
• Activities: Implement channels for receiving and addressing concerns, suggestions, and feedback from civil society. Regularly assess and respond to the needs and priorities identified by civil society organisations.

Participatory Data Collection:

• Objective: Engage civil society in participatory data collection efforts.
• Activities: Collaborate on projects that involve the collection of community-based data, ensuring that civil society is actively involved in the process. This can enhance the relevance and accuracy of the data collected.

An example of collaboration with civil society can be:

Set a first users community: The concept means gathering a population of volunteers who will test Government services in advance, before they go online for the general public, and give feedback on the service to the CDOs before they start implementing the services.

The concept can be extended to build a platform to collect ideas from civil society on new government services to develop, suggestions of improvement areas on specific e-services…

The Collaboration with own Sector’s Institutions

As per the Ministry's directive, staff members within the CDO or BA's office are specifically assigned to the primary Ministry. Their role is not confined solely to the leading Ministry, instead, they are tasked with dynamically supporting various affiliated institutions or agencies. This indicates a flexible and multifaceted responsibility, catering to the diverse needs of institutions within the Sector.

While the CDO often acts as the primary contact point, the entire team is actively engaged with these sector institutions. Their involvement extends beyond mere interaction, as team members are mobilised and involved in specific projects or tasks crucial to supporting the functions of these institutions.

Given this mandate, the CDO assumes the responsibility of strategically organising the team to ensure optimal resource deployment. This includes the strategic distribution of team members among institutions or dedicating specialised support by assigning Business Analysts to specific groups of institutions. Additionally, the CDO plays a pivotal role in overseeing and coordinating the support rendered to all these institutions.

The overarching goal of this organisational Strategy is to align the team's efforts with the broader interests and goals of the Ministry. By deploying resources effectively and coordinating support across multiple institutions, the CDO ensures that the Ministry's objectives are efficiently met, enhancing digital services and operations within the Sector.

This approach allows the CDO's office to operate in a versatile and responsive manner, strategically deploying its resources to address the varying needs of institutions within the Sector. Through this concerted effort, the CDO contributes significantly to the enhancement of digital services and operational efficiency across multiple institutions, thereby contributing to the Sector's overall advancement and development.

The importance of Academia and research institutions

Academia and research institutions are vital contributors to the ongoing evolution of ICT. They play a crucial role in fostering ICT innovation. Their role encompasses knowledge creation, talent development, collaboration with industry, and addressing societal challenges, collectively shaping the trajectory of ICT innovation.

Knowledge Generation and Dissemination:

Academia conducts cutting-edge research, leading to the creation of new knowledge and insights in the field of ICT. Research institutions contribute to the dissemination of knowledge through publications, conferences, and collaborations, ensuring the broader community has access to the latest developments.

Talent Development:

Universities and research institutions are pivotal in educating the next generation of ICT professionals and researchers. They provide training, academic programs, and hands-on experiences that equip students with the skills needed for innovation in the ICT sector.

Collaboration with Industry:

Collaboration between academia and industry facilitates the transfer of research findings into practical applications. Joint projects and partnerships enable the integration of academic knowledge with industry needs, fostering innovation that is both theoretical and applicable.

Innovation Ecosystem:

Academic institutions contribute to the creation of a vibrant innovation ecosystem by nurturing an environment that encourages creativity, experimentation, and entrepreneurship. Incubators, technology transfer offices, and research centres within academia support the translation of research ideas into tangible products and services.

Applied Research and Development:

Research institutions engage in applied research, addressing real-world challenges and developing solutions with practical applications.

This applied research orientation ensures that innovations are relevant and have the potential to address current issues in the ICT sector.

Technological Breakthroughs:

Academia often leads in the exploration of new frontiers in technology, pushing the boundaries of what is possible in ICT. Breakthroughs in areas such as artificial intelligence, cybersecurity, and data science often originate from research conducted within academic institutions.

Policy and Regulation Guidance:

Academic research contributes valuable insights into the formulation of policies and regulations related to ICT. Researchers provide evidence-based recommendations that help shape policies, ensuring a balanced approach to innovation, ethics, and societal impact.

Global Competitiveness:

Countries with strong academic and research institutions in ICT tend to be more competitive on the global stage. A robust ICT innovation ecosystem enhances a nation's capacity to stay at the forefront of technological advancements and maintain a competitive edge in the global market.

Social Impact:

Academia plays a role in addressing societal challenges through ICT innovations that can improve healthcare, education, accessibility, and other aspects of daily life. Research institutions contribute to the ethical considerations and responsible development of technology with a focus on positive societal impact.

The CDO Network can work closely with Academia and research institutions, as well as common activities under the coordination of RISA. In addition, RISA and MINICT can play a role in creating strong partnerships with academia and research institutions. RISA and MINICT can initiate contact, provide a framework for interaction and open up various possibilities for collaboration that CDOs will explore with the academia and research institutions. Successful collaboration requires ongoing commitment, flexibility, and a shared understanding of the objectives. By fostering strong partnerships with academia and research institutions, sectors can tap into a wealth of knowledge and contribute to advancements in their respective fields as well as fostering innovation. Below are some best practices in a collaboration with Academia and research institutions.

Stage 1: Identify Common Goals and Objectives:

Clearly define the goals and objectives of the collaboration. Understand what both parties aim to achieve and ensure alignment with each other's missions and objectives.

Stage 2: Establish Clear Communication Channels:

Establish effective communication channels to facilitate the exchange of ideas, progress updates, and feedback. Regular meetings, emails, and collaborative platforms can enhance communication.

Stage 3: Build Relationships:

Develop relationships with key faculty members, researchers, and decision-makers within academia. Attend conferences, seminars, and networking events to establish connections.

Stage 4: Engage in Joint Research Projects:

Collaborate on joint research projects that align with the interests and expertise of both parties. This can lead to the generation of new knowledge and innovative solutions.

Stage 5: Provide Access to Resources:

Offer access to resources that academia may not have readily available, such as industry data, technologies, or real-world scenarios. This can enhance the practical relevance of research projects.

Stage 6: Participate in Advisory Boards:

Join advisory boards or committees within academic institutions. Your industry expertise can contribute valuable insights to curriculum development, research agendas, and overall strategic planning.

Stage 7: Facilitate Workshops and Training Programs:

Offer workshops, training programs (internship opportunities and work experience for students), or guest lectures to share industry insights, trends, and practical experiences with students and faculty members.

Stage 8: Promote Technology Transfer:

Explore opportunities for technology transfer, where innovations developed within academic settings can be applied commercially. This can lead to the development of new products, services, or processes.

Stage 9: Collaborate on Conferences and Events:

Sponsor or participate in conferences, symposiums, or industry events organised by academia. This provides exposure to cutting-edge research and facilitates networking opportunities.

Stage 10: Understand Intellectual Property (IP) Agreements:

Clearly define intellectual property ownership and rights in collaboration agreements. Establish agreements that protect the interests of both parties regarding the use and commercialization of research outcomes.

Stage 11: Evaluate the Impact:

Regularly assess the impact of the collaboration on both the organisation and academia. Measure outcomes, share success stories, and identify areas for improvement.

Stage 12: Promote Diversity and Inclusion:

Encourage diverse participation in collaborative initiatives. Embrace inclusivity in research teams and ensure that different perspectives contribute to innovative solutions.

CDOs Key Functions and Roles

Strategic Leadership

Aligning digital strategies with national strategies

Aligning sector digital Strategy with national strategies is crucial for cohesive and effective development. As a CDO evolves in an advanced digital context, it is mandatory to align sector Strategy to nationwide strategies. Please refer to the part on National strategies to learn about national digital strategies that are in place in Rwanda.

Please refer to the Sector Blueprint definition guidelines to see how to develop sector digital transformation strategy in the alignment of national strategies.

Setting KPIs for performance measurement

A specific document on the KPIs that should be monitored by a CDO is available at RISA. Please refer to the dedicated document on the KPIs set and implement them.

Digital Culture and Innovation

Establishing a sector-wide digital culture

The CDOs mandate and ambition is to achieve a level where a sector-wide digital culture takes root in the sector, set-up an environment where innovation, digital adoption, and adaptation become ingrained in the sector's DNA.

Establishing a sector-wide digital culture has many advantages:

• It enables staff to acquire a good digital culture which will be a catalyst for the administration's digital transformation.
• It improves the acceptability of the staff of the digital changes implemented by CDOs.
• It accelerates digital transformation through the involvement of all stakeholders.
• It improves collaboration and innovation because sector staff are involved in the process.

Establishing a sector-wide digital culture involves a concerted effort to foster an environment where digital innovation, adoption, and adaptation are embraced at all levels.

Here are some steps to establish a sector-wide digital culture:

Leadership Buy-In: The CDO has to start at the top. Leaders must champion digital transformation, demonstrating its importance and integrating it into the sector's vision and Strategy. Without the sector leadership support, it is more difficult to achieve a digitally rooted environment in sectors.

Communication and awareness campaigns: It is necessary for the CDO to identify and educate stakeholders about the benefits and necessity of digital transformation. This involves regular communication about the sector's digital vision once defined and demonstrates that each individual role is crucial. Various tools can be used to do so: tutorial, internal communication campaign, webinar, guides… These communications must be precise, and the objective must be clear, information simplified, and the benefits highlighted.

Training and Upskilling: Investing in training programs to equip employees with digital skills is necessary. This could include workshops, courses, or certifications relevant to the sector's needs. A common program can be set-up at RISA’s level for all Ministries, but all CDOs can adapt it to his/her sector. Here, specific domains can be targeted and be topics of training: cybersecurity, paperless Strategy, efficiency through technology, etc…

Encourage Innovation: The CDO can create an environment that encourages experimentation and innovation within the sector’s leading Ministry and affiliated agencies. He/she should support initiatives that explore new digital technologies and methodologies.

Collaboration and Cross-Functional Teams: Foster collaboration among different departments and encourage the formation of cross-functional teams to work on digital projects. This breaks down silos and encourages knowledge sharing. This encompasses activities to gather employees from all over the sector (leading Ministry and affiliated agencies) to work on a specific project.

Agile and Adaptive Approach: Embrace an agile mindset that allows for quick adaptation to changing technologies and market needs. Encourage iterative processes and learning from failures.

Provide Resources and Support: Ensure that the necessary resources, tools, and infrastructure are available to support digital initiatives. This includes both technological resources and managerial support.

Recognition and Incentives: Recognize and reward individuals and teams that contribute significantly to the sector's digital goals. Incentivise innovative ideas and successful digital implementations.

Data-Driven Decision Making: Promote a culture of using data to drive decisions. Encourage the collection and analysis of data to derive insights and inform strategies.

Regular Assessment and Adaptation: Continuously assess the progress of the digital culture initiatives. Adapt strategies based on feedback and changing needs to ensure sustained improvement.

Promoting Digital Literacy

Promoting digital literacy directly engages the employees all over the sector. CDO simply must conduct basic activities to enhance the digital literacy of the leading Ministry and affiliated agencies staff. The overall goal is to enhance digital literacy among employees, empowering them to leverage technology effectively in their roles and improve overall operational efficiency.

The first step in building digital literacy is to assess the sector current workforce’s digital skills and determine which skills are necessary to make the digital transformation roadmap a reality.

Take stock of existing skills in the public sector: understand the transformations that all job families will undergo and identify gaps and specific areas where training is needed.

Professions within public administration are undergoing transformations due   The following table describes common government job functions and the transformations they are experiencing in a digital transformation. All positions are impacted, from management to legal services, hence the importance of extending digital literacy across government.
Profession type	Transformations
Purchasing in the digital sector	From acquiring equipments and network to purchasing cloud, infrastructure, software and intellectual services
Cybersecurity/Cybercrime	Enhance capacity to respond to new threats and respect standards
Stats/Data	From producing statistics to analysing raw data and making them available from public-decision making
Management & steering leadership	Adopt new ways of working: agile, remote, distributed governance
Development	Generalisation of the DevOps approach, new standards on eco conception, accessibility (design), use (and production) of open source softwares
Legal	Compliance (data privacy and new regulations), legal design
Infrastructures	From a “static” (IT architecture) to a dynamic vision (Ops, data circulation)
User support	Enhance relations to digital services users, measure impact
Project/Product Management	New methods to develop digital services for public policies
Communication	From institutional communication to community management

Set-up tailored Training Programs: Develop training programs that cater to various skill levels and job roles. Offer a mix of basic digital literacy courses covering fundamental skills like using software, email, and the internet, as well as more advanced courses for specific tools or technologies relevant to their roles and depending on their prerequisites.

Hands-On Workshops and Webinars: Conduct interactive workshops and webinars where employees can practise using digital tools in real-time. Encourage participation and provide opportunities for Q&A sessions.

• Organise training and awareness campaigns on the digital issues: IT Tools, collaborative tools. This encompasses organisation of training programs to upskill employees on new technologies, ensuring they can effectively use and leverage these tools.
• Organise regular follow-up and workshops sessions on the IT ongoing projects in the sector, in order to involve employees in the transformation projects.

Digital Resources and Support: Offer access to digital resources such as online tutorials, guides, and FAQs. Provide ongoing support through help desks or designated digital literacy mentors. Realise some demo and tutorial on IT tools usage, IT key topics for the sector’s staff. These resources should be included on a dedicated webpage of the Ministry or on other specific webpage easily accessible to the employees.

