Search Results

Accessible documents benefit all authorized persons by making information clear, direct, easy to understand, and most importantly, usable by a wide audience, including people with disabilities and those who use a variety of devices, software and hardware. To ...

System monitoring is the process of collecting and analyzing data about the performance and availability of your IT infrastructure. It helps you identify and troubleshoot issues, optimize resource utilization, and plan for future needs. Adopt automated tools....

Key Performance Indicators help define your strategy and clear focus. Metrics are your “business as usual” measures that still add value to your organization but aren't the critical measure you need to achieve. Every KPI is a metric, but not every metric is a ...

Software support and maintenance teams should regularly report their performance to their stakeholders.  Reporting should be based on agreed metrics and KPIs such as Software Uptime/downtime, Average issue response time, average issue resolution time and user ...

The terms data protection and data privacy are often used interchangeably, but there is an important difference between the two. Data privacy defines who has access to data, while data protection provides tools and policies to actually restrict access to the d...

The definition of intellectual property (IP) rights is any and all rights associated with intangible assets owned by a person or company and protected against use without consent. Intangible assets refer to non-physical property, including right of ownership i...

The Ministry of ICT and Innovation (MINICT) and the Rwanda Information Society Authority (RISA) are working together to strengthen the country’s ICT skills, guided by national targets under NST2. This includes major initiatives such as training one million cod...

The objective of these guidelines is to: Provide a clear and supportive framework for navigating the full training journey. Ensure a transparent and easy-to-follow process for all training steps. Align training activities with institutional priorities to ...

These guidelines apply to: All public servants in the ICT sector, including IT staff, support teams, division managers, executives, and shared staff. These guidelines do not apply to: Short-term contract staff. Employees still on probation.

Government institutions must ensure that all software is used in a lawful, ethical, and secure manner. This section outlines detailed procedures, Do’s, Don’ts, and best practices for software usage within public institutions.  Intended Purpose [Mandatory] Pr...

User Access Management is the process of creating, managing, and securing user accounts on software systems. It ensures that only authorized personnel can access government systems, protects sensitive data, and maintains accountability. This section outlines t...

Compliance with this guideline shall be monitored by the institution’s ICT department in collaboration with RISA. Regular reviews, internal audits, and access log inspections must be performed to detect non-compliance or security violations. Failure to comply ...

This document shall be reviewed every two years or sooner if technological or policy changes occur. The review process shall be led by RISA in consultation with government ICT managers.

Rwanda Data Protection and Privacy Law (2021) National Cyber Security Policy NIST Digital Identity Guidelines (SP 800-63B)

This guideline provides practical, step-by-step guidance for embedding security and privacy principles into software development. It aims to ensure that government software systems are secure, resilient, and protect personal data throughout their entire lifecy...

Key roles include: Management: Approve security and privacy deliverables and ensure resourcing. System owners: Classify data, approve risk treatment, and ensure compliance. Project managers: Include security tasks in plans and enforce deliverables. Secur...

RISA: Rwanda Information Society Authority GoR: Government of Rwanda PbD: Privacy by Design BYOD: Bring Your Own Device RBAC: Role-Based Access Control PAM: Privileged Access Management MFA: Multi-Factor Authentication OWASP: Open Worldwide Applicatio...

Combine the foundational Privacy by Design (PbD) principles with Security-by-Design objectives into a unified set: Proactive and preventative: Anticipate and reduce privacy/security risks before they occur. Privacy and security by default: Systems must def...

Data minimization and purpose limitation, collect only what is necessary. Strong encryption for data at rest and in transit; use approved cryptographic standards. Role-Based Access Control (RBAC) and Privileged Access Management (PAM). Multi-Factor Authen...

Goal: Establish security and privacy expectations and identify risks before design work begins. Actions: Appoint project sponsor, system owner and security lead. Perform initial Threat and Privacy Risk Assessment (documented). Define security and privacy...