GOVERNMENT ICT STANDARDS

ICT Governance Standard

ICTA. 5.003.2023

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke

© ICTA 2023 - All Rights Reserved

 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

REVISION OF ICT STANDARDS

In order to keep abreast of progress in industry, ICT Standards shall be regularly reviewed. Suggestions
for improvements to published standards, addressed to the Chief Executive Officer, ICT Authority, are
welcome.

©ICT Authority 2023

Copyright. Users are reminded that by virtue of Section 25 of the Copyright Act, Cap. 12 of 2001 of the
Laws of Kenya, copyright subsists in all ICT Standards and except as provided under Section 26 of
this Act, no Standard produced by ICTA may be reproduced, stored in a retrieval system in any form or
transmitted by any means without prior permission in writing from the Chief Executive Officer.

ICT AUTHORITY (ICTA)

Telposta Towers 12th floor. Kenyatta Avenue P.O. Box 27150-00200, Nairobi Kenya Tel.: +254 20 2089061
Web:http://www.icta.go.ke
Email:standards@ict.go.ke

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
2
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

DOCUMENT CONTROL

Document Name: Government ICT Governance Standard

Prepared by: Government ICT Governance Technical Committee
Edition: Third Edition
Approved by: Board of Directors
Date Approved: 3rd May 2023
Effective Date: 1st July 2023
Next Review Date: After 3 years

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
3
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

CONTENT
FOREWORD.................................................................................................................................................7
1.0 Introduction...................................................................................................................................8
1.1. Objectives......................................................................................................................................8
1.2. Outcomes.......................................................................................................................................9
2.0 Scope..............................................................................................................................................10
3.0 Application.....................................................................................................................................10
4.0 Normative references..............................................................................................................11
5.0 Terms and Definitions..............................................................................................................11
6.0 Abbreviations...............................................................................................................................12
7.0 Subdomains...................................................................................................................................12
8.0 Enterprise Architecture...........................................................................................................13
8.1. Business Architecture.............................................................................................................13
8.2. Application Architecture........................................................................................................13
8.3. Information / Data Architecture.........................................................................................14
8.4. Infrastructure Architecture...................................................................................................13
8.5. Security and Compliance........................................................................................................14
8.6. Project Management and Governance Architecture.................................................14
8.7. Performance Architecture.....................................................................................................14
9.0 Governance of ICT Function..................................................................................................15
9.1. Independent ICT Function......................................................................................................15
9.2. ICT Governance Committees................................................................................................15
9.3. ICT Organization.........................................................................................................................15
9.4. IT strategy......................................................................................................................................15
9.5. ICT Project governance...........................................................................................................15
10.0 Government ICT Projects Implementation Standards and guidelines .............16
10.1. Project Initiation.........................................................................................................................16
10.2. Project planning.........................................................................................................................16
10.3. Project execution.......................................................................................................................17
10.4. Project controlling and monitoring...................................................................................17
10.5. Project closing............................................................................................................................18
11.0 ICT Service Management.......................................................................................................18
11.1. ICT Service Strategy.................................................................................................................18
11.2. ICT Service management.......................................................................................................18
11.3. Service level management....................................................................................................18
11.4. IT Service Design........................................................................................................................19
11.5. IT Service transition.................................................................................................................20
11.6. IT Continuous service improvement................................................................................20

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
4
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

12. Legal and Regulatory...............................................................................................................20

12.1. Kenya laws on ICT ....................................................................................................................20
12.2. Roles and responsibilities......................................................................................................21
13. ICT Risk management..............................................................................................................21
13.1. General...........................................................................................................................................21
13.2. ICT Risk framework...................................................................................................................21
14. Sourcing, Resourcing and Financing of IT functions..................................................21
14.1. General...........................................................................................................................................21
14.2. Sourcing of ICT equipment, products and services....................................................21
14.3. Resourcing....................................................................................................................................22
14.4. Financing......................................................................................................................................22
14.5. Asset management..................................................................................................................22
14.6. Capacity building.......................................................................................................................23
14.7. Tools................................................................................................................................................23
14.8. Innovation.....................................................................................................................................23
Appendix 1: IT GOVERNING COMMITTEES....................................................................................24
Appendix 2 GoK Project Management Governance Structure...........................................26
Appendix 3: ICT Organization Structures.....................................................................................27
Appendix 4: Project governance roles...........................................................................................29
Appendix 5: Project management documentation..................................................................37
Appendix 6: Project documentation development..................................................................38
Appendix 7: A generic project governance model for larger, more complex projects
........................................................................................................................................................................39
Appendix 8: Sample Outcome Realization data for the Project Business Plan.........40
Appendix 9: Stakeholder engagement process........................................................................40
Appendix 10: Stakeholder communication channels..............................................................41
Appendix 11: Elements of the risk management process.....................................................42
Appendix 12: Risk matrix for grading risks...................................................................................43
Appendix 13: Recommended actions for grades of risk........................................................44
Appendix 14: Issue management flowchart................................................................................45
Appendix 15: Sample Project Issues Register............................................................................46
Appendix 16: Project closure..............................................................................................................47
Appendix 17: Sample Service Management structure (ITIL) for Small organizations
........................................................................................................................................................................48
Appendix 18: Sample Service Management structure (ITIL) for large
organizations...........................................................................................................................................49