Encourage Continuous Learning: Foster a culture of continuous learning by promoting online courses, certifications. Encourage employees to stay updated with technological advancements relevant to their roles.

Internal Knowledge Sharing: Facilitate knowledge sharing sessions where employees can share their expertise or experiences with digital tools. This could be through presentations, team meetings, or internal forums.

Pilot Projects and Sandbox Environments: Encourage employees to experiment with digital tools in a safe environment. Implement pilot projects where they can apply newly learned skills without the fear of failure.

Measurement and Feedback: Implement measures to assess the effectiveness of training programs. Gather feedback from employees to understand their experience and areas that need improvement. Reward the most involved employees/agents

Incorporate Digital Literacy into Policies: Embed digital literacy requirements into job descriptions, performance evaluations, and promotion criteria, emphasising its importance in the administration.

Various mechanisms must be put in place to build up digital literacy among all civil servants:

• Digital academies: set up an in-house digital academy to assess and develop current civil servants digital skills
• Formal training: Include formal training opportunities as part of your compensation package for civil servants and ensure that digital skills are available in course catalogues.
• Informal training: Encouraging civil servants to join a community of practice, giving opportunities for internal mobility and developing a culture of collaboration can all offer informal training opportunities for staff.

Digital Campus: An emerging cross-department resource centre to offer customised training to teams and individuals. It is made up of dedicated teams in charge of:

- Guiding HR offices & business managers to build trainings for teams: 

• Identification of needs
• Conception of learning path (usually upskilling)
• Implementation
• Evaluation

- Building & Providing a training catalogue on every aspects of digital transformation

• Online / Presential
• In house / provided by external providers

- Possibility to obtain funding to build new learning approaches

- Possibility for civil servants to become teachers.

Digital Academy: An Academy which aims at teaching public servants the digital skills, approaches, and mindset needed to transform public services in today's digital age.

As part of its activities, the Academy must bring together partners from different spheres, including Government, Academia and the Private Sector, with the focus on Collaboration and the sharing of knowledge and experience. The Academy will offer both general and more specialised learning opportunities, in the classroom and online, for public servants at all levels.

Another good practice is also to let civil servants find their own training courses based on their interests and skills. This means potentially financing online courses given in other countries or about topics not yet included in the initial training catalogue. This promotes talent retention and gives staff maximum flexibility to advance their careers as they see fit.

Fostering Innovation and Growth

Fostering innovation and growth entails establishing an environment that champions creativity, experimentation, and ongoing enhancement. Innovation stands as a linchpin, and CDOs must cultivate it within their sector.

This endeavour begins by nurturing a culture of innovation within the team. The CDO plays a pivotal role in fostering a mindset that appreciates fresh ideas and solutions, fostering an environment where employees feel empowered to share their thoughts without fear of judgement. Embracing failure as a learning opportunity is integral—encourage experimentation and acknowledge that not all ideas will yield success.

Cultivating an innovation culture also entails promoting diverse collaboration. Encouraging teamwork among individuals with varied backgrounds, skills, and experiences often leads to novel and inventive ideas.

Furthering this culture means embracing failure as a stepping stone to success. Create a safe space where unsuccessful attempts are seen as opportunities for growth. Discuss lessons learned from setbacks and apply these insights to future endeavours.

Having dedicated resources—be it budget, teams, or platforms—is crucial. Allocate specific resources to innovation projects, empowering teams with the necessary time, finances, and personnel. Establish platforms for idea sharing and encourage cross-functional collaboration among different departments or areas of expertise, fostering the exchange of unique ideas that lead to innovative solutions.

Learning serves as the bedrock of an innovative culture by fostering adaptability, continuous improvement, and knowledge sharing. It encourages individuals to refine processes and seek better solutions, driving efficiency and effectiveness. CDOs should  work with RISA core team to design the training catalog and invest in ongoing learning programs to keep employees updated with the latest trends and technologies.

Conducting innovation improvement activities is essential to nurture an innovation culture. These activities may include brainstorming sessions, problem-solving challenges, workshops, and collaborative events to ignite creativity and teamwork within the team.

• Brainstorming Sessions: Encourage open brainstorming sessions where team members freely share ideas without judgement. Focus on quantity over quality initially to generate a wide range of ideas.
• Problem-Solving Challenges: Present the team with real or hypothetical challenges and ask them to come up with innovative solutions. Encourage creative thinking and unconventional approaches.
• Cross-Training and Skill Sharing: Organise sessions where team members share their expertise or teach skills to others. This promotes a diverse skill set within the team and encourages learning from each other.
• Innovation Workshops: Host workshops specifically aimed at fostering innovation. Use exercises, case studies, or role-playing activities to stimulate creative thinking and problem-solving.
• Hackathons or Innovation Days: Set aside dedicated time for the team to work on innovative projects or ideas. Encourage them to collaborate across departments and generate prototypes or new concepts. These activities may involve external partners: innovators, private sector, academia, start-ups, researches…
• Mind Mapping or Visualization: Use visual tools like mind mapping to help team members organise their thoughts and explore connections between different ideas or concepts.
• Field Trips or External Insights: Arrange visits to other innovative companies or industries. Exposure to different environments often sparks new ideas and perspectives.
• Design Thinking Exercises: Introduce the team to design thinking methodologies, allowing them to empathise with users, define problems, ideate solutions, prototype, and test ideas.
• Storytelling Sessions: Allow team members to share success stories, innovative ideas, or lessons learned from challenges. This fosters a culture of sharing and inspires others to think creatively.
• Gamification of Learning: Incorporate games or challenges that encourage creative thinking, problem-solving, and teamwork. This adds an element of fun while promoting innovation.

The CDO can also conduct reward innovation activities. The aim is to recognize and reward employees who contribute innovative ideas or solutions. Incentivize creativity through rewards, bonuses (co-defined with RISA and MIFOTRA), or recognition programs.

Regular evaluation and feedback mechanism is mandatory. Establish mechanisms to regularly evaluate innovation initiatives. Gather feedback from employees and stakeholders to understand what works and what needs improvement.

Ensuring a Quality Data Governance

Data Governance is one of the strategic tasks that the CDO and his/her team must manage. The Standards obliges the CDOs to host their data in the cloud by collaborating with the partner in charge of data hosting and cloud for the Government.

However, apart from dealing with the National Data Center for hosting the data of the Ministries, the CDO has a strategic role to play in the data governance issue. Indeed, ensuring robust data governance involves establishing policies, processes, and practices to manage data effectively, securely, and in alignment with organisational goals. Here are key steps to achieve this:

• Define Clear Objectives: Establish clear data governance objectives aligned with the sector's overall Strategy. The various ICT laws (Data protection, security and cybersecurity, data privacy..) should be considered. Define what "good data governance" means for your specific context—whether it's data quality, security, compliance, or accessibility.
• Leadership and Accountability: Assign ownership of data governance to a dedicated team or team member. Ensure there's strong leadership support to drive data governance initiatives and establish accountability for data-related decisions.
• Develop Policies and Standards: Create comprehensive data governance policies, standards, and guidelines. These should cover data quality, security protocols, access controls, data lifecycle management, and compliance requirements.
• Data Inventory and Classification: Conduct a thorough inventory of all data assets, categorise them based on sensitivity and importance, and establish clear classification protocols. This ensures appropriate handling and protection of different types of data.
• Data Quality Management: Implement measures to maintain and improve data quality. Establish procedures for data cleansing, validation, and regular quality checks to ensure accuracy and reliability.
• Data Security and Privacy: Institute robust security measures to safeguard data from breaches or unauthorised access. Implement encryption, access controls, user authentication, and regular security audits. Ensure compliance with relevant data privacy regulations.
• Data Lifecycle Management: Define processes for data creation, storage, usage, archiving, and deletion. Establish clear guidelines for how long data should be retained based on legal, business, or regulatory requirements.
• Data Governance Framework and Processes: Develop a structured framework for decision-making, change management, and communication regarding data governance initiatives. Ensure that data-related processes are documented and communicated across the organisation.
• Training and Awareness: Conduct training programs (organising, or hosting trainings from institutions like MINICT, RISA) to educate employees on data governance policies, procedures, and best practices. Encourage a culture of data awareness and responsibility across the departments.
• Continuous Monitoring and Improvement: Regularly monitor compliance with data governance policies and standards. Gather feedback, conduct audits, and refine processes to adapt to changing business needs and technological advancements.

Ensuring a Quality Cybersecurity

In terms of Cybersecurity, the CDOs have the responsibility to follow the guidelines and standards provided by the NCSA and RISA. These guidelines are published on their respective websites or communicated directly to the CDOs.

CDOs also have to contact the appropriate authorities to intervene in case threats are detected, or to come to implement some cybersecurity guidelines. The CDOs responsibility covers the compliance with Regulations in terms of cybersecurity. He/she has to ensure that the department complies with relevant cybersecurity regulations and standards applicable.

Thus, the CDO must conduct regular Risk Assessment and Management. It involves conducting regular risk assessments to identify potential vulnerabilities and threats and develop a risk management plan to prioritise and mitigate these risks effectively.

The CDO also must conduct team members training and awareness by educating all department members about cybersecurity best practices. The CDO must conduct regular training sessions to raise awareness about phishing, social engineering, and other common cyber threats.

Another key action is the access control and authentication. It covers the implementation of strong access controls and authentication mechanisms. It enforces the principle of least privilege, ensuring users have access only to the data and systems necessary for their roles.

Some Regular Updates and Patch Management are necessary. The CDO must keep all software, operating systems, and security tools up to date with the latest patches and updates as vulnerabilities often arise from outdated software versions.

The CDO and his/her team must secure Network Infrastructure by implementing firewalls, intrusion detection systems, and encryption protocols to protect the department's network. Regularly monitor network traffic for unusual activities are necessary.

In addition, there are some key actions that are necessary to assure a good cybersecurity in the departments:

• Data Encryption: Encrypt sensitive data both at rest and in transit to prevent unauthorised access in case of a breach.
• Incident Response Plan: Develop a clear and tested incident response plan to handle cybersecurity incidents effectively. This includes steps for containment, investigation, recovery, and communication.
• Regular Security Audits and Assessments: Conduct periodic security audits and assessments to evaluate the effectiveness of existing security measures and identify areas for improvement.
• Vendor and Third-Party Risk Management: Assess the cybersecurity measures of third-party vendors and contractors. Ensure that they comply with your department's security standards.
• Continuous Monitoring and Improvement: Implement systems for continuous monitoring of cybersecurity measures. Stay updated on emerging threats and adapt security strategies accordingly.

Quality Management System

A Quality Management System (QMS) is a structured framework implemented by organisations to ensure they meet and maintain certain standards of quality in their products, services, processes, and overall operations. It's a systematic approach designed to enhance efficiency, consistency, and customer satisfaction while continuously improving the organisation's performance.

A QMS is a comprehensive approach that involves all levels and functions within an organisation, aiming to embed a culture of quality, continuous improvement, and customer satisfaction. Here are some key components and aspects typically associated with a QMS:

Quality Policies: These are overarching statements or guidelines set by the organisation's management, outlining its commitment to quality standards and objectives. These policies often reflect the organisation's values and goals.

Processes and Procedures: QMS involves defining and documenting specific processes and procedures for various aspects of operations. This includes everything from product development, service delivery, to internal audits and corrective actions. The aim is to ensure standardised and consistent methods are followed throughout the organisation.

Quality Planning: This involves setting quality objectives, defining processes to achieve them, and allocating necessary resources. It includes risk assessment and mitigation strategies to anticipate and address potential issues.

Quality Control: This encompasses the measures put in place to monitor and verify that products or services meet predefined quality criteria. This can involve inspections, testing, and checks at various stages of production or service delivery.

Continuous Improvement: A fundamental aspect of a QMS is the commitment to ongoing enhancement. This involves collecting and analysing data, feedback, and performance metrics to identify areas for improvement and implementing changes to enhance overall quality.

Training and Education: Ensuring that employees are well-trained and equipped with the necessary skills and knowledge is crucial. Training programs are often an integral part of a QMS to ensure that everyone understands and complies with quality standards.

Customer Focus: A QMS often emphasises understanding and meeting customer needs and expectations. Feedback mechanisms and customer satisfaction surveys are commonly used to gauge and improve customer experiences.

Certification and Standards: Many organisations adopt internationally recognized standards (such as ISO 9001) to guide the development and implementation of their QMS. Achieving certification against these standards can signal to stakeholders and customers that the organisation adheres to certain quality benchmarks.

The QMS should be managed at RISA level and deployed by CDOs in their respective ministries. Please refer to RISA, NCSA and MINICT guidelines on the Quality Management System.

In order to establish a successful and robust Quality Management System (QMS), several steps must be initiated. Here are key steps to guide the CDO in its willingness to establish QMS within his/her Ministry.

Understand Organisational Needs and Objectives:

Identify your organisation's quality objectives, customer expectations, and regulatory requirements. Ensure alignment between these factors and the QMS you plan to implement.

Leadership Commitment:

Obtain commitment and support from top management. Leadership involvement is crucial for implementing and sustaining a QMS throughout the organisation.

