Search Results

The institution shall divide the area it manages into security zones based on risk assessment to ensure physical security. The institution shall provide, limited by the scope of official duties, access to particular security zones. The principle of necessar...

The institution shall periodically (at least once a year) assess the risk to institutional operations (including mission, functions, image, or reputation), institutional assets, and individuals resulting from the operation of institutional systems and the asso...

The institution shall monitor, control, and protect communications (i.e., information transmitted or received by institutional systems) at the external and key internal boundaries of institutional digitalization systems. The institution shall use architectu...

The institution shall identify, report, and correct system security flaws on time. The institution shall protect malicious code (malware) within institutional digitalization systems and update malicious code protection mechanisms when new releases are avail...

The institution shall identify and meet the requirements for preserving privacy and protecting PII according to applicable laws and regulations and contractual requirements and especially comply with the law(s) relating to the protection of personal data and p...

The institution shall ensure that backup copies of data, software and system images are regularly made and tested. The institution shall establish, maintain, and effectively implement plans for emergency response, backup operations, and post-disaster recove...

In collaboration with a competent authority where applicable, the institution shall establish and agree on information security requirements with each supplier based on the type of supplier relationship. In collaboration with a competent authority where app...

Users shall have different passwords for different accounts. All default passwords shall be changed upon installation of new software or new Operating System (OS). Passwords shall be securely hashed and stored. Never store plain text passwords, and use str...

The development of a digitalization strategic plan shall be initiated by the mapping of a sector’s business, information, applications, and technology and infrastructure domains. The mapping shall be aimed at highlighting the linkage between the above four ...

The desired situation and attainable targets shall be defined within a period of 3-5 years. The target position shall contribute to the overall goals and strategic objectives of the institution, the specific sector strategic objectives, and also aligned to the...

Based on the assessed current situation, a gap matrix shall be developed to highlight shortages in the four domains.

This stage shall highlight the following: Highlight Strategic interventions that bring about the desired results. Process changes that are needed and impact on institution’s business. Proposed new digitalization projects or existing digitalization project...

The success of the sector digitalization strategic plan depends on the endorsement, commitment, and ongoing support from the sector leadership and relevant stakeholders. It is important to establish a stakeholder’s matrix that clearly outlines respective roles...

Resources (human and financial) needed to implement the strategy and potential sources of funds will be highlighted and a clear monitoring and evaluation matrix of the strategy to measure implementation progress and impact.

All digitalization projects shall be derived from the assessment as indicated in the above section of sector digitalization strategic planning. All institutions are advised to involve RISA starting with project conception stage onwards for better alignment and...

Proper documentations of all digitalization projects across the government shall include the background and rationale of the project, projected output and outcomes, project key components, implementation plan, project implementation risk analysis and mitigatio...

The agile mode of implementation which allows visibility of project details and ability to manage changes is advised for digitalization project implementation across government institutions.

The digitalization office for public entities shall be established through consultation between the concerned entities, RISA and MIFOTRA. The responsibilities and job requirements shall be aligned with the standard job requirements and responsibilities as pub...

All digitalization office staff across the Government shall perform team and individual self-skills assessment, skills development in accordance with respective job profile and duties. All digitalization office staff shall leverage huge rich content and train...

This stage describes the role of ideation within innovation processes, providing the designers with a range of different tools and techniques to get a deep dive understanding of the end-user’s problem, making them familiar with the problem. It shall be encour...