Objectives

This guideline aims to provide clear, actionable instructions to embed security and privacy into software systems used by the Government of Rwanda. It seeks to:

• Ensure confidentiality, integrity, availability, and privacy of personal data throughout the software lifecycle.
• Provide standardized, auditable steps and deliverables for all phases of software development, deployment, and maintenance.
• Promote proactive identification and mitigation of security and privacy risks.
• Align software practices with Law No 058/2021 (Data Protection) and national cybersecurity standards.
• Support a consistent approach across GoR institutions, contractors, and service providers.
  

Intended outcomes

Following this guideline, users should be able to:

• Implement secure and privacy-aware software systems from initiation to decommission.
• Minimize risks of data breaches or unauthorized access.
• Maintain compliance with legal and regulatory requirements.
• Enhance public trust in digital government services.