Formulate a Quality Policy:

Develop a clear quality policy that outlines your organisation's commitment to quality, its objectives, and the principles that guide the QMS.

Define Processes and Procedures:

Document existing processes and procedures or develop new ones to achieve quality objectives. Ensure these are standardised, understood, and followed across the organisation.

Training and Awareness:

Provide adequate training to employees regarding the QMS, their roles, and how they contribute to maintaining quality. Ensure awareness and understanding at all levels.

Implement Quality Control Measures:

Put in place mechanisms for quality control, including inspections, testing, and checkpoints throughout the production or service delivery process.

Establish Quality Assurance Practices:

Implement systems to ensure compliance with quality standards. This includes regular audits, reviews, and corrective actions to maintain consistency and adherence to standards.

Continuous Improvement:

Foster a culture of continuous improvement by collecting and analysing data, feedback, and performance metrics. Encourage innovation and the implementation of improvements.

Customer Feedback and Satisfaction:

Establish channels for gathering customer feedback and use it to drive improvements. Ensure that customer needs and expectations are consistently met or exceeded.

Monitoring and Review:

Regularly monitor and review the QMS to assess its effectiveness. Use internal audits and management reviews to identify areas for improvement.

Seek Certification and Compliance:

QMS should be aligned with recognized standards such as ISO 9001 and work towards certification to demonstrate adherence to quality benchmarks.

Adaptation and Evolution:

Continuously adapt the QMS to changing organisational needs, industry standards, and technological advancements.

The CDO must keep in mind that the key to a successful QMS lies not only in its implementation but also in its continual maintenance and improvement. It should be an integral part of the organisation's culture and operations, driven by a commitment to delivering quality products or services.

Sector Digital Maturity Assessment and Action Plan

Within the responsibility of infusing and enhancing the sector's digital culture, the CDO also must enhance the digital maturity of the sector.

Sector digital maturity refers to the level of advancement and sophistication in the adoption, integration, and utilisation of digital technologies within a particular ministry or sector.

Maturity models are widely used tools, typically employed for self-assessment, to help organisations gauge their current capabilities in specific functional, strategic, or organisational areas. By self-assessing and discussing various maturity levels and descriptors, organisations can develop a shared understanding of the changes needed to advance to higher maturity levels over time.

It encompasses various dimensions, including Governance in the digital landscape, the extent to which digital processes and tools are embedded in the sector's operations and strategies, the employees digital literacy and IT readiness and the change management in digital field relevance.

Assessing digital maturity involves evaluating how effectively a sector leverages digital innovations to enhance efficiency, service delivery and citizen engagement.

A tool is designed to help CDOs to conduct the digital maturity assessment in the Rwandan context. Structured into 4 pillars, each pillar is structured into axis and sub-axis. Each sub-axis is made of several questions with 5 options. The CDO must choose the option that is the most suited to the current sector’s current situation. Based on the option selected, the tool will give a score for each axis and pillar.

The Pillars of the Digital Maturity Model:

1. Governance: Assesses strategic alignment, leadership commitment, digital policies and reporting routines regarding digital
2. Tools, Processes, and Methodologies: Reviews the sophistication, automation, standards, and integration of digital tools and technologies in the Business.
3. People and Resources: Evaluates workforce skills, training programs, teams’ composition and size, and the collaborative culture supporting digital transformation.
4. Change Management: Analyses communication strategies, change adaptability and internal collaboration to improve innovation.

The levels of the maturity grid are:

1. Initial stage: describes sectors that have not yet defined their digital path and are still relying on legacy and traditional processing methods.
2. Emerging stage: describes those sectors that have undertaken or are undertaking digitization reforms as part of their progress towards the medium level of digital maturity.
3. Operational stage: describes sectors that have reached a certain level of maturity thanks to structured actions undertaken in the past. The sector is beginning to be rewarded in terms of digital integration, the alignment of digital with business objectives.
4. Advanced stage: describes sectors that have developed in terms of digital maturity. They serve as a benchmark for other sectors, use digital to drive innovation, are well shared across the organisation and are continually improving to stay at the forefront of digital trends.
5. Leading: This level is intended to represent the leading edge of what is generally possible today, with some collaboration with stakeholders. Sectors here are looking at what might be possible in the longer term, moving towards more transparent and increasingly demanding industry standards.

Figure 10: Digital Maturity Model levels

On each axis, several questions are designed to be completed by RISAs because the axes and sub-axes analysed are managed at RISA or central level. These areas should be monitored by RISAs, although CDOs may still make recommendations.

When filling in the Maturity Model, CDOs should gather some prerequisites:

Plan the assessment in advance: planning the assessment means finding the relevant resources to participate in the assessment. A referent can be designated per axis regarding the nature of each talent work in a team. For example, the one in charge of Cybersecurity in the team is well placed to conduct the assessment on the Cybersecurity axis.

Find enough time to conduct the assessment: The assessment can be done pillar per pillar and not necessarily the whole grid at one time. The depth demanded by each question requires time to be devoted to the exercise, and CDOs need to ensure that this is the case.

Use the KPIs set developed in the framework of the grid prior to the assessment in order to reduce subjectivity. Please refer to RISA to get the KPIs set associated with the Digital Maturity Model.

Be honest in your self-assessment: don't forget to fill in the column on justification so that you can check the option you have chosen.

Include a party from outside the Ministry in the evaluation: For example, a CDO from another ministry/sector could take part in the evaluation, act as referee/moderator to settle any differences of opinion and provide an outside perspective.

Continue to monitor progress from one year or assessment period to the next.

Provide feedback to RISA when applying the tool in order to enhance.

The step after the completion of the Digital Maturity Model is to draw an action plan to reach the next level of maturity. To draw the action plan, CDOs can rely on the description of each step in the digital maturity through the options. For example, selecting option 2, means that to reach the next level, the sector should complete the following statement or option.

The action plan should then be sent to RISA for validation before implementation.

Figure 11: Extract of the action plan to enhance sector’s digital maturity

After having identified the actions and having defined them in the Action Plan table, CDOs should share the Action Plan with the Accountable persons identified for agreement and follow-up. Regular follow-up meetings must be scheduled to monitor the implementation of the action plan.

IT Operations

Daily tasks management of the Chief Digital Officer

The role of a Chief Digital Officer (CDO) as a supervisor of the IT Department can be multifaceted, blending both operational and strategic responsibilities. Operational tasks, like ensuring systems run smoothly, data governance, and daily management, are crucial for the organisation's efficiency. However, without proper planning and delegation, these tasks can consume a significant portion of the CDO's time, potentially hindering strategic initiatives.

Effective planning and organisation are indeed vital. Delegating operational tasks to competent team members, such as business analysts, can allow the CDO to focus on strategic projects. This Strategy optimises the use of resources and expertise within the department, ensuring that both day-to-day operations and forward-looking projects receive adequate attention.

It's essential to assess the team's size and capabilities to properly delegate tasks. Larger teams should allow for more specialised roles, whereas smaller teams should require more flexible task allocation. A well-structured plan can ensure that both operational and strategic aspects receive the necessary attention without overwhelming any team member, including the CDO.

Below is a list of operational tasks which are under the responsibilities of a CDO (or Business Analyst), not restrictive:

• Systems Maintenance: Overseeing the maintenance and functionality of hardware, software, and network systems to ensure they run smoothly and securely.
• Data Governance: Implementing and enforcing data governance policies to maintain data quality, security, and compliance with regulations.
• Cybersecurity Management: Directing efforts to protect the organisation's IT infrastructure from cyber threats, including managing security protocols, incident response, and risk assessment.
• IT Infrastructure Management: Planning and managing the organisation's IT infrastructure, including servers, databases, cloud services, and other critical technology resources.
• IT Support and Helpdesk Management: Ensuring efficient and responsive IT support services for employees, troubleshooting issues, and overseeing help desk operations.
• Service providers and vendor management

Alongside these responsibilities, some general tasks are listed (not restricted) as follows:

• Budgeting and Resource Allocation: Developing and managing budgets for IT initiatives, including allocating resources effectively across various projects and departments.
• Vendor and Stakeholder Management: Collaborating with external vendors for software/hardware procurement and managing collaborations with stakeholders across the organisation.
• Policy Development: Developing and updating IT policies and procedures to align with organisational goals and industry best practices.
• Project Oversight: Supervising ongoing IT projects, ensuring they stay on track, meet deadlines, and align with strategic objectives.
• Performance Monitoring and Reporting: Tracking IT performance metrics, analysing data, and presenting reports to management to evaluate IT effectiveness and propose improvements.

These tasks require a balance between day-to-day operations and long-term strategic planning to ensure the smooth functioning of the organisation's IT landscape.

Strategic projects on which CDO or Business Analyst can be involved daily are various:

• Sector Digital Transformation Strategy and IT Roadmap Development: Creating long-term plans that align IT initiatives with the Ministry or sector’s goals, considering technology trends and potential impact. It is also about developing and implementing strategies to leverage emerging technologies (like AI, IoT, or cloud computing) to enhance processes and outcomes. It covers the implementation of the Rwandan National Digital Transformation Plan-Smart Rwanda Master Plan
• Citizen’s Experience Enhancement: Identifying opportunities to use technology to improve citizen experiences, potentially through better user interfaces, personalised services, etc.
• Innovation management: Leading efforts to explore new technologies, conducting research and development activities to identify opportunities for innovation within the organisation.
• Strategic Partnerships: Identifying and fostering partnerships with tech vendors, startups, or research institutions to bring innovative solutions and stay ahead in the industry.
• Change Management: Overseeing change management processes related to technology adoption, ensuring smooth transitions and buy-in from stakeholders.
• Data Strategy and Analytics: Developing a comprehensive data Strategy, including data governance, analytics capabilities, and leveraging data insights for informed decision-making. On this task, close collaboration with the National Data Center is key.
• Cybersecurity Strategy: Creating and implementing robust cybersecurity strategies to safeguard the organization against evolving threats and ensuring compliance with regulations. On this task, collaboration with the NCSA is key.
• IT Talent Management and Development: Developing strategies for retaining IT talent to maintain a skilled and motivated workforce. As the recruitment and training parts are under the management of RISA, the CDO should focus on the retention of talent.

These strategic tasks involve vision, planning, and alignment of technology with the organisation's overall objectives to drive innovation, efficiency, and competitive advantage.

Technical department structure (IT resources)

The CDO as a Head of the IT Department works in a structure defined according to the size of the Ministry’s ICT team. Components of the structure are:

• IT Project Management: Oversees and coordinates the planning, execution, and completion of IT projects within the department. This component is managed in many cases by the CDO and the Business Analyst (s).
• Software Development/Engineering: Engages in creating, maintaining, and enhancing software applications critical to the organisation's operations. It includes the development, design and implementation of new software solutions or modification and upgrade of the existing ones, provides quality assurance and technical evaluation of new and legacy systems and software products in the sector. The Senior Developer oversees this role and is supported by a team of developers.
• Network Operations: Responsible for maintaining and managing the organisation's network infrastructure, ensuring connectivity, security, and reliability. The network specialists are in charge of that.
• Systems Administration: Manages and supports servers, operating systems, and related software to ensure smooth operations and security across the organisation. The System Administration Specialist is in charge of the system Administration.
• Database Management: Handles the design, implementation, and maintenance of databases vital for storing and retrieving organisational data. The Database Administration Specialist is in charge of this role.
• Help Desk/Technical Support: Provides frontline support to users, troubleshooting technical issues, and offering guidance on IT-related problems. The IT Help Desk Officer is in charge of this role within the CDO team.

Figure 12: CDO Office Structure

ICT related Logistics and ICT Assets Management

An ITSM tool with built-in asset management functionalities becomes essential for enhanced asset management across various sectors within the Ministry.

The Chief Digital Officer (CDO) holds responsibility for acquisition, maintenance, and disposal of ICT assets within his/her or her Ministry. In this regard, collaborating closely with the Logistics Office of the Ministry is key.

The responsibility for managing the database of IT assets typically falls under the purview of the IT Support staff, who collaborate with the Logistics Office of the Ministry. Together, they ensure accurate and up-to-date records of IT assets are maintained, covering acquisition, maintenance schedules, and disposal processes.

At the national level, the Ministry of Finance utilises a budget management tool that incorporates a module dedicated to asset management. This tool likely assists in tracking, managing, and accounting for ICT assets within the Ministry. CDOs are required to fill in this tool the Asset of their Ministries.

RISA has a system requiring all government institutions to register their ICT assets. This centralised system aims to create a comprehensive inventory of ICT assets across government entities.

Some individual Ministries have their own independent asset management systems or processes apart from the Ministry of Finance or RISA systems. These additional systems could cater to specific needs or provide supplementary tracking mechanisms for assets within those institutions.

The collaborative efforts between the CDO and Logistics Office of the Ministry highlight the importance of a coordinated approach to asset management. The goal is to maintain accurate records, streamline acquisition processes, ensure efficient maintenance, and manage proper disposal of IT assets across government institutions. An ITSM tool can be implemented to manage ICT assets and harmonise the practices in all government institutions.