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
5
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Appendix 19: Service desk 1st, level, 2nd level and 3rd level support definitions..... 50
Appendix 20: Sample ICT Strategy Format................................................................................. 51
Appendix 21: Risk management process..................................................................................... 61
Appendix 22: Accreditation of ICT Service Providers............................................................. 62
Appendix 23: Accreditation of ICT Professionals.....................................................................68
Appendix 24: Government ICT Project Governance Structures.........................................70
A. National ICT Project Governance Structures................................................................70
B. Ministries, Agencies and Counties.....................................................................................71

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
6
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

FOREWORD

The ICT Authority has an express mandate to, among others, set and enforce ICT standards and guidelines
across all aspects of information and communication technology including systems, infrastructure,
processes, human resources and technology for the public service. The overall purpose of this specific
mandate is to ensure coherence and unified approach to acquisition, deployment, management and
operation of ICTs across the public service, including state agencies, in order to promote service integration,
adaptability and cost savings through economies of scale in ICT investments.
In pursuit of the achievement of this mandate, the Authority established a standards committee that
identified the critical standards domain areas and oversaw the standards development process. To this
end, the committee consulted and researched broadly among subject matter experts to ensure conformity
to acceptable international and national industry best practices as well as relevance to the Kenyan
public service context. The committee eventually adopted the Kenya Bureau of Standards (KEBS) format
and procedure for standards development. In addition, through an MOU, KEBS has made an invaluable
contribution to the development of ICT Authority standards.
The ICT Governance Standard, which falls under the overall Government Enterprise Architecture (GEA),
has therefore been prepared in accordance with KEBS standards development guidelines which are, in
turn, based on the international best practices by standards development organizations including ISO.
The Authority’s Directorate of Programmes and Standards has the oversight role and responsibility for
management, enforcement and review of this standard. The Directorate shall be carrying out quarterly
audits in all the Ministries, Department, Agencies and Counties (MDACs) to determine their compliance
to this Standard.
The Authority shall issue a certificate for compliance to agencies upon inspection and assessment of
the level of compliance to the standard. For non-compliant agencies, a report detailing the extent of the
deviation and the prevailing circumstances shall be tabled before the Standards Review Board who shall
advise and make recommendations.
The ICT Authority management, cognizant of the central and core role that standards play in public service
integration, fostering shared services and increasing value in ICT investments, takes great exception to
the enforcement of this standard by all Government agencies. The Authority therefore implores agencies
to prioritize the process of certification to this standard as a foundation of their ICT investments in order
to create and enhance value.

Stanley Kamanguya, OGW

Chief Executive Officer

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
7
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

1.0 INTRODUCTION
Information Communication Technology has become an integral part of the economy all over the world.
The ICT sector has recorded the highest rate of growth compared to other sectors. This has prompted
governments to put more emphasis on e-government deployment and adoption while rendering
government services to its citizens. The role of ICT has evolved from the traditional support function to
ICT as an economic enabler and more recently, ICT is playing the role of economic growth accelerator. The
Kenyan government has identified these roles of ICT through the Vision 2030 masterplan and in the ruling
Kenya Kwanza government manifesto. The Kenya government intends to fast track the automation of over
6000 government services to be accessible to the citizens through unified one stop shop digital platforms.
To make this dream a reality, the government is extending the internet reach to all the urban areas and
through various interventions such as WIFI hotspots and last mile connectivity at the sub counties. County
governments are not left behind either and are fast-tracking the integration of their government services.
To guide in the adoption and utilization of ICT in the Kenyan economic landscape, the Government has
put in place ICT frameworks and standards. The National digital master plan formulated in 2022, will be
implemented over 10 years until 2032.These masterplans, guidelines and standards has enabled Kenya to
achieve important successes in the areas of telecommunications, infrastructure development, human
capital development and use of ICT in service delivery to citizens
The government developed ICT Standards to guide on the adoption and implementation of ICT projects in
government entities in 2013. The standards have undergone two reviews in 2016 and 2019 respectively. This
document manifests the 3rd review of the ICT standards and incorporates the standards to address the
changes and dynamics that have taken place since the last review in 2019. These include the impacts of
COVID19 and the key priority pillars in the new government that took office in August 2022.
Specifically, this document addresses the IT Governance as part of the wider Corporate Governance activity.
ICT governance is a “framework for the leadership, organizational structures, and business processes,
standards, and compliance to these standards, which ensure that the organization’s IT supports and
enables the achievement of its strategy and objectives.”

