Systems standards and proceduresMary Kerema

S2S3

Slide 1

S2 Sergon, 8/23/2014

S3 Sergon, 8/23/2014

Outline

Infrastructure and Universal Access to

1. Definitions , Purpose and Basis for the

standard

2. The Domain

3. Sub-domains

4. Scope, Target areas, References

5. General Requirements

Definition, Purpose and Basis for standards

1Software engineering is the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software.

2 ICT Systems automate government processes for increased efficiency and effectiveness in service delivery

3

This standard provides the requirements for the development, acquisition, execution and supervision of plans, policies, programs and practices that control, protect, deliver and enhance the value of applications, software, data, messaging and collaboration tools and assets for the Government of Kenya

4 Systems domain is a critical component of the GEA and it forms the application architecture layer

SystemsStandards

Shared Services use the advantages of local and centralised approaches to create greater value for users/clients/customers

Different standards

Replication of effort

Replication of costs

Inconsistent approaches

Maintain control of decisions

Allow for management’s priorities

Direct customer relationship

Fragmented Shared Centralised

Concentration of skills

Performance culture

Core competencies

2+2=5

Best practice

Simplified

Standardised

Single systems

Economies of scale

No local say in costs

Distant, remote

Lack of agility

Disenfranchised

Sub- Domains of ICT Systems Standards

Software andSystems Engineering

Messaging andCollaboration Websites

ICT systems Standard Domain

Sub- domain 1

Target Areasa. System/software planning techniquesb. Software Developmentc. Software Selection and Acquisitiond. Software Testing and Traininge. Purchase, deployment and use of licensed software

COBIT 5:ISO 90003:COBIT 4:ISO_IEC_27002_2005:ISO/IEC 26514:2008: ISO/DIS 15489-1:ISO 15489-1: 2001:ISO/TR 15489-2: 2001:ISO 16175-1:2010/2011:NIST Special Publication 800-45 Version 2National Information System Security Glossary, NSTISSI No.4009, January 1991ISB Standard Version 2.0E-mail Address naming StandardISF 2011 Standard of Good Practice for Information Security

Sub-domain 2 Sub- domain 3

Sub- domains

Software andSystems Engineering

Messaging andCollaboration Websites

System/software planning

techniques

There is need to apply specific techniques for gathering MCA’s applications in order to collate the asset register to support the investment planning process.

General requirements:

High Level Design

Detailed Design

Application Software

Development

Requirements for development and documentation of high-level designsusing agreed-on and appropriate phased or rapid agile developmenttechniques to translate business requirements into high-level designspecifications

Detailed design and technical software application requirements thatinform the criteria for acceptance of the requirements

Requirements to ensure that the automated functionality is developed inaccordance with design specifications

General requirements:Software Development

Software Selectionand Installation

Maintenance ofcommercial-off-the

shelfsoftware

Applying vendorsupplied patches

and updates

This refers to the software selection process and installation which willbe used in the MDA’s to ensure that the required software isimplemented. This has to consider the GEA principles for inoperability,ensuring that prior to this process existing software can be re used.

This refers to the principles guiding the maintenance of software directlypurchased off the shelf.

A software update management process shall be maintained to ensurethat the correct patches are implemented in the software

General requirements:Software Selection and Acquisition

Software Testing and Training

The guidelines under these section cover the following areas:� Input data validation� Internal processing� Message integrity� Output data validation� Training� Minimum software applications and operating system features� Software testing

General requirements:

Installing and usingpersonal software

Outdated and obsoletesoftware

Authentication method

to be used for licensedsoftware

Where users wish to install and use their privatesoftware on devices (eg laptops, tablets and computers)belonging to GoK

Where special or obsolete software is required for continued operation of existing systems

General requirements:Purchase, deployment and use of licensed software

Software vendors are required to provide a recommended mechanism for GoK to authenticate genuine software that is purchased by GoK on or beforedelivery of such software.

Software inventory.

Controll of changesmade to existing

software

Management ofremovable media

containing software

An up-to-date inventory for ICT software shall beprepared and maintained by the Head of ICT to ensureaccountability for all acquired software.

This applies to all changes made to software in theproduction environment)

General requirements:Purchase, deployment and use of licensed software

All removable computer media (such as hard-disks,thumb drives, CDs) shall be stored in a secure andcontrolled manner

Disposal or re-use of

software or equipment

containing licensedsoftware.

Disposal or re-use of software or equipment containing licensedsoftware

General requirements:Purchase, deployment and use of licensed software

THANK YOU