Risk Management

IT risk refers to the likelihood of an unforeseen and unfavourable business outcome resulting from the exploitation of vulnerabilities within an information system by a specific threat or malicious actor. This risk spectrum encompasses scenarios such as human error, equipment malfunction, cyberattacks, and natural disasters.

The practice of IT risk management entails applying established risk management methodologies to address IT threats effectively. This process encompasses the use of procedures, policies, and tools to systematically identify and assess potential threats and vulnerabilities within the IT infrastructure.

For more details, users can refer to the IT Risk Management Guidelines that are published by RISA.

Below are some best practices in terms of IT Risk Management. There are some steps to deploy to perform good risk management.

Step 1: Formulate a robust risk management Strategy:

The initiation of effective risk management involves the identification and assessment of potential vulnerabilities within an IT environment. Examples of these vulnerabilities include weak system passwords, unpatched systems, and downloads of malicious software. However, the manual process of identification and assessment can be both costly and resource-intensive. To streamline this process, organisations are encouraged to utilise automated tools, such as help desk or service desk software, which come equipped with risk management capabilities. These tools automatically detect and assess risks, promptly alerting security teams to potential issues.

Step 2: Conduct ICT asset management:

To mitigate technology risks effectively, maintain a continuous vigil over IT assets, including routers and servers. Employ reliable asset life cycle management software for automated, centralised network inventory, offering comprehensive insights into asset performance, security, and licensing concerns. Utilise this software to continuously monitor software licence expiration dates and receive automated alerts.

Step 3: Enhance cybersecurity:

Establishing and sustaining a secure IT infrastructure is pivotal in preventing cybersecurity risks. Employ appropriate security tools, policies, and procedures to thwart various threats. In addition to traditional measures like firewalls and antivirus software, integrate advanced security tools such as security information and event management (SIEM) software to bolster security controls. SIEM software, being automated, maintains a detailed log of security events, correlating data for swift threat identification. It facilitates automated responses to security incidents, such as blocking IP addresses linked to unauthorized activities. Leverage built-in templates for generating security and compliance reports.

Step 4: Ensure transparent communication:

Develop robust internal and external communication strategies to convey risk details to relevant parties. Clear communication expedites a coordinated response against evident threats in the IT environment, aiding faster risk mitigation, assessment, and monitoring. When devising your risk communication and management Strategy, seek input from all key stakeholders to comprehend various aspects of a given risk, including affected parties, significant challenges, and potential recovery costs.

Step 5: Implement access control:

Mitigate data security risks by instituting stringent authentication and authorization procedures within your organisation. Modern access management software assists in ensuring that only authorised users access sensitive parts of the network, thereby minimising the risk of insider threats. These tools continuously monitor file system changes to detect unauthorised alterations and generate compliance reports detailing user permissions and activities. Utilise such tools to proactively track privileged users' accounts for unusual activities, enhancing preparedness against advanced threats.

By implementing a comprehensive risk management approach, sectors can better protect their ICT assets  and systems from potential threats and vulnerabilities. Regular reviews and updates to the risk management plan ensure that it remains effective in addressing emerging risks.

Internal Audit

The approach to auditing within an IT environment differs based on whether the goal is a financial, performance, or IT audit. There are mainly three common approaches for running internal audits in best practices.

Approaches	Focus	Example
System-Oriented Approach	This approach concentrates on the examination of management systems to ensure their proper functioning	In financial management systems, auditors should assess the effectiveness and efficiency of financial controls, budgeting processes, and overall financial management practices
Result-Oriented Approach	This approach assesses whether the intended outcomes or outputs of programs and services have been achieved as planned	Auditors should evaluate the success of a government program by examining whether it has achieved its goals and produced the desired results. This could involve analysing performance indicators and comparing actual outcomes to planned objectives.
Problem-Oriented Approach	This approach involves examining, verifying, and analysing the causes of specific problems or deviations from established criteria	If there are discrepancies or issues identified in a particular area, such as a project not meeting deadlines or exceeding budgets, auditors using a problem-oriented approach would investigate the root causes of these problems

Table 2: Internal Audit approaches

Each approach serves a distinct purpose and may be chosen based on the specific objectives of the audit and the context in which it is conducted. Performance auditing aims to enhance transparency, accountability, and effectiveness in organisations by providing insights into how well systems and processes are functioning and whether desired outcomes are being achieved.

Audit always divided to four main steps:

Figure 12: Detailed steps for an internal audit activity

The process is indeed iterative, as new insights gained during the conduct phase may lead to adjustments in the audit plan. Additionally, the reporting stage may involve ongoing discussions and feedback with stakeholders, and the follow-up process ensures that the audit's impact is sustained over time.

That said, it is worth checking the list of items to be audited by the CDO teams. The list provided below is the one used by external auditors for Audit procedure and should be followed by the sector IT structure. The categories of audit checklist are mentioned in the table below, and detailed audit questions are presented in the annex of this Handbook.

N	CONTROL	Content
A	ACCESS CONTROL POLICY AND PROCEDURES	Access control policy, procedures for account registration and follow-up, user access privileges reviewing, strong password enforcement, sessions automatically log off after a period, remote access limitations, authentication to access the network, risk assessment performed before allowing mobile devices on the organisation system…
B	SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES	Existence of information security awareness program at the organisation level, security training to all information system users
C	AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES	Auditable events clearly defined with an audit frequency and audits records
D	SECURITY ASSESSMENT AND AUTHORIZATION POLICIES AND PROCEDURES	documented/shared Information security policy in place, periodic security assessment conducted and reports available, critical infrastructures and their protection plan in place
E	CONFIGURATION MANAGEMENT POLICY AND PROCEDURES	Baseline configuration of the information system as well as change management procedure existence, definition of a list of prohibited or restricted functions, ports, protocols and/ or services
F	BUSINESS CONTINUITY PLANNING POLICY AND PROCEDURES	Business continuity plan in place and periodically tested, periodic information backup to support the recovery time, back-up routine
G	INCIDENT RESPONSE POLICY AND PROCEDURES	appropriate incident handling procedures in place and known by all the staff
H	SYSTEM MAINTENANCE POLICY AND PROCEDURES	written standard for system maintenance, maintenance support process ensure confidentiality of information, maintenance services provided by licensed/certified people/firm
I	MEDIA PROTECTION POLICY AND PROCEDURES	electronic media disposal Policy, secure store for electronics and physical media within a physically secure or controlled area
J	PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES	physical access restricted to selected employees, control all items brought into or taken out of the computer/server room, sensitive application servers/ systems located in a physically restricted area
K	PERSONNEL SECURITY POLICY AND PROCEDURES	procedures address personnel screening and records of screened personnel, personnel termination/transfer; records of personnel termination/transfer actions
L	SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES	information security and information security risk management integrated into the system development life cycle, include and consider security requirements in acquisition contracts, use software in accordance with contract agreements and copyright laws?
M	SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES	separate application for users and managers/admin, mechanism to prevent unauthorised and unintended information transfer via shared system resources, information system that protects and prevents DoS, continuous monitoring Strategy and reporting of the security status of the information system
N	SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES	antivirus software and endpoint security installed in the systems, all staff been advised of the virus prevention procedures, centrally manage antivirus software and endpoint security, receiving security alerts, advisories, and directives from designated external institutions
O	DISASTER RECOVERY	contingency plan provide for recovery and extended processing of critical applications in the event of catastrophic disaster, recovery plans approved and regularly tested, disaster recovery teams established to support disaster recovery plan, responsibilities of individuals within disaster recovery team defined and time allocated for completion of their task, recovery plan ensure, in the event of failure that no loss of data received but not processed, no reprocessing of data already processed

Table 3: Internal Audit check

The above list is provided by RISA and is subject to change. Please refer to the Internal IT Audit Guidelines from RISA for the latest available checklist.

Financial Responsibilities

As a department head, the CDO has financial responsibilities. The Chief Digital Officer (CDO) carries significant financial responsibilities, including budget planning for the upcoming year.

Budgeting responsibilities:

In the process of defining the next year's budget in October of the previous year, the CDO needs to consider various aspects:

Budget Planning: Assessing the IT department's needs, including operational expenses, new projects, upgrades, software/hardware requirements, cybersecurity measures, staff training, and other relevant expenses.

Forecasting: Predicting and estimating the costs based on past expenses, expected growth, technological advancements, and any upcoming projects or initiatives.

Allocating Resources: Determining the allocation of financial resources to different areas within the IT department, prioritising strategic initiatives while also ensuring operational efficiency.

Regarding the budget submission and integration into the overall Ministry budget, there should be variations in how it's accounted for, depending on the Ministry’s organisation.

Some Ministries prefer a specific line item in the budget dedicated solely to IT projects. This delineates the funds explicitly allocated for IT operations, projects, and maintenance.

In other cases, the IT budget should be integrated into a more general expense category. This could include various administrative or operational costs beyond IT, making it part of the broader operational expenditure.

The decision to place the IT budget in a dedicated line or within general fees should depend on the organisational structure, accounting practices, and the Ministry's preferences for budget categorization.

The budgeting process depends on whether it is an ordinary budget (provided by MINECOFIN) or it is through the Development Partners.

Ordinary budget: from MINECOFIN

Figure 13: Budget planning procedure for government funding

In addition, CDOs plan how to spend the budget and report on how the budget is spent.

Via DPs

Figure 14: Budget planning procedure for DPs funding

*Either reimbursement against invoice or reimbursement after disbursement, or disbursement directly by the donor to the Ministry.

Following the annual budget approval, the CDO oversees the implementation of IT projects' budget allocation. Occasionally, funds may need to be redirected to address urgent Ministry needs. In such instances, the CDO restructures IT project priorities to reallocate resources accordingly.

Additionally, the CDO holds the responsibility of greenlighting IT expenditures before payments are made to providers.

For as long as a project falls within the remit of its ministerial department, the CDO is responsible for planning, implementing and reporting on the use of funds.

Procurement and Vendor Management

Needs identification and procurement plan

Before any procurement activities take place, it's essential to have a clear plan in place. This plan outlines what needs to be purchased, when it needs to be acquired, and how it aligns with the organisation's goals and budget.

Before creating the procurement plan, there's a phase of identifying what exactly should be included in it. This involves a thorough assessment of the organisation's needs, considering factors such as operational requirements, budget constraints, and any regulatory or compliance considerations.

Reviewing and approving department purchases

The CDO and his/her team are responsible for ensuring that the Ministry or sector receives the necessary resources on time. This involves not only identifying the needs but also coordinating with vendors or suppliers to facilitate timely delivery and implementation.

The expenditures typically fall into two categories: development project budgets and operational budgets.

The development project budget encompasses expenses associated with project deployment. For instance, these could involve prototyping and Proof of Concept, consulting or Professional Services, Software Development, System Integration…

On the other hand, the operational budget includes expenses tied to the day-to-day functioning of the IT department. This incorporates purchases such as IT Consumables, Hardware and Software Maintenance, IT Security Expenses...

The national procurement laws and guidelines must be applied for managing the procurements.

It is incumbent upon CDOs to meticulously review and validate these expenses before they are processed for payment by the sector's financial department. This duty necessitates the establishment of an expenses follow-up tool. The tool will serve to compare budget consumption against the allocated budgeted amount, mitigating the risk of surpassing the budget limit by the end of the fiscal year. CDOs are advised to leverage tools already in place for budget management and expenses follow up.

By implementing an effective expense monitoring system, the CDO ensures prudent financial oversight, preventing potential over budget situations and maintaining financial discipline within the IT department. This meticulous approach not only ensures efficient resource allocation but also contributes to the overall fiscal health and strategic planning of the sector.

Management of Framework Contracts

RISA holds framework contracts that encompass a significant portion of the necessary purchases for CDOs across their respective sectors. RISA is in charge of negotiating and signing these framework contracts.  However, consulting with the CDO and their teams before considering and negotiating each framework enhances decision-making and promotes alignment with public administrations needs and goals. It reflects a strategic approach to procurement and contract management that prioritises public administrations effectiveness.

CDOs are tasked with providing feedback to RISA regarding any purchases not covered within the existing frameworks.

This process mandates that when a CDO requires a purchase, the initial step involves reviewing RISA's framework contracts before exploring alternative procurement options. Should the specific need not be covered by an existing framework contract, it must be forwarded to RISA for approval, alongside the sector's management. Further details regarding this scenario will be outlined in the subsequent section titled "Negotiating contracts with vendors and service providers."

Framework contracts denote agreements directly negotiated between RISA and providers, possessing both commencement and expiration dates. Prior to the contract's expiration and the decision on renewal, CDOs are approached to provide feedback to RISA based on their prior experiences with the providers. This feedback is strongly encouraged and must be submitted to RISA on a quarterly basis as per compliance requirements.