1.1. Objectives
The Government intends to develop momentum in utilizing ICT as an economic growth accelerator through
the implementation of these Governance standards.
The IT Governance standards shall guide the National Government (Ministries, State departments,
Agencies) and the County governments to:
1. Guide the rollout of integrated government services.
2. Identify and mitigate ICT related risk.
3. Tap into ICT as an economic growth accelerator.
4. Consider the new relevant laws, regulations, policies and ensure their ICT strategies are aligned
5. Improve service delivery through effective and efficient use of ICT
6. Effectively manage ICT related risks
7. Optimize the value from ICT investments
8. Adopt and adhere to ICT ISO Standards.
The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
8
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

1.2. Outcomes
The adoption and implementation of ICT governance standards across government is expected to achieve
the following key result areas:
1. Adoption of ICT governance and risk management policies, laws and regulations in MDAs and Counties
• Adoption of Kenya Information and Communication Act
• Adoption and adherence to the Data Protection Act No.24 of ,2019.
• Adoption of Mwongozo guidelines on ICT governance
• Adoption and implementation of global standards on ICT governance such as COBIT, ISO
• Adoption of project governance frameworks such as Prince2 and PMP.
• Adoption of intergovernmental framework on managing cross cutting ICT projects

2. Transparency and accountability

• Improved transparency in the identification and management of ICT projects
• Focused decision-making in ICT operations and initiatives
• Accountability in the realization of set objectives and intended benefits

3. Prudent use of public finance on ICT investments

• Better understanding on Total Cost of ownership (TCO).
• Effective use of resources on ICT initiatives.
• Stakeholder engagement on all ICT initiatives.
• Provide ICT services in excluded and underserved areas to spur economic growth and development.

4. To create new opportunities and enhance partnership to unlock shared values in the ICT sector
• Streamline engagement, contracting, performance and oversight of e-government initiatives
undertaken in partnership with third parties (PPP, G2G, Bilateral and Multilateral partners, Private
Sector, NGOs, FBOs)
• Position ICT both as an economic enabler as well as economic growth accelerator
• Create an enabling legal framework to promote joint ventures in ICT projects.
• Promote Kenya as a Regional ICT Hub for software development and export

5. To guide the adoption of open ICT Interoperability Standards

• To pave the way for a smooth integration and sharing of data/information between various Government
Information Systems and Applications held by various public sector entities possible.

6. To guide in the adoption and implementation of Open Government Data and service initiative.
• To promote transparency, accountability and value creation by making government data available to
all.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
9
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

2.0 SCOPE

IT governance consists of the leadership and organizational structures and processes that ensure the
enterprise sustains and extends strategies and objectives.
It spans the culture, organization, policy and practices that provide for IT management and control
across five key areas:
1. Alignment - Provide for strategic direction of IT and the alignment of IT and the business with respect
to services and projects.
2. Value delivery – Confirm that the IT/Business organization is designed to drive maximum business
value from IT. Oversee the delivery of value by IT to the business, and assessment of ROI.
3. Risk Management– Ascertain that processes are in place to ensure that risks have been adequately
managed. This includes assessment of the risk aspects of IT investments.
4. Resource management – Provide high-level direction for sourcing and use of IT resources.
Oversee the aggregate funding of IT at enterprise level. Ensure there is an adequate IT capability and
infrastructure to support current and expected future business requirements. Ensure competent human
resource with desired ethical behaviors and norms.
5. Performance – Verify strategic compliance, i.e., achievement of strategic IT objectives. Review the
measurement of IT performance and the contribution of