Second Edition ICT Standards

The ICT Authority has issued the second edition of ICT Standards as follows:

1. ICT NETWORK STANDARD
Standard: ICT Networks Standard, ICTA-2.002:2019
Thematic Area: Infrastructure
Description: This Standard establishes specifications for planning, design, implementation, utilization and management of network infrastructure that interconnects and provides internal connectivity in Ministries, Counties and Agencies (MCAs) for both single-tenant and multi-tenant buildings.
Areas Covered:
a. Telecommunication and Equipment path ways and spaces
b. Structured Cabling
c. Wireless Network Connectivity
d. Fixed telephony service
e. Routing and Switching
f. Network design, configuration, documentation and commissioning
g. Internet
h. Network monitoring and management
i. Preventive maintenance
j. Network security

Effective Date: 01 February 2020
2. DATA CENTRE STANDARD
Standard: Data Centre Standard. ICTA-2.002:2019
Thematic Area: Infrastructure
Description: This Standard outlines the specifications to be used in setting up Government data centres that support the large amounts of data flow stored and handled by Government, and are efficient enough to ensure continuous service availability.
Areas Covered
i. Design and Planning (physical location)
ii. Planning Layout
iii. Cabling infrastructure
iv. Environment (Cooling, power and lightning, fire detection and suppression)
v. Physical Security
vi. Data center monitoring
vii. Maintenance and SLAs
Effective Date: 01 February 2020
3. END USER COMPUTING DEVICES STANDARD
Standard: End-User Equipment Standard, ICTA-2.002:2019
Thematic Area: Infrastructure
Description: This Standard establishes procedures for acquisition, data security, privacy, access, storage, management, retention and disposal of all end user devices and services. ICT systems and services should support data exchange, portability and interoperability.
End user devices include personal computers, consumer devices, or removable storage media that can collect, process, or store information.
Areas Covered:
a. End-user device security
b. Equipment acquisition
c. Equipment maintenance
d. Equipment disposal
Effective Date: 01 February 2020
4. SYSTEMS AND APPLICATIONS
Systems & Applications Standard
Standard: Systems & Applications Standard, ICTA-6.002:2019
Thematic Area: Systems & Applications
Description:
The Standard establishes a common framework for software life cycle processes, with well-defined terminology that can be referenced by the MCDAs.
The document applies to the acquisition, supply, development, operation, maintenance, and disposal (whether performed internally or externally to the MCDA) of software systems, products and services, and the software portion of any system, Software includes the software portion of firmware.
Areas Covered
a. Architectural Model for E-Government Applications
b. Software Acquisition, Maintenance and Disposal
c. Messaging and Collaboration
d. Website Development Management
e. Interoperability
f. Integration
g. Licensing
h. Governing of systems

Effective Date: 01 February 2020
5. INFORMATION SECURITY
Standard: Information Security Standard, ICTA-3.002:2019
Thematic Area: Information Security
Description: Information systems security standards aim at providing a framework for the setting up of appropriate controls that will ensure the protection of information from a wide range of threats in order to ensure continuity in government operations, minimize risk, and maximize return on government IT investments.
Areas Covered:
1. Leadership & Accountability
2. Cyber Security Management
3. Risk Management
4. Human Resource Security
5. Operational Security
6. Physical and Environmental security
7. Cloud Security
8. Cryptography
9. Third Party Relationships
10. Compliance

Effective Date: 01 February 2020

6. IT GOVERNANCE STANDARD
IT Governance Standard
Standard: IT Governance Standard, ICTA. 5.002: 2019
Thematic Area: IT Governance
Description
This Standard defines the processes that ensure the effective and efficient use of IT in enabling a government institution to achieve its goals. It spans IT management and control in the institution’s culture, organisation, policy and practices.
Areas Covered
1. Enterprise Architecture
2. ICT governance
3. IT Service Management
4. Legal and Regulatory
5. ICT risk management
6. Sourcing, resourcing and Financing of IT functions

Effective Date: 01 February 2020
7. ICT HUMAN CAPITAL AND WORKFORCE DEVELOPMENT
ICT Human Capital & Workforce Development Standard
Standard: ICT Human Capital and Workforce Development Standard, ICTA.6.002:2019
Thematic Area: ICT Human Capacity
Description
This Standard seeks to enhance the opportunities for interoperability of public service ICT resources ensuring uniformity in skills and competencies, and guaranteeing uniform quality of government services everywhere and all the time. The Standard takes into account the needs and aims of all government’s e-service delivery competencies and thus provides standards on: ICT professional (technical) personnel in the public sector, ICT end users, and Kenyan citizens ICT training.
Areas Covered
a. Requirements for ICT Professionals in the Public Sector
b. Capacity Development for End User Requirement
c. Capacity Development for Citizen Competency Requirement
d. Accreditation of ICT Institutions/Training Providers
e. Accreditation of IT Professionals

Effective Date: 01 February 2020
8. CLOUD COMPUTING
Standard: Cloud Computing Standard, ICTA-7.002:2019
Thematic Area: Infrastructure
Description: This standard provides a framework for acquisition and deployment of cloud based computing products and services.

Areas Covered:
a. General requirements
b. User context of cloud computing: This entails the parties, the roles, the sub-roles and the cloud computing activities
 Cloud service customer
 Cloud service provider
c. Cross cutting aspects.
Effective Date: 01 February 2020
9. ELECTRONIC RECORDS MANAGEMENT STANDARD
Standard: Electronic Records and Data Management Standard, ICTA-4.002:2019
Thematic Area: Electronic Records Management
Description: This Standard provides a framework for management of electronic records such that they meet the same requirements as their regular paper record counterparts.

Areas Covered:
i. General considerations
ii. Capturing records
iii. Classification and indexing
iv. Access Control and Storage
v. Migration and Conversion
vi. Retention and Disposal
vii. E-records Management Systems
viii. Business Systems

Effective Date: 01 February 2020