Moreover, enhancing the management of framework contracts necessitates the incorporation of best practices in contract management. Some examples are listed below:

Satisfaction KPIs: Introducing KPIs specifically focused on satisfaction metrics allows for the quantification and assessment of customer contentment with the suppliers. These metrics should encompass feedback mechanisms, surveys, or ratings that gauge the satisfaction levels of CDOs and other stakeholders with suppliers’ services. These KPIs must be about:

• Satisfaction Levels: Gauge the contentment of CDOs, teams, or sector employees with the supplier, considering aspects like responsiveness, support quality, and overall satisfaction.
• Service Efficiency: Evaluate the efficiency and effectiveness of the services rendered by the provider in meeting established goals and requirements.
• Timeliness Comparison: Measure the average service delivery time against market practices to assess whether the provider meets or exceeds industry benchmarks.
• Innovation in Service: Assess the provider's innovative approaches or unique solutions offered during service delivery, showcasing adaptability and progressive strategies.
• Provider Availability: Evaluate the provider's accessibility and availability for support or inquiries within specified working hours or agreed-upon schedules.
• Response and Intervention Times: Monitor the average time taken by the provider to respond to queries or issues raised and the time taken for intervention or problem resolution.
• Emergency Service Quality: Analyse the quality and effectiveness of the alternative solutions or temporary services provided in emergency situations, ensuring they meet required standards and mitigate disruptions effectively.
• Service after sales satisfaction: It measures the degree to which CDOs are satisfied with the support, assistance, or resolution provided after they've received a service or a product from a supplier: quality of Support, Follow-Up Communication…

The process must involve each CDO providing input or feedback regarding the suppliers/service provider's performance through these designated KPIs. Once the CDOs have completed and submitted their assessments, RISA consolidates this data promptly. This allows for an ongoing compilation of Key Performance Indicators, enabling RISA to continuously monitor the service provider's performance throughout the contract duration.

RISA needs to establish a feedback template or portal to allow the CDO team to provide feedback on specific contracts. The establishment of a feedback template or portal for feedback on each contract by the CDO team is a proactive step towards enhancing communication, streamlining processes, improving contract evaluation, fostering continuous improvement, and promoting accountability in procurement and contract management practices.

By regularly gathering and aggregating these KPIs, RISA gains timely insights into the supplier’s performance at various stages of the contract. This proactive approach enables RISA to make more informed and well-grounded decisions, especially when approaching the contract's conclusion or when contemplating renewal or modifications to the existing agreement.

The prompt compilation and review of these KPIs empower RISA to assess the service provider's effectiveness, address any identified issues or areas for improvement, and make strategic decisions based on comprehensive data and evaluations provided by the CDOs.

There also must be Service Level Agreements (SLAs) in the contract signed with the suppliers. The implementation of SLAs establishes clear expectations between RISA and the service suppliers. These agreements outline agreed-upon response times, resolution deadlines, and quality benchmarks, ensuring that services align with predefined standards. RISA must be responsible for forcing suppliers to comply with these SLAs. In the event of non-compliance, penalties must be applied, up to and including termination of the service contract.

A framework for monitoring and reporting performance against SLAs and satisfaction KPIs should be put in place. Regular assessments and reports will provide insights into service delivery effectiveness, enabling continuous improvement and informed decision-making.

Ticketing Systems: A ticketing system will be introduced to manage and track service requests and issue resolution. This systematic approach ensures that every reported issue or service request is documented, assigned, and tracked through to resolution, promoting accountability and efficient service delivery.

Negotiating Contracts with vendors and service providers

 As mentioned in the section on negotiating framework contracts, purchases not covered under the framework contract may entail direct negotiations between the CDO and suppliers. Nonetheless, adherence to the Rwandan Public Administration procurement procedure is mandatory for guidance on the purchasing process. Please, refer to guidelines for acquisition and upgrade of IT systems.

Specifically, for CDOs, obtaining RISA's approval is essential before releasing the terms of references for any purchase. Moreover, when multiple approvals are granted and CDOs are poised to engage in vendor contract negotiations, it's crucial to implement recommended best practices.

Effective contract negotiation involves strategic planning, communication, and a focus on achieving mutually beneficial outcomes. Effective contract negotiation also involves a balance of assertiveness and collaboration to achieve favourable outcomes for both parties. Being well-prepared, maintaining a constructive dialogue, and seeking mutually beneficial solutions are crucial aspects of successful contract negotiations.

Here are some best practices:

Preparation is Key: Thoroughly research and understand all aspects of the contract, including terms, conditions, goals, and potential risks. Clarify your organisation's needs, priorities, and desired outcomes before negotiations begin.

Set Clear Objectives: Define clear and realistic objectives for the negotiation process. Establish what you aim to achieve, whether it's cost savings, service enhancements, or specific deliverables.

Build Collaborations: Foster a positive and collaborative collaboration with the other party. Focus on mutual respect, transparency, and open communication to create a conducive negotiation environment.

Understand Alternatives and Leverage: Know your alternatives and leverage points. Understand what alternatives exist if the negotiation doesn't yield the desired outcome and use these as negotiating leverage.

Flexibility and Creativity: Be flexible and open to creative solutions. Explore various options beyond just price, such as performance-based incentives or long-term partnerships that benefit both parties.

Listen Actively: Actively listen to the other party's concerns, needs, and perspectives. Understanding their goals can help identify areas of agreement and compromise.

Negotiate Incrementally: Break down the negotiation into smaller, manageable components. Negotiate each aspect separately, allowing for compromises and concessions on less critical points.

Be Patient and Respectful: Negotiations can take time, so exercise patience. Remain respectful and professional throughout the process, even during challenging discussions.

Document Agreements: Ensure all agreements, concessions, and terms discussed during negotiations are documented in writing. This helps prevent misunderstandings and serves as a reference for both parties.

Seek Legal Advice: Involve legal experts or contract specialists to review and provide guidance on the terms and conditions. They can ensure legal compliance and protect your organisation's interests.

Review and Follow-Up: Review the negotiated terms thoroughly before finalising. Ensure that both parties understand and agree on the finalised terms. Follow up with regular reviews to ensure compliance.

There also must be Service Level Agreements (SLAs) in the contract signed with the suppliers. The implementation of SLAs establishes clear expectations between the CDO and the service suppliers. These agreements outline agreed-upon response times, resolution deadlines, and quality benchmarks, ensuring that services align with predefined standards.

The CDO must define a framework for monitoring and reporting performance against SLAs and satisfaction KPIs. Regular assessments and reports will provide insights into service delivery effectiveness, enabling continuous improvement and informed decision-making.

Vendors Management

Successful vendor management allows key benefits. By effectively managing vendors, CDOs can foster strong partnerships, optimise performance, mitigate risks, and ensure that vendor collaborations contribute positively to overall business objectives. Some benefits are:

• Improve vendor selection
• Harness cost savings
• Speed up vendor onboarding
• Reduce the risk of supply chain disruption
• Strengthen supplier collaborations
• Negotiate better rates

Managing sector’ vendors involve several mandatory steps to ensure effective collaborations and optimal performance.

Vendor Onboarding: Streamline the onboarding process for new vendors. Provide necessary documentation, guidelines, and training to ensure they understand your sector's requirements and standards.

Establish Clear Expectations: Clearly communicate your sector's expectations regarding performance, quality, timelines, reporting, and communication channels.

Performance Monitoring: Implement Key Performance Indicators (KPIs) to measure vendor performance against agreed-upon benchmarks. Regularly monitor and evaluate their performance.

Regular Reviews and Meetings: Schedule periodic meetings and reviews with vendors to discuss performance, address any issues, provide feedback, and align strategies.

Communication Channels: Establish effective communication channels to facilitate ongoing dialogue, address concerns promptly, and maintain transparency.

Vendor and Third-Party Risk Management: Assess the cybersecurity measures of third-party vendors and contractors. Ensure that they comply with your department's security standards. Identify potential risks associated with vendors and develop risk mitigation strategies to manage disruptions or failures.

Compliance and Governance: Ensure vendors comply with legal, regulatory, and ethical standards. Implement governance frameworks to oversee adherence to contractual obligations.

Collaboration Building: Foster strong collaborations with vendors based on trust, collaboration, and mutual respect. Cultivate partnerships rather than transactional interactions.

Performance Improvement Plans: Collaborate with vendors to create improvement plans if performance falls short. Set achievable goals and monitor progress.

Exit Strategies: Have well-defined exit strategies in case a vendor collaboration needs to be terminated. Ensure a smooth transition to alternative suppliers without disrupting operations.

Incentives and Rewards: Offer incentives or rewards for outstanding performance to encourage vendors to exceed expectations.

Continuous Improvement: Continuously seek opportunities for improvement and innovation in vendor collaborations, processes, and outcomes.

Standards, Methodologies, Tools and Technologies

Digitization Project Methodologies Baseline

Digital transformation efforts encompass various aspects, including technology adoption, process optimization, cultural change, and customer experience enhancement. Given the scope and complexity of these projects, CDOs require robust methodologies to ensure comprehensive planning, execution, and monitoring. Established methodologies offer structured approaches and frameworks that enable CDOs to be more efficient in their work while achieving their objectives.

The table below provides some methodologies used in the digital transformation field.

Tools and Technologies Baseline

As CDO and Business Analyst in a sector, various tools and technologies are used by the Office team to conduct the projects. These tools and technologies are standardised, and a common base of the tools and technologies is realised under the collective work of the CDOs and the support of RISA.

The tools and technologies are categorised as follows:

1. Front-end tools
2. Front-end framework tools
3. Back-end tools
4. Back-end framework tools
5. Source code management and version control
6. Mobile apps development
7. Security check tools
8. Data analytics and Data Visualization
9. Infrastructure and deployment
10. Application server
11. Operating system
12. Authentication
13. Process communication Protocol
14. Unit testing and API testing
15. Machine learning and computer vision
16. Collaboration and communication
17. Project management
18. Monitoring and evaluation
19. Finance and management system
20. Procurement

In each category, some tools are already deployed by RISA for all sectors (example regarding data analytics, process communication protocol, collaboration and communication, project management etc…). In addition to them, some tools commonly used and recognized by the community of CDOs and their teams are presented.

Regarding the tools available at RISA, requests should be made to have License to use them. Regarding the other tools mentioned in the tools’ set, a public procurement process should be followed to acquire them.

However, when a Chief Data Officer selects a tool, several critical criteria must be considered to ensure alignment with governmental policies and objectives:

Data Sovereignty Compliance:

It is imperative to ensure that any tool selected guarantees the data sovereignty of the Government of Rwanda. Tools that might expose sensitive public information or create breaches in data sovereignty must be avoided. The selected tool should ensure that all data is stored, processed, and managed within the jurisdiction of Rwanda, complying with local laws and regulations.

Data Protection and Data Privacy Assurance:

The tool must ensure robust data protection and privacy measures. Given the sensitivity and confidentiality of government data, the tool should include advanced encryption, access controls, and compliance with data protection regulations such as GDPR or local equivalents. The confidentiality of data must be a top priority to prevent unauthorised access and breaches.

Robust Security Features:

Security is a critical factor when selecting any tool. The tool must have strong security measures to protect against cyber threats and vulnerabilities. This includes regular security updates, threat detection mechanisms, and compliance with cybersecurity standards. The tool should not introduce any security risks that could compromise Government Data.

Cost Considerations and Budget Compliance:

The cost of the tool is a crucial criterion, especially considering the budgetary constraints of public administrations. The tool should offer good value for money, fitting within the budget ceilings of the Rwandan public sector. It is essential to evaluate the total cost of ownership, including initial purchase, maintenance, and potential future upgrades.

User Capacity and Accessibility:

The size and needs of the user base must be considered. The tool should be able to accommodate the current number of users and have the capability to scale as the number of users grows. It should provide a seamless experience for all users, ensuring accessibility and ease of use for Government employees.

Scalability and Adaptability:

The tool must be scalable and adaptable to handle varying workloads without compromising performance. This includes managing latency effectively and ensuring that the tool can grow with the organisation's needs. The ability to adapt to increased data volumes and user demands is essential for long-term viability.

Finally, validation of RISA can be needed for some tools. Please refer to the guidelines on the tools procurement at RISA. The reader can refer to RISA to get the tools set.

Change Management, Communication and Collaboration

Change Management in Digital Transformation

Digital transformation change management refers to the strategies, processes, and practices implemented to manage the significant changes that come with integrating digital technologies into an organisation. This involves not only the adoption of new technologies but also ensuring that the organisation’s culture, structure, and processes evolve to support and maximise the benefits of these technologies. The work of the CDO and their team involve driving this kind of changes at different levels. This means conducting stakeholders’ alignment, improving collaboration, interacting with users, and managing talents very well.

 Stakeholder Alignment

As of now, the journey to smooth change management is small. CDOs are trying to drive change management within their sectors.  Stakeholders’ alignment is one of the key challenges, whether internal or external. One of the key reasons results in planning in silos and involving stakeholders at a later stage of the project, when they also have other priorities and little room for contribution.

As a solution to this challenge going forward, CDOs are encouraged to engage stakeholders and users prior or during the planning phase. A stakeholder matrix is needed in order to keep all stakeholders aligned throughout the implementation.Improving Collaboration

Although CDO teams are set up by sectors, their work benefits the entire government, and depend on each other. Internal collaboration within the sector is important, but also intra-collaboration within teams is important. The same way CDO have a community of practice, this should escalate to their teams as well. For example software developers should have their own vibrant community, same applies to network engineers, and so on.

In order to achieve this, it is  recommended for RISA to facilitate by providing open co-working spaces where CDO team members can convene and work from once in a while. It will be a place to connect, learn, and support each other better.

