Skip to main content

Software Usage and Access Guidelines

This document provides guidelines on the appropriate and legal use of software and how access to software should be managed. The guidelines are designed to provide clear parameters for the responsible utilization of software resources within governmental institutions.

Introduction

Government software plays a pivotal role in facilitating efficient operations and serving the pub...

Scope and Objectives

These software usage and access guidelines  are applicable to all users of software solutions in ...

Security

Government software often handles sensitive information, including personal data of citizens, cla...

Data Protection and Privacy

Government software may contain confidential or personally identifiable information (PII) that mu...

Preventing unauthorized modifications

Government software systems may include critical functions and processes that, if tampered with o...

Maintaining accountability

Controlling access to government software helps establish accountability for actions taken within...

Resource management

Government software resources, including licenses, computing resources, and data storage, are oft...

Protecting Intellectual Property

Government software may contain proprietary algorithms, code, or technologies developed for speci...

Guidelines on Acceptable Software Use

Government institutions should ensure that software in the organization is always used in an acce...

Intended purpose [Mandatory]

Government software should only be used for its intended purpose. Government software should not ...

Licensed software[Mandatory]

Licensed software should only be used in  accordance with any license terms and conditions. Avoid...

Intellectual property[Mandatory]

Software use should be respectful of the intellectual property rights of the software authors and...

Software updates [Mandatory]

Software should be kept updated and secure. Each institution should establish guidelines for upda...

Reporting violations [Recommendation]

There should be a mechanism for reporting any software user violations to the appropriate authori...

Storage locations [Mandatory]

Government software and related data should only be installed and stored on Government provided d...

Security awareness [Mandatory]

Users should be made aware of software security risks and how to avoid behavior that exposes soft...

Central management [Recommendation]

Software installed in employee work devices should be centrally managed as much as possible to en...

Guidelines on User Access Management

User access management is the process of creating, managing and securing user accounts on softwar...

Authorized access [Mandatory]

Only authorized users should be granted access to Government software applications. User access p...

Termination of user accounts [Mandatory]

User accounts should be terminated or disabled when a user leaves the institution. There should b...

Third parties access[Mandatory]

Third parties should not be provided access to software in a production/live environment unless t...

Generic or shared user accounts[Mandatory]

User accounts should not be generic or shared but traceable to specific individuals for purposes ...

Securing login credentials [Mandatory]

Users should be made aware to keep login credentials such as User IDs and Passwords confidential ...

Password policies[Mandatory]

Appropriate password policies should be defined covering password expiration period, password com...

Multi-Factor Authentication[Mandatory]

Multi-Factor Authentication (MFA) is strongly recommended as the primary authentication method fo...

Biometrics[Recommended]

Biometrics can be considered as an additional layer of authentication where it is available and w...

Entry into force

This guideline shall come into force on the date of its signature by the Chief Executive Officer ...
Back to top