Search Results

Eligibility  To qualify for training opportunities, staff must meet the following conditions: Must not be contractual staff. Must have completed at least six months of service. The training must be relevant to the staff member’s role or development plan....

Once participants are approved, they are enrolled in their assigned training programs. For online courses, they will also receive clear guidance on how to access the training portal and start the course without difficulty.Before the training begins, participan...

Participants are expected to actively commit to their training by following these guidelines: Consistent attendance (physical or virtual): participants should attend all scheduled sessions and inform the coordinator in advance if they are unable to join. Ex...

Participants will receive several forms of support to ensure a smooth and productive learning experience: Training facilitators: each course is supported by an experienced facilitator who is available in person or virtually to guide participants, answer que...

Throughout the training period, the training provider will share progress reports with the RISA Skills Team. These reports will include details on: Attendance Performance Any Issues affecting a participant’s progress Where necessary, the RISA Skills Te...

These guidelines will be reviewed annually or as needed by the RISA Skills Team in collaboration with the HR Department to ensure they remain relevant and effective.

This guideline provides practical, step-by-step guidance for embedding security and privacy principles into software development. It aims to ensure that government software systems are secure, resilient, and protect personal data throughout their entire lifecy...

Key roles include: Management: Approve security and privacy deliverables and ensure resourcing. System owners: Classify data, approve risk treatment, and ensure compliance. Project managers: Include security tasks in plans and enforce deliverables. Secur...

RISA: Rwanda Information Society Authority GoR: Government of Rwanda PbD: Privacy by Design BYOD: Bring Your Own Device RBAC: Role-Based Access Control PAM: Privileged Access Management MFA: Multi-Factor Authentication OWASP: Open Worldwide Applicatio...

Combine the foundational Privacy by Design (PbD) principles with Security-by-Design objectives into a unified set: Proactive and preventative: Anticipate and reduce privacy/security risks before they occur. Privacy and security by default: Systems must def...

Data minimization and purpose limitation, collect only what is necessary. Strong encryption for data at rest and in transit; use approved cryptographic standards. Role-Based Access Control (RBAC) and Privileged Access Management (PAM). Multi-Factor Authen...

Goal: Establish security and privacy expectations and identify risks before design work begins. Actions: Appoint project sponsor, system owner and security lead. Perform initial Threat and Privacy Risk Assessment (documented). Define security and privacy...

Goal: Ensure requirements include explicit privacy and security criteria. Define functional, privacy and security requirements. Include purpose limitation and data minimization requirements. Conduct Privacy Impact Assessment (PIA) and update risk register....

Goal: Design an architecture that enforces privacy and security by construction. Produce security architecture diagrams showing trust boundaries, data flows and classification. Apply Data Flow Mapping and Data Classification (sensitive vs non-sensitive). ...

Goal: Implement secure, privacy-aware code and configurations. Adopt secure coding standards (OWASP, CERT) and include them in the definition of done.  Use automated static analysis (SAST), dependency scanning and secret detection in CI/CD pipelines. Enfo...

Goal: Verify security and privacy controls work as intended. Create a security test plan covering unit, integration, system, and acceptance tests. Include privacy test cases validating consent, data minimization, and access controls.  Conduct vulnerabilit...

Goal: Deploy securely with correct configurations, access controls and monitoring in place. Apply secure configuration baselines and hardening to servers, databases and network devices.  Enforce RBAC and configure least privilege for all accounts; set up M...

Goal: Sustain security and privacy posture throughout operations. Maintain a schedule for vulnerability scanning, patch management, and configuration reviews. Conduct periodic privacy and security control reviews and update PIAs as needed.  Ensure change ...

Goal: Safely retire or replace systems while preserving required records and preventing data leakage. Plan archival or migration of records according to legal retention requirements. Sanitize media and verify secure deletion of sensitive data using approve...

Key steps: Prepare: maintain an incident response plan with roles, communication trees, and escalation criteria. Detect and report: ensure monitoring, logging and clear internal reporting channels. Classify: use severity levels (critical, major, minor) an...