Interacting with users

Digital transformation means solving problems for a particular segment of users. In most cases, these users are not involved from the get-go. Also, a good number of digital solutions do not respond to the needs of these users, thus resulting in digital wastes. In order to avoid this, CDOs should engage in problem discovery, and continue re-discovering the problem by interacting with users to validate their assumptions and solutions.  What is the problem? Who has the problem? How bad is the problem? Etc.

Here are few steps we propose to CDO team to follow:

1. Form a team of users to represent others: For example, if solving a problem for farmers, one needs to have a small group of farmers who represent others. They will help you validate any idea that you have. If it is Judges, teachers, etc., same thing. Using tools such as figma to create mockups and various visualisations to help users understand the solution.
2. Use continuous delivery approach (agile): Instead of dropping the final product at once, deliver features that add value, one at a time. This will help in enhancement and be easy to adapt to (less disruption).
3. Support: Plan for support teams in order to facilitate adoption
4. Awareness campaigns: Plan and run various campaigns to various segments of users.

 Set right KPIs and metrics to measure success

In order to achieve the results or a particular change, the CDO team needs to set and monitor important metrics. For example, number of users signed up, number of downloads, number of services requested, etc. This will help to improve and product/solution.

The Chief Digital Officer plays a multifaceted role in change management, driving Ministry and sector digital transformation, engaging stakeholders, communicating effectively, managing projects agilely, measuring progress, and building digital capabilities. By leveraging their expertise and influence, the CDO accelerates the pace of digital transformation and positions the Ministry or sector for sustained success in the digital age. The Chief Digital Officer serves as a catalyst for organisational evolution in the digital age.

Effective change management in the digital transformation project necessitates to implement some best practices:

Start by “Cultural Transformation”:

One of the primary responsibilities of a CDO in change management is to drive cultural transformation within the organisation. This involves cultivating a digital-first mindset across all levels of the sector, instilling values of innovation, collaboration, and adaptability. The CDO works to break down silos and foster a culture where employees are empowered to embrace change, experiment with new ideas, and embrace digital tools and methodologies in their daily work.

Set “Leadership and Vision”: Effective change management requires strong leadership and a clear vision for the future. The CDO plays a critical role in articulating this vision, aligning it with the organisation's strategic objectives, and rallying stakeholders behind it. By communicating the benefits and rationale of digital transformation initiatives, the CDO inspires confidence and enthusiasm among employees, encouraging them to embrace change and actively contribute to its success.

Fostering “Stakeholder Engagement”: Change management often involves navigating complex stakeholder dynamics and managing resistance to change. The CDO acts as a bridge between different departments, business units, and leadership levels, fostering collaboration and alignment around common goals. Through proactive stakeholder engagement, the CDO builds relationships, addresses concerns, and ensures that all voices are heard throughout the change process. It is important to involve Ministry or sector employees, service providers, partners and other stakeholders from the outset of the digital transformation process. This helps to gather their opinions, allay their concerns and mobilise them in favour of change.

Work actively on “Change Communication”: Effective communication is essential for driving successful change initiatives. The CDO develops comprehensive change communication strategies that keep employees informed, engaged, and motivated throughout the transformation journey. This includes regular updates, town hall meetings, training sessions, and other channels to disseminate information and gather feedback from employees.

Clear and consistent communication is essential throughout the change process. Employees must be informed of the objectives of the change, how it will affect them and what support they will be given.

Agile Project Management: Digital transformation initiatives often require an agile approach to project management, with iterative cycles of planning, execution, and evaluation. The CDO oversees these initiatives, ensuring that they are executed efficiently, on schedule, and within budget. By embracing agile methodologies, the CDO fosters a culture of experimentation and learning, where teams can quickly adapt to changing market conditions and customer needs.

Measuring and Monitoring Progress: Change management requires ongoing monitoring and evaluation to measure progress, identify bottlenecks, and course-correct as needed. The CDO establishes key performance indicators (KPIs) and metrics to track the success of digital transformation initiatives, providing regular updates to stakeholders and making data-driven decisions to drive continuous improvement. It is important to measure and evaluate the effectiveness of change management initiatives. This enables areas for improvement to be identified and any necessary adjustments to be made.

Celebrate successes: It is important to celebrate successes throughout the digital transformation process. This motivates employees and builds their support for change.

Building Digital Capabilities: Finally, the CDO is responsible for building digital capabilities within the sector, including talent development, skills training, and knowledge sharing. By investing in employee development and fostering a culture of lifelong learning in collaboration with RISA, the CDO ensures that the organisation is equipped to thrive in an increasingly digital and competitive landscape. It is important to provide employees with the training and support they need to use the new technologies and processes. This can include formal training, mentoring and online support.

Internal Communication

As mentioned above, communication is key for the success of Digital transformation projects. Internal communication within an organisation serves as the lifeblood of its operations, fostering collaboration, alignment, and engagement among employees.

Effective internal communication entails the exchange of information, ideas, and feedback across all levels and departments of the organisation. It encompasses various channels and platforms, including email, intranet portals, team meetings, and digital collaboration tools, each tailored to suit the organisation's unique needs and culture. Strong internal communication ensures that employees are well-informed about sector goals, strategies, and updates, fostering a sense of transparency and trust.

Moreover, it facilitates knowledge sharing, enabling employees to leverage each other's expertise and resources to drive innovation and problem-solving.

Additionally, internal communication plays a crucial role in fostering a positive organisational culture, where open dialogue, recognition, and feedback are encouraged. By prioritising internal communication, organisations can enhance employee morale, productivity, and overall performance, ultimately contributing to their long-term success and sustainability.

In the Rwandan public administration, QT connect is a tool deployed to enable and ease communication in teams across the Government. CDOs should use it and enforce the team to use it.

IMPROVEMENT OF INTERNAL COMMUNICATIONS

Invest in internal communications: with a fine identification of priorities for the CDO network:

• Share documentation and tools, and make them accessible online: CDO Handbook, tools for digitalization, tools for project management, communication templates, etc.;
• Create rituals on communications: for instance a monthly meeting to assess needs from CDOs and share RISA communications roadmap
• Communicate and encourage the staff to use asynchronous communications tools such as QT Connect.

External Communication

The external communication of a department or sector is a means of interacting with external stakeholders, including citizens, partners and the public. This communication is essential for building and maintaining relationships, achieving the organisation's strategic objectives.

External communication encompasses a wide range of activities and here are some tools that can be used:

• Community Outreach Programs
• Government Websites and Online Portals
• Public Education Campaigns
• Social Media Engagement
• Events and workshops
• Annual Reports and achievement updates
• Public Consultations and Surveys

External communication serves as a means of gathering feedback, market insights, and competitive intelligence, helping the sector to adapt and respond to changing external dynamics.

External communications demonstrate how public administrations engage in diverse external communication activities to inform, engage, and involve citizens and other stakeholders in government digital services design processes.

Recommendations for future actions in terms of communications: 

#1 - RESOURCES FOR CONVERGING EXTERNAL COMMUNICATIONS

Create shared resources to enhance Rwanda’s “brand” on digital transformation progress. Some ideas: 

• Upgrade website templates and make it a real design system for digital public services
• Give the possibility to CDO teams (not only CDOs but also team members) to communicate on their actions
• Pool resources at RISA level and make it available for CDOs: coordinated the communications specialists, this could include video/sound recording material, possibility to create visuals, support to write messaging, …

#2 - PUBLIC ACCOUNTABILITY ON RWANDA DIGITAL TRANSFORMATION JOURNEY

Create accountability momentums to report publicly on public services digitization and engage stakeholders, for instance:

• Bi-monthly public events (or press conference) to show the results of the mass digitization project: a dashboard could be showcased with key indicators and some project analysts could explain the results and announce future actions
• Demo Days: when a new digital service is launched between tech communities (fictive examples: a developer from the Ministry of Environment can share what he/she has just developed to facilitate meteorologic data exploitation, a data-scientist from a public agency can share a new model for customs selectivity, …)
• Participatory events, such as hackathons, ideations, consultations: including tech students, entrepreneurs, researchers, …: this could happen for any “reason” (new dataset released in open data, launch of a new public policy needing some ideas, solving a “public problem” related to the digital strategy…)
• Introduce the concept of establishing formal feedback mechanisms to gather insights from employees, stakeholders, and end-users throughout the digital transformation journey. Discuss how feedback loops can provide valuable information for refining strategies, addressing challenges, and ensuring that initiatives meet the evolving needs of all stakeholders.

Collaboration Tools

To enhance collaboration within the public administration, RISA and the Government utilise various tools. To familiarise oneself with these tools, please consult the section on Tools, Processes, and Methodologies, where they are comprehensively documented. Utilising these tools is imperative to achieving their intended purposes effectively. While open tools accessible online may be used, it is recommended to prioritise the use of specific internal tools whenever available, and to do so judiciously.

Standards and Guidelines

Nationwide standards in the IT field

Information Security Policy:

The CDO must ensure the confidentiality, integrity, and availability of government data and information systems by implementing appropriate technical, physical, and administrative controls. The policy should also outline the roles and responsibilities of different stakeholders, including government agencies and third-party service providers, in maintaining information security.

Data Privacy Policy: The CDO must ensure that the personal data of citizens and residents is collected, used, stored, and processed in accordance with Data Privacy Policy law and ethical standards. The policy should outline the measures that the government must take to protect sensitive information and ensure transparency and accountability in data handling.

Open Data Policy: The CDO must promote transparency and accountability in government by making non-sensitive government data available to the public for research and analytics in machine-readable formats. The policy should outline the criteria for data sharing, access, and reuse, as well as the procedures for addressing privacy and security concerns.

Accessibility Policy: The CDO must ensure that digital government services and content are accessible to all citizens and residents, including those with disabilities. The policy should outline the measures that the government institutions must take to make its websites, mobile applications, and social media platforms accessible and user-friendly for all users.

ICT Procurement Policy: The CDO must ensure that ICT products and services procured by the government are of high quality, meet government needs, and are procured through transparent and competitive processes under the centralised framework contracts provided by RISA.

Digital Inclusion Policy: The CDO must ensure that citizens and residents have access to digital technologies and skills, particularly in underserved communities and among marginalised groups.

Sector Blueprint definition guidelines

Currently, RISA developed guidelines for CDOs to develop their sector blueprint. Please refer to the guidelines provided by RISA on Blueprint definition.

Indeed, each CDO is supposed to provide his/her sector guidelines to RISA. The elaboration of these guidelines is subject to some principles that are gathered in the guidelines. The institution’s IT blueprint is a basic requirement for RISA’s approval and MINECOFIN’s funding for IT projects. The blueprint results into clear steps namely: the AS-IS situation, the To-Be situation, the Gap analysis and the roadmap.

Developing a target blueprint requires careful planning, collaboration, and adaptability. It serves as a guiding document to steer the organisation toward its intended goals while allowing for flexibility to adapt to changing circumstances or opportunities.

Developing a target blueprint involves creating a detailed plan or framework that outlines the specific goals, strategies, and actions required to achieve a desired outcome or vision.

Here are the steps for the development of the sector’s blueprint set-up by RISA Guidelines:

Figure 15: Blueprint definition steps

For detailed content of each step, please refer to the Blueprint Development Guidelines for GoR document.

Following these steps helps ensure a systematic and comprehensive approach to developing a sector blueprint in line with RISA guidelines, facilitating successful implementation and achievement of sector goals.

Below a focus on the fifth step, the definition of the Target Blueprint (extract from the GOR blueprint definition guidelines).

Figure 16: Blueprint definition step 5 (extract from the GOR blueprint definition guidelines)

Standards at the CDO in a sector level: Guidelines per topic to be considered.

RISA has developed guidelines on various topics on which CDOs at sectoral level should comply with. In the section dedicated to KPIs for performance management, a list of KPIs are provided to measure how much the sector ministries and affiliated agencies comply with these guidelines.

Please refer to the various institutions, RISA, NCSA and MINICT website for the detailed guidelines.

In addition to these guidelines, there are best practices on which the work can be based to build the Guidelines. Comprehensive view on the necessary Guidelines in digital transformation in public sector is presented below:

External Contacts and Relations

Contact with Regional Associations

Partnering with regional associations is crucial for Chief Digital Officers (CDOs) as it offers numerous benefits for advancing digital initiatives within organisations. These associations serve as valuable platforms for networking, knowledge sharing, and collaboration with peers in the industry. By joining forces with regional associations, CDOs gain access to valuable insights, best practices, and emerging trends in digital technology. Moreover, these partnerships enable CDOs to leverage collective expertise, resources, and experiences to address common challenges and drive innovation. Through strategic collaboration with regional associations, CDOs can foster meaningful connections, stay informed about industry developments, and strengthen their digital transformation efforts to achieve organisational goals effectively.

Contact with Industry Partners and Technology Providers

Collaborating with industry partners and technology providers is paramount for Chief Digital Officers (CDOs) in driving effective digital transformation initiatives. By establishing strategic alliances with industry leaders and technology firms, CDOs gain access to cutting-edge solutions, expertise, and resources essential for implementing innovative digital strategies. These partnerships enable CDOs to stay abreast of the latest technological advancements and industry trends, ensuring that their organisations remain competitive in today's rapidly evolving digital landscape. Moreover, working closely with industry partners fosters collaboration and knowledge exchange, facilitating the development of tailored solutions that address specific business needs and challenges. Overall, forging strong relationships with industry partners and technology providers empowers CDOs to accelerate digital transformation efforts, drive organisational growth, and deliver enhanced value to stakeholders.

