Search Results

Classify your data into categories based on factors such as sensitivity, importance, and compliance requirements. Different categories may have different retention periods Define data retention policies based on the operational needs of the institutions, re...

Data purging involves permanently deleting data that is no longer required or relevant. Document the procedures for data purging, including who is responsible for initiating purging, how it is executed, and how verification is done

This guideline shall come into force on the date of its signature by the Chief Executive Officer of RISA.

DevOps is a set of practices and tools that integrate and automate the work of software development and IT operations as a means for improving and shortening the systems development life cycle. This document is a guideline on the DevOps approach to be followed...

This document covers the DevOps approach to be followed by Government institutions in Rwanda. The intended audience are software developers, system administrators, DevOps engineers and engineering managers in software development companies that are working wit...

Software development teams must use Git for code versioning and tracking of changes made on files.

A Version Control System (VCS) must be used within the organization to host git repositories. At minimum, the VCS should have the following features: concurrent development, automation, team collaboration, tracking of changes, high availability and disaster re...

Each application hosted on VCS must have at minimum three protected branches: development, test and production. Direct commits to protected branches is prohibited. Only reviewed and approved merge/pull requests shall be allowed to land on protected branches.

Test branch must always contain tagged version from development branch and production branch must always contain tagged version from the test branch.

Infrastructure as code is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. All deployment, delivery, packaging configuratio...

Containers provide an isolated environment for running software. Docker or Kubernetes is the recommended containerization technology, and each developed application/software must have a containerized version. 

The technical goal of CI/CD is to establish a consistent and automated way to build, package, test and deliver applications. All repositories hosting source codes must be configured for CI/CD and each push or merge to any protected branch of the VCS must trigg...

Linux-based Operating systems are recommended and the same version of the OS must be installed in all environments.

SSH login for root user must be disabled and a dedicated user with sudo access for CI/CD pipelines and automation must be created and used. All users must use passwordless authentication to access the servers. User access to software and database must be confi...

Regular backup of data and of the whole OS must be taken and this task must be automated.

Different environments must be available for deployment of applications in development, testing and production. Access to these environments must be given to very few persons and they must use personalized login credentials. The web server must also be configu...

Monitoring tools for infrastructure must be available and configured with alerts for when servers malfunction. 

Each server must be configured to track and log each access to the server. These access logs must be available on an additional different server for failover.

This guideline shall come into force on the date of its signature by the Chief Executive Officer of RISA.

In today's digital age, mobile applications have become indispensable tools for governments worldwide, fostering efficient communication, enhancing public services and facilitating citizen engagement. As government institutions increasingly embrace mobile tech...