Skip to main content

Database Administration Guidelines

This document provides database management guidelines that serve as a foundational framework for ensuring that government institutions handle their data effectively, securely, and in compliance with regulatory standards. These guidelines encompass various principles, practices, and protocols aimed at optimizing database performance, safeguarding sensitive information, and fostering transparency and accountability.

Introduction

In today's digital age, where information is pivotal for decision-making and public service deliv...

Scope and applicability

These guidelines aim to provide best practices for effective Database Management Systems (DBMS) i...

Selecting a DBMS

Government institutions should follow the software lifecycle guidelines when procuring and implem...

Data model [Recommended]

Determine the appropriate data model for your DBMS such as relational or NoSQL based on the natur...

DBMS Choice [Mandatory]

Evaluate different DBMS technologies based on the institution's requirements. Consider factors ...

Database storage and hosting

The following guidelines on storage and hosting should be followed when implementing DBMS systems:

Database hosting location [Mandatory]

Database systems and applications should be hosted in the data hosting environment officially ado...

Migration of critical database systems [Mandatory]

For critical database systems and applications hosted on premises, the government entity should i...

Non critical database systems [Recommended]

For other systems and applications deemed non-critical and kept on premises, entities are require...

Security and data privacy

Government institutions should follow RISA security and data privacy guidelines when deploying da...

Data validation [Mandatory]

When capturing new data in a DBMS, data validation must be used to ensure the DBMS’s stability an...

Functional separation between database servers and web servers [Recommended]

Due to the higher threat environment that web servers are typically exposed to, hosting database ...

Communications between database servers and web servers [Recommended]

Data communicated between database servers and web servers, especially over the internet, is susc...

Network separation [Recommended]

Placing database servers on the same network segment as user workstations can increase the likeli...

Separation of development, testing and production database servers [Mandatory]

Using production database servers for development and testing activities could result in accident...

Security hardening [Mandatory]

The server operating systems that the database is installed upon must be security hardened

Access control [Mandatory]

Implement strict access controls to restrict access to authorized personnel only Access to a D...

Default passwords[Mandatory]

The default passwords for accounts and services such as System Administrator must be changed prio...

DBMS Versions and security updates [Mandatory]

The versions of DBMS used must still be supported by the vendor All installations of a DBMS mu...

Encryption [Mandatory]

Use strong encryption algorithms to protect sensitive data stored on disks, databases, and other ...

Protecting database contents [Mandatory]

Database administrators and database users should know the sensitivity or classification associ...

Monitoring and database events logging [Recommended]

Employ real-time monitoring tools to detect and respond to unauthorized access attempts as they...

Security standards and guidelines [Mandatory]

Ensure compliance to the Minimum Cybersecurity Standards for Public Institutions that are provi...

Database maintenance

The following are guidelines on management and maintenance of DBMS systems should be adopted:

Performance monitoring and tuning [Recommended]

Implement real-time monitoring to promptly detect and respond to performance issues as they ari...

Change management [Mandatory]

Establish a formal process for submitting requesting, approval and implementation of changes to...

Documentation [Mandatory]

Maintain accurate and up-to-date database documentation which is crucial for the efficient and ...

7 Disaster recovery and business continuity management

Database systems hold critical data of Government institutions and are core to performance and av...

Data backup and recovery strategy process [Mandatory]

Develop a backup and recovery strategy to prevent data loss in case of hardware failures, error...

Data retention

Data retention is the storing and managing of data and records for a designated period. The perio...

Data retention policies [Mandatory]

Classify your data into categories based on factors such as sensitivity, importance, and compli...

Data purging [Recommended]

Data purging involves permanently deleting data that is no longer required or relevant. Document ...

Entry into force

This guideline shall come into force on the date of its signature by the Chief Executive Officer ...
Back to top