Search Results

This guideline shall come into force on the date of its signature by the Chief Executive Officer of RISA.a

Government software plays a pivotal role in facilitating efficient operations and serving the public interest. Government software should be used responsibly and ethically to ensure integrity of software systems, safeguard sensitive data and uphold the public ...

Government software often handles sensitive information, including personal data of citizens, classified documents, and critical infrastructure data. Controlling access helps mitigate the risk of unauthorized access, data breaches, and cyberattacks that could ...

Government software may contain confidential or personally identifiable information (PII) that must be protected according to privacy regulations. By controlling access, government agencies can ensure that only authorized personnel with a legitimate need to ac...

Government software systems may include critical functions and processes that, if tampered with or modified by unauthorized users, could disrupt operations or compromise the integrity of government services. By controlling access, agencies can prevent unauthor...

Controlling access to government software helps establish accountability for actions taken within the system. By assigning specific user accounts and permissions, agencies can track and audit user activity, making it easier to identify individuals responsible ...

Government software resources, including licenses, computing resources, and data storage, are often limited and must be allocated efficiently. Controlling access helps ensure that resources are used effectively by restricting access to only those who truly nee...

Government software may contain proprietary algorithms, code, or technologies developed for specific government purposes. Some of the software may also be licensed with specific restrictions that should be complied with. Controlling access helps protect these ...

Government software should only be used for its intended purpose. Government software should not be used for personal gain, commercial purposes, or any illegal activities. Users should refrain from engaging in activities that could compromise the integrity or ...

Licensed software should only be used in  accordance with any license terms and conditions. Avoid violating the license terms and conditions, such as making or distributing unauthorized copies, modifying or reverse engineering the software, exceeding the numbe...

Software use should be respectful of the intellectual property rights of the software authors and publishers.

Software should be kept updated and secure. Each institution should establish guidelines for updating software and users informed of their role.

There should be a mechanism for reporting any software user violations to the appropriate authority within the institution. This should be included in training and awareness sessions for users.

Government software and related data should only be installed and stored on Government provided devices or storage locations.

Users should be made aware of software security risks and how to avoid behavior that exposes software to malware or other security risks such as recognizing phishing emails or clicking on links from unknown sources.

Software installed in employee work devices should be centrally managed as much as possible to ensure it is obtained from legitimate sources, used within license terms and regularly updated.

Only authorized users should be granted access to Government software applications. User access permissions should be based on a user's role and responsibilities in the institution.

User accounts should be terminated or disabled when a user leaves the institution. There should be a process to inform IT when an employee leaves the institution for their accounts to be removed or disabled. Regular audits should be performed to check for any ...

Third parties should not be provided access to software in a production/live environment unless the access is required for them to perform an authorized service. Such access should be monitored and provided only for the period of time it is required.

User accounts should not be generic or shared but traceable to specific individuals for purposes of accountability.