Contact with Standardization and Certification Bodies

Working closely with Standardization and Certification Bodies is essential for Chief Digital Officers (CDOs) to ensure that their digital initiatives adhere to industry standards and best practices. By collaborating with these bodies, CDOs can align their projects with established frameworks, ensuring interoperability, compatibility, and security. This partnership enables CDOs to leverage standardised approaches, reducing complexity, and mitigating risks associated with non-compliance. Additionally, certification ensures credibility and trustworthiness, validating the organisation's commitment to quality and reliability in its digital offerings. Thus, by engaging with Standardization and Certification Bodies, CDOs can enhance the effectiveness and trustworthiness of their digital transformation initiatives.

Contact with end-users

Collaborating with end users is paramount for Chief Digital Officers (CDOs) to ensure the success of digital initiatives. By engaging with end users, CDOs gain valuable insights into their needs, preferences, and pain points, allowing them to tailor solutions that meet user expectations. This collaborative approach fosters user adoption and acceptance, driving the effectiveness and usability of digital services and platforms.

Moreover, involving end users in the design and testing phases enables CDOs to identify and address potential issues early on, resulting in more robust and user-friendly solutions. Ultimately, working closely with end users empowers CDOs to deliver digital experiences that truly resonate and add value to the administration.

CDOs can then build some best practices such as:

Physical gathering platforms: community of users, first users community, ambassadors programme, Focus Groups. A CDO can create these communities for a specific sector (farmers for agriculture, diaspora for foreign affairs Ministry, students for Ministry of Education, etc.), or can use existing end-user communities deployed for other government services.

Online tools: Government Service Portals, Community Forums and Discussion Boards, Civic Engagement Platforms, Social Media Platforms, Feedback Forms and Surveys, Mobile Apps and Chatbots, online Forums and Communities. A CDO can deploy these tools, and RISA as well can build these tools that can be used and reused by different sectors.

Online events: Citizen Feedback Portals, Online Complaint Resolution Platforms, User Testing Sessions, Webinars and Online Workshops. A CDO can organise these events for a specific sector services developed or being developed.

By leveraging these platforms effectively, CDOs can enhance citizen engagement, improve access to public services, and foster transparency, trust, and accountability in government operations.

Contact with the Innovation Ecosystem

Collaborating with the innovation ecosystem is paramount for a Chief Digital Officer (CDO) to drive digital transformation effectively. 
By engaging with startups, accelerators, incubators, research institutions, and innovation hubs, the CDO can tap into a diverse pool of talent, ideas, and technologies. This collaboration fosters a culture of innovation within the organisation, enabling the CDO to access cutting-edge solutions, stay abreast of emerging trends, and experiment with disruptive technologies.

Moreover, partnering with the innovation ecosystem provides opportunities for co-creation, knowledge exchange, and cross-sectoral collaboration, ultimately leading to the development of innovative solutions that address complex challenges and drive sustainable growth. 

Additionally, working with the innovation ecosystem helps the CDO leverage external expertise, resources, and networks to accelerate the implementation of digital initiatives, enhance organisational agility, and position the organisation as a leader in the digital landscape.

Recommendations on the contacts and partnerships with the key contacts and ecosystems described above:

#1 - IDENTIFY OPPORTUNITIES FOR ENHANCED COLLABORATION MECHANISMS 

 Start from existing collaboration mechanisms and identify your objectives (and KPIs) linked with enhanced collaboration: 

• What and where are the opportunities of collaboration? Within your team as a CDO, as a CDO network, with other teams in your sector, in the interaction between RISA management and CDOs
• What do we want to improve, achieved thanks to collaboration?
• How will we see collaboration is beneficial to our digital transformation journey?

Identify (change) management or project management challenges you might have and possible collaboration levers to address them: it can be about rituals, common tools, ways of working… Document your collaboration principles, rituals, roles, and tools as much as possible.

 Start considering training and/or recruitment of facilitators or people with collaboration soft skills.

#2 - EXPERIMENT AND SHARE COLLABORATIONS RITUALS AND TOOLS

As a CDO network, you could test the organisation of monthly forums with all the CDO community of practice (sector CDOs, CDO team members, RISA, potential external stakeholders). Ways to organise them:

• Each month, a CDO team is in charge of organising: hosting the forum in their ministry/sector, invitation
• The forum can have a specific topic or be very generic in the image of the betagouv monthly forum in France

As a CDO network and/or coordinated by RISA, start consolidating what could be called Rwanda’s digital open and collaborative tech stack and documentation: the tools you use, the tools you mobilise to work together (“collaborative suites”), the open source codes for public services softwares, the platforms you built for more openness and contribution in your digital transformation journey. Make it a strategic objective for Rwanda. 

#3 - EXPLORE NEW PARTNERSHIPS OR OPEN INITIATIVES

Among ideas:

• At international level: examine the possibility and interest to become member of the Open Government Partnership
• At national level: explore collaborations with tech universities or civil society organisations closed to your digital transformation challenges
• At sector level: organise hackathons or challenges with relevant stakeholders

How to Grow Professionally

Recruitment

The recruitment process of the CDO Office talents is managed by RISA. As the need of talents is raised in the Ministries, CDOs report to RISA of the need, which will be in charge of planning the recruitment and the allocation of the talent to the ministry.

Even if recruitment follows public sector guidelines in terms of recruitment, innovative recruitment processes should be put in place to take account of the specific nature of attracting talent in the IT field.

Attracting talents can be done through renewed recruitment strategies:

Attracting top tech talents is a crucial step to achieve a high level of digital maturity. The high-level of competition from tech firms and other high-paying private sector actors makes this task particularly hard. The Rwandan public administrations can pursue renewed recruitment strategies through different means:

• Going where the talents are: Many tech talents, such as university students with relevant tech degrees, are often unaware that the public sector is a viable option to develop their careers. Going where the talent is, by posting job adverts in the right channels (tech recruitment platforms) and by exploring partnerships with key actors (job fairs and school visits to technical universities) can be an important first step in cementing government as an option for tech talents.
• Improving job descriptions: Rigid hierarchies in the public sector can tend to translate to unclear job descriptions with blurry terms and skills requirements. Going beyond the traditional names of roles in government and being clearer about the day-to-day tasks and main challenges can make them more attractive for candidates. Please refer to the Note on Talent Management to see an example of a tech job description.
• Through centralised recruitment teams: Having a central recruitment team can be beneficial in providing a coherent approach to recruitment, once the necessary technical skills and the right profiles are identified. Such teams could provide a whole-of-government vision to design better recruitment strategies, offer advice on government branding, and have access to government reserve lists and various teams’ recruitment needs. One way to achieve this could be hiring former tech company recruiters who know the language and culture associated with the sector.
• Deploying faster and more skills-based recruitment processes: Public administration can be notoriously slow at recruitment. Ensuring that the right candidates receive offers within a reasonable timeframe can ensure they are still available for the advertised positions. In addition, adopting a more “skills-based” rather than a “degree-based” approach to recruitment can help to:
  • Ensure that technical profiles have the necessary skills to perform the job, increasing accountability and efficiency
  •  Make jobs more attractive for candidates, who would have a better idea of the tasks they would undertake
  • Combat the existing bias in favour of higher education degrees, considering that technical skills such as coding, tend to be learned in more informal ways.

This can be achieved through different recruitment practices, such as:

• • Showing the salary or the salary scale for the position
  • Introducing technical skills tests or case studies in the recruitment process
  • Involve future peers and other team-members in interviews
  • Placing a greater emphasis on the technical skills rather than the educational background of candidates

•  Reducing bias in recruitment selection: it is important to consider the diversity of the teams public administrations will hire. Better, more specialised recruitment teams will be able to help to avoid using language in job descriptions that will discourage women from applying to positions, and avoid other kinds of biases in recruitment. This can help public administrations look like the people they serve and make working there more attractive.

Onboarding Process

The onboarding process is crucial for integrating new IT team members in the public sector, as it ensures they quickly become productive and feel valued within the organisation. 

Effective onboarding helps new employees understand their roles, organisational culture, and specific protocols, which is particularly important in the public sector where compliance and security are essential.

For an IT team, the process should start with a comprehensive orientation that covers the RISA's mission, digital context and evolution in Rwanda, key digital policies, and an overview of the IT infrastructure.

 

Providing a detailed introduction to the tools, systems, and software they will be using is essential. Pairing new hires with mentors can facilitate smoother integration by offering guidance and support. Regular check-ins and feedback sessions during the first few months can help address any concerns and adjust the onboarding process as needed.

 

In addition, accessible and actionable documentation on the CDO offices' organisations and common resources can be shared as part of the onboarding process.

Ritualize onboarding sessions with new recruits: for instance, every 3-6 month, organise a one-week program for new recruits to meet with key organisations and stakeholders linked to Rwanda’s digital transformation, get familiar with digital transformation standards, and be integrated into the community.

Five levels of maturity of an onboarding process can be found in the Digital Maturity grid which are:

Levels	Statements
1	No formal onboarding process in place. The new hires are placed into their positions with no prior orientation. They learn as they go along their daily duties
2	Beginning of onboarding process in place, as the new hires are introduced to the colleagues, key contacts for administrative tasks are provided to the hires through a short welcome training (up to 1 day) where key information are provided to them but still without a real comprehensive onboarding process
3	Onboarding process is formalised, a detailed integration plan with clear objectives for the first few weeks and months are in place. Onboarding process is comprehensive with not only the welcome training, but a dedicated seminar for new hires each year (ex. intensive bootcamps to immerse new recruits in the company's culture and values). There is a pairing program (buddy, mentorship, etc.)
4	New hires are met before they start their contracts, they meet the future colleagues in company activities, organising friendly competitions to encourage learning and collaboration from the outset. Metrics and analytics are employed to measure effectiveness and the process is updated regularly based on the metrics measurement and organising regular feedback meetings with new recruits to discuss their progress and adjust the induction program if necessary.
5	Deployment of new technologies in the onboarding process such as: Using VR/AR for simulations and practical training, making it easier to learn specific procedures and tools, Use chatbots to answer new recruits' frequently asked questions and provide information in real time, Use of AI algorithms to personalise the onboarding experience according to recruits' profiles and needs.

Please refer to the onboarding process at RISA for more detailed information.

Talents Retention

Retaining talents in the public administration is key for institutional memory and efficiency

Similarly to talent attraction, various retention mechanisms can be put in place to ensure staff remain motivated with clear career paths to decrease turnover rates. 

• Remuneration: One of the more difficult of mechanisms to deploy, given its inherent cost and rigidity, involves adjusting salary scales to make them more competitive vis-à-vis the tech sector.
• General working conditions: Public sector employment may be able to offer more work stability and better working conditions than the private sector in many areas, while also carrying a stronger sense of purpose by working for the common good. It is important to offer longer-term contracts and flexibility in working modalities. Some adjustments to consider regarding working conditions -which would impact the entire civil service, not just tech talents- could be:
  • Flexible work: ways of working that suit workers’ needs, such as remote work allowed, flexible start and finish times, etc.
  • Ensuring high-quality hardware and work materials are available
  • Encouraging peer-learning, and collaborative work (see below)
  • Offer a stimulating working environment: for instance, shared offices at RISA building, facilities for staff to purchase material or infrastructures, meetings with inspirational actors of the tech ecosystem, … 

• Career progression programs: Once in the administration, the Government should have a clear career progression program for tech talents. This could include coaching for those talents who possess soft skills and who may want to aim for higher positions, opportunities for internal mobility (according to the staff’s skills and interests), training opportunities (see below) and more comprehensive leadership programs. This involves high-level coordination to allow for internal mobility and to align the administration’s strategic goals with the individual needs of tech talents.
•  Training and peer learning: The tech sector in particular, with its ever-changing techniques, paradigms, and new technologies demands that staff remain trained and up-to-date with new trends. Therefore, public sector employment should include flexible training opportunities. This means, instead of providing a rigid menu of possible courses, to allow talents to choose their own courses, even if they are not offered by traditional public training centres. In addition, training and knowledge-sharing tends to be done informally through communities of practice (CoPs) and other interest groups. Setting up and encouraging CoPs within public sector teams is essential to foster a culture of collaboration and life-long learning.
•  Test new team organisations, project management and recruitment mechanisms
  • Encourage experimentations and initiatives from staff: inspired by the 10% program developed by the French AI teams in Etalab, a test of a similar format where talents can spend some time in exploratory projects, led in collaboration with colleagues or partners.
  • Explore inflexions in terms of project management and procurement mechanisms: in order to mirror a possible objective to switch to product management methods, structure your teams according to products/services, as well as transforming calls for tenders towards service providers (instead of describing specifications with define functionalities, structure your tenders asking for agile methodologies).
•  Internal mobility programs:

Digital Intervention Brigade: Brigade (similar to a squad) initiative assists ministries and public operators in developing and operating digital services following best practices. Comprising experts in areas like user research, design, accessibility, eco-responsibility, cloud, and digital transformation, it provides project co-financing, expert support, and team training. This multidisciplinary approach ensures that digital products are user-centric, accessible, sustainable, and innovative.

