Software applications

• Architectural model for e-government applications: All systems shall be documented in five viewpoints including the enterprise viewpoint (describing purpose, scope and processes), the information viewpoint (determining the structure and semantics of the system’s information), the computation viewpoint, the engineering viewpoint and the technology viewpoint.
• Software design: Any new software design shall consider security by design, privacy by design, reusability, scalability, information sharing, user satisfaction, improved productivity, compatibility, interoperability, unified support, and cost-effectiveness, as principles. Each Government institution shall have comprehensive and detailed requirements and design documents for each software solution they manage.
• Acquisition of new software or upgrade: The digitalization office in collaboration with RISA shall determine whether the new software or upgrade is needed, and once justified, assess if it is to be developed internally or externally.
• The digitalization office can internally develop and implement the solution if they have the required resources, competencies and skills. In case the digitalization office cannot develop the solution internally, they shall utilize the RISA framework contract. In case the solution cannot be implemented under the framework contract, the institution shall officially request a non-objection from RISA to utilize other alternative options.
• Institutions should follow the ICT Spend Control Guidelines for Public institutions when acquiring new software.
• Proprietary and open-source software: Proprietary and open-source software shall be treated equally depending on the advantages and benefits to the institution according to the defined software design principles and regarding the needs and requirements at institution level. The institution with such a solution shall have the required training for its staff in order to have skills to maintain and support it.
• Security Patch Management: The institution managing the application/systems or a third party on behalf of the institution shall make sure that security patch management is done regularly and prioritize critical patches to address vulnerabilities promptly. The software source code for proprietary software shall reside in a centralized version control platform recommended by RISA.
• Software development methodology: Software solutions shall be developed following agile methodology and the development team shall focus on customer satisfaction, quick software delivery and response to change.
• Software license: Only genuine licenses are allowed in government institutions. The procurement of commonly procured licenses shall be done through a centralized framework. In case the licenses cannot be acquired under the centralized framework, the institution shall officially request for a non-objection from RISA. The choice of licensing mode (user based or server based) shall consider cost efficiency.
• Software maintenance: there shall be a focal team at institution level which shall elaborate the maintenance plan and collaborate with RISA on regular basis for periodic system audits, maintenance, updates, vulnerabilities assessment, and obsolescence of their systems, so as to ensure maximum system availability. A vulnerability assessment plan shall be made available by the digitalization office for each institution and make sure that all systems are secured with updated antivirus software.
• Systems and software phase out: the phase out of any system or application shall be done in collaboration with RISA and the security of information contained in the system shall be considered. The phase out shall be based on each institutions criteria for the required phase out especially after a phase out assessment has been done, and related reports shall be availed for effective decision making.
• Websites: Websites of government Institutions shall be designed according to the official template provided by RISA. These websites shall be hosted at the National Data Center. Web Content shall be updated timely, and the website shall be monitored by the Institution. All websites of government institutions should be registered under the .gov.rw subdomain while those in the academic sector should be under .ac.rw. The requests for the .gov.rw domain should go through RISA before submission to the competent issuing institution for approval.