According to ISO/IEC Guide 2:1996, definition 3.2, a standard is defined as “a document, established by consensus and approved by a recognized body, that provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context”.
In Kenya there are three different categories of standards:
- International standards – a standard adopted by an international standardization organization
- National standards – a standard adopted by a national standardization body and made available to the public.
- Company standards – a standard developed by a public or private organization for enforcement in a specified market segment, socio-economic sector or for regulation as well as supplies from its service providers.
- The Government ICT standards are composed of the above and are intended to foster coherence in application of information communication technology within the public service, ensure quality of products and services acquired by the government and enforce a unified approach to the ICT investments in the Public Service.
PURPOSE OF ICT STANDARDS
In the realm of Information and Communication Technologies (ICTs), Standards have special significance for directing and guiding acquisition, development and operation of technologies especially due to the multiplicity of products and services as well the attendant large number of manufacturers of these products. In this regard, Standards are critical in that:
- They address critical and important industry needs for interconnection and interoperability.
- This is particularly important for open markets, such as the ICT products and services markets, where users, who are increasingly mobile, can ‘mix and match’ equipment and services, and where suppliers can benefit from economies of scale.
- They ensure safety, reliability and environmental care.
- They are frequently referenced by regulators and legislators for safety and protection of user and business interests, and
Supporting government policies.
DEVELOPMENT OF ICT STANDARDS
The ICT Standards Development Process is undertaken in a way that maintains focus on the purpose of the specific standard. The process is grounded on adoption of best practices from globally recognized organizations.
The process has six key stages and process flow as illustrated in the diagram below. Each stage provide an opportunity and possibility of feedback into the drafting process thus, provides enormous benefits for the quality of the final document and helps to maintain ‘world class’ status of standard.
QUALITY ASSURANCE AND COMPLIANCE
Since Standards are largely voluntary, the quality assurance and compliance involves:
- Dissemination, publicity and sensitization of the standard to the relevant stakeholder community;
- Undertaking assessment and inspection for conformity to the standard;
- Preparation of a report on status of conformity of the agency with recommendations on necessary interventions;
- Re-assessment of agencies
- Recommendation for conformity Certification by the standards board.
- Accreditation of ICT suppliers and vendors
a. GOVERNMENT ENTREPRISE ARCHITECTURE
The Government Enterprise Architecture (GEA) Framework defines the minimum components of an ICT Plan. The components include infrastructure architecture, information architecture, application architecture, Business architecture, Channel architecture, integration architecture, Security and compliance, Project management and governance.
b. IT GOVERNANCE
This ICT Standard defines the processes that ensure the effective and efficient use of IT in enabling a government institution to achieve its goals. It spans IT management and control in the institution’s culture, organization, policy and practices. It covers IT service management, IT Project Management, IT Legal and Regulatory, Performance Measurement to Support IT Governance, Risk Management, IT Resource Management.
c. INFORMATION SECURITY
This ICT Standard provides a consistent approach to managing information security risks across Government bodies that need to set up appropriate controls for the protection of information from a wide range of threats in order to ensure continuity in Government operations, minimize risk, and maximize return on Government IT investments. It covers Information security policy, Organization of information security, Asset management, Human resource security, Communications security, Operations security, Physical and environmental security, Cryptography, Access control, Systems acquisition, development and maintenance, Supplier relationships, Information security incident management, Information security aspects of business continuity and Compliance
d. SYSTEMS AND APPLICATIONS
This ICT Standard establishes processes for the successful acquisition, deployment, and utilization of software systems and applications. The Standard aims to evaluate quality and ensure the internal usability of the software product. The standard covers Architectural Model for E-Government Applications, Software Acquisition, Maintenance and Disposal, Messaging and Collaboration and Website Development Management
e. INFRASTRUCTURE STANDARDS
This ICT Standard establishes processes for the successful acquisition, deployment, and utilization of Government ICT networks, end user devices, data centres and cloud solutions.
– Government ICT Network Standard includes:- Telecommunication path ways and spaces, Structured cabling, Wireless network connectivity, Fixed telephony service, Routing and switching, Network monitoring and management, Network availability, Network maintainability, Network manageability, Network performance, Network security.
– End User Devices Standard includes:- End user equipment procurement, Technical specifications, Bring-your-own-device policy, Inventory, Maintenance, Decommissioning, Disposal mechanisms, Data- in- transit protection, Data- at-rest protection, Authentication (MCA-issued devices, non-MCA issued devices), ICT minimum hardware specifications,
– Cloud Computing includes:- Cloud service selection (PaaS, SaaS, IaaS), Cloud deployment model selection (public, private, hybrid, community cloud), Service Level Agreements
– Data Centre Standard includes: – Data centre site space and layout, Cabling infrastructure, Tiered reliability, Environment and ambience
f. ELECTRONIC RECORDS AND DATA MANAGEMENT STANDARD
This ICT Standard sets out minimum requirements for the management of electronic records, created to conduct and document e-Government transactions by Ministries, Counties and Agencies (MCAs) are authentic, reliable, inviolable and, and usable. It includes general considerations, Capturing records, Identifying and classifying records, Security, Retention and disposal of records, Migration, Functional Requirements for electronic record management systems, Functional requirements for records in Business Systems
g. ICT HUMAN CAPITAL & WORKFORCE DEVELOPMENT STANDARD
This ICT Standard seeks to enhance the opportunities for interoperability of public service ICT resources ensuring uniformity in skills and competencies, and guaranteeing uniform quality of government services everywhere and all the time. The Standard takes into account the needs and aims of all government’s e-service delivery competencies and thus provides standards on: ICT professional (technical) personnel in the public sector, ICT end users, and Kenyan citizens ICT training. It covers ICT Professionals in the Public Sector, Capacity Development for End User Requirement, Capacity Development for Citizen Competency Requirement, and Accreditation of ICT Institutions/Training Providers