Programme 10%: 10% program initiative allows data science experts (or any other experts) to dedicate 10% of their time for inter-ministerial data science projects (or any other expertise). Its main features are:

• 20-30 people selected in different administration each year
• Collaborative work on projects answering common issues for all administrations. These projects are built as products (investigation, development, acceleration) and are all open source. Examples include:
• • • creating a data visualisation tool
    • building data-anonymization
    • building AI models and datasets for specific uses in the administration

Enforcement to internalise the minimum part of projects: The initiative requires public agencies to have an internalisation rate on projects of at least 20% explained by the fact that externalised digital services cannot be done in detriment of the tech capacities of public administration. It urges public services to reinforce its capacities to avoid the potential risks of increasing externalisation of digital services.

As such, it considers that:

• If a digital project externalises its execution over 60% it is considered at risk. It should be closely monitored and an internal capable team should be hired to oversee it.
• If a digital project externalises its execution over 80% it cannot commence.

Career Growth

Career growth in the Digital field is a key topic. It concerns either the CDO/BA or the team members.

Regarding the CDOs/BAs

Here are several ideas that could be explored:

Steer CDOs/BAs as champions/exemplars of tech talents in the public sector: specific communications to describe the network, each CDO’s history and past careers, skills and motivations to be in the public sector.

 

Open the possibility for CDOs/BAs to be “mobile”: for instance, after 3-5 years of service, make it possible for them either to change sectors, to work in the private sector or develop an entrepreneurial initiative.

 

Provide CDOs/BAs with training and learning options that could help them identify upskilling needs. For instance, one could want to take a managing position within a business department and build on the skills they develop as CDOs/BAs in other places in the public sector.

 Explore the creation of leadership programs for high potentials: these could be inspired from what private companies often build for new recruits.

• Each year, a cohort of 10-15 people could be detected within CDO teams and proposed specific training, projects, and coaching in order to build career opportunities within governments.
• Another possibility would be to create recruiting program - similar to the French “Entrepreneurs d’intérêt général”, aiming at detecting tech talents within the private/startup sector and placing them in ministries to solve challenges (either linked to technology or based on a public policy challenge)
• This implies enhancing communications towards universities and startup communities

Develop a HR digital network: at RISA level, and in interaction with the Ministry of Public Service and Labor, build a 3 year roadmap to better structure HR for digital skills in the public sector. Among the foundations you could build: digital job description in the public sector (based on a skills assessment), rules on externalisation rate, remuneration scale (according to the job and year of experience), HR department at RISA, recruitment processes, training catalogue, … This implies to train or recruit HR specialists to build these strategies and be points of contact for the digital network workforce.

Strengthen CDO teams compositions with essential profiles to manage digital transformation: Among missing (or insufficient) skills identified are data-scientists, AI experts, UX/UI designers, legal experts, product owners and managers, devops, digital and data policy managers.

Regarding the CDO (office) team

Build on the “shared staff” mechanism already in place, structure a team hosted at RISA level and deployable in sector projects when needed (expertise squad), resort to public procurement to mobilise expertise from service providers. Some specific needs for identified sectors can also be identified in parallel as cross-cutting resources.

Set a Rotation program for the CDO (office) teams: developers, IT help desk Officers and the other talents in the CDO teams can benefit from a rotation program managed by RISA in collaboration with the CDO Network structure.

 

Conduct annual interviews with each team member to understand his/her professional ambitions. Based on that, propose the needed training, task allocation and staffing that will allow the talent to grow and reach his/her ambition. There are two types of growth: the horizontal one and vertical one.

 

Horizontal growth of the CDO (office) Team:

To support horizontal growth within the CDO office, it’s important to facilitate role transitions. For instance, an IT Help Desk Officer aspiring to become a Network Specialist should receive guidance and support. This process involves:

• Advisory Support: The responsible CDO should provide career advice and guidance on the transition.
• Training Identification: Specific training programs required for the new role should be identified.
• Staffing and Task Allocation: Roles and responsibilities should be clearly defined to align with the desired position.
• Mentorship: Pairing the aspiring Network Specialist with an experienced professional in the field can be a crucial step.
• Action Plan: An action plan should be collaboratively developed with the talent to create an optimal growth environment, ensuring they have the resources and support needed to succeed.

Vertical Growth of the CDO Office Team:

Vertical growth focuses on enhancing expertise within the team. For example, a junior software developer should progress to a senior software developer over time. Achieving this involves:

• Experience and Training: Providing opportunities for gaining practical experience and targeted training programs.
• Increased Responsibilities: Gradually increasing the responsibilities assigned to the junior developer.
• Exposure to Case Studies: Offering real-world case studies and problem-solving scenarios.
• Mentorship: Ensuring that the junior developer is mentored by a senior talent, providing guidance and knowledge transfer.

By implementing these strategies, the CDO office can foster both horizontal and vertical growth, creating a dynamic and skilled team capable of meeting evolving challenges.

Whether for the CDO/BA or the members of his or her team, taking advantage of training is essential to improve career progression in public administration.

The training is managed by the RISA for all sectors. The training catalogue designed by RISA is categorised into three distinct groups: Soft Skills, Technical Skills, and Sector-Specific Skills. The strategic choice of training areas is reflective of the latest global trends in technology adoption across diverse sectors and industries, encompassing pivotal domains such as cloud computing, big data, artificial intelligence, and cybersecurity.

In addition to the emphasis on technical proficiency, the plan acknowledges the significance of complementary skill sets crucial for personal development and self-management. These include Critical and Analytical thinking, Design Thinking, Creativity and Innovation, leadership and social influence, as well as effective communication and technical writing. Please refer to RISA to find out the comprehensive catalogue of training available.

However, there is a clear imperative to enhance the training process.

CDOs should have a training plan for their teams based on the needs of development of their talents. This training plan should be sent to RISA for consolidation at the beginning of the fiscal year (1^st June) at the latest.

To draft this training plan, key steps are provided below:

1. Conduct training needs assessment of the CDO (office) team
2. Identify Gaps
3. Propose key training needed to fill the gaps
4. Define desired timeline for the training required
5. Structure the needs by priority
6. Propose alternative in case of unavailability of the training requested.

CDOs should collaborate with RISA in the purpose of raising funds for training. Every CDO must communicate the training needs to RISA on time and contribute if needed into the financial resource mobilisation. 

CDOs must also ensure that, once the training slots have been communicated by RISA, all the talent takes part in the training. Follow-up is necessary to ensure that teams participate effectively.

Some training should be designated as mandatory, while others can be optional depending on the goals set by RISA and the sector in terms of IT talent development and competencies required.

During the annual interview (Minigo) conducted by the CDOs for their teams, training achievements, certifications earned should be assessed, as well as goals definition for the coming year in terms of training and required certifications.

RISA should conduct evaluation in collaboration with the responsible CDO for gauging the return on investment of the training initiatives.

The assessment will be quantitative, by evaluating the costs versus the benefits (money saved and earned), as well as qualitative (types of competencies gained, employee satisfaction and level of engagement in the work, employee confidence, leadership skills acquired etc…).

Collecting feedback from participants both before and after the training sessions is essential to improving their effectiveness.

Additionally, there is a need to complement the training package with elective courses tailored for senior management, addressing specific competencies aligned with emerging trends, team needs, and disruptive methodologies envisioned by the CDOs.

Innovative way of conducting training for the CDO teams:

A way to promote training is through communities of practice, such as Blue Hats, and Betagouv.

Annex

Annex 1: Detailed Audit checklist from RISA Guidelines on IT Audit                                       

N	CONTROL	AVAILABILITY (Yes/No)	RANKING (/10)	BRIEF COMMENTS
A	ACCESS CONTROL POLICY AND PROCEDURES
A1	Do you have a clear Access Control Policy, approved by management, communicated to all users and reviewed regularly?
A2	Are the clear procedures for account registration, modification and deregistration (including temporary account locking) in place?
A3	Is each user allocated a unique password and user account?
A4	Are individual roles and responsibilities considered when granting users access privileges?
A5	Do you review user access privileges on a regular basis? (Including approval by supervisors)
A6	Do you control password new/reset right, use secure channel to transmit new/reset passwords and ensure they are changed on first logon?
A7	Do you enforce strong passwords and regular change of passwords?
A8	Do you have tools or procedures in place to limit unsuccessful login attempts?
A9	Do terminals/ sessions log off after a set period of time?
A10	Is remote access closed by default, and any remote connection approved by the  management?
A11	Are logs generated and reviewed for all remote connections?
A12	Are the wireless networks using strong authentication protocols and encryption?
A13	Is the wireless network for guests connected to the corporate network?
A14	Are devices identified when connected to corporate Wi-Fi/LAN?
A15	Does the network require authentication to access it (LAN/Wi-Fi)
A16	Does the institution perform risk assessment before allowing mobile devices on any system?
A17	Is information classification implemented in the institution?
B	SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES
B1	Does the institution have an information security awareness program and already running?  Or is this a new concept for the institution?
B2	Do you run any security training to all information system users in your institution?
C	AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES
C1	Are auditable events clearly defined with audit frequency, and audit records?
D	SECURITY ASSESSMENT AND AUTHORIZATION POLICIES AND PROCEDURES
D1	Do you have documented/shared Information security policy in place?
D2	Is the institution conducting a periodic security assessment?
D3	Are there reports and the results of that assessment? Are recommendations implemented?
D4	Does your institution develop, update and document a critical infrastructure and its protection plan?
E	CONFIGURATION MANAGEMENT POLICY AND PROCEDURES
E1	Does the institution develop, document and maintain baseline configuration of the information system? Do you have a change management procedure?
E2	Does the institution define list of prohibited or restricted functions, ports, protocols and/ or services?
F	BUSINESS CONTINUITY PLANNING POLICY AND PROCEDURES
F1	Does the institution develop a business continuity plan and periodically tested to ensure continuity during disaster?
F2	Is there any responsible person or team of Business continuity? Are they  trained?
F3	Does the institution have more than one (1) alternate service provider to support information system?
F4	Does the institution conduct a periodic information backup to support the recovery time? Manual or automated?
F5	Are all changed programs immediately backed up?
G	INCIDENT RESPONSE POLICY AND PROCEDURES
G1	Do you follow appropriate incident handling procedures?
G2	Does this procedure define clear escalation process for incident handling
G3	Is that procedure known by all staff and all incidents documented?
H	SYSTEM MAINTENANCE POLICY AND PROCEDURES
H1	Is there written standard for system maintenance? Are these standards reviewed regularly and approved?
H2	Does maintenance support process ensure confidentiality of information
H3	Are maintenance services provided by licensed/certified people/firm
I	MEDIA PROTECTION POLICY AND PROCEDURES
I1	Do you have a clear electronic media disposal Policy, approved by management?
I2	Is there a secure store for electronics and physical media within a physically secure or controlled area (locked drawer, cabinet, or room, etc.)?
I3	Is the area (in site/ off-site) access to electronic and physical media restricted only to authorized individuals? If yes, are media secured during transit to restricted area?
I4	Does off- site Inventory/ storage regularly reviewed?
J	PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES
J1	Is physical access restricted to selected employees?
J2	Do you control all items brought into or taken out of the computer/server room?
J3	Are sensitive application servers/ systems located in a physically restricted area?
J4	Do you review physical access records/logs?
J5	Do you test physical security controls on regular basis?
K	PERSONNEL SECURITY POLICY AND PROCEDURES
K1	Do your institution procedures address personnel screening and records of screened personnel (staff/third-party)?
K2	Does your institution address personnel termination/transfer; records of personnel termination/transfer actions; list of information system accounts and relevant documents?
L	SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES
L1	Has the institution integrated information security and information security risk management into their system development life cycle?
L2	Does the institution include and consider security requirements in acquisition contracts?
L3	Does the institution use software in accordance with contract agreements and copyright laws?
L4	Does the institution enforce rules for user installed software on the information system and prohibited software?
M	SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES
M1	Do you separate applications for users and managers/admin?
M2	Do you have a mechanism to prevent unauthorised and unintended information transfer via shared system resources?
M3	Do you have any information system that protects and prevents DoS?
M4	Does the institution establish a continuous monitoring Strategy and reporting of the security status of the information system?
M5	Do you have automated tools to support real-time analysis of events?
N	SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES
N1	Do you have antivirus software and endpoint security installed in your systems? Do you automatically update them?
N2	Has all staff been advised of the virus prevention procedures? (Awareness)
N3	Do you centrally manage antivirus software and endpoint security?
N4	Do you receive security alerts, advisories, and directives from designated external institutions?
O	DISASTER RECOVERY
O1	Does the contingency plan provide for recovery and extended processing of critical applications in the event of catastrophic disaster?
O2	Are all recovery plans approved and regularly tested to ensure their adequacy in the event of disaster?
O3	Are disaster recovery teams established to support disaster recovery plan?
O4	Are responsibilities of individuals within disaster recovery team defined and time allocated for completion of their task?
O5	Are priorities set for the recovery of critical systems?
O6	Does the recovery plan ensure, in the event of failure: No loss of data received but not processed, no reprocessing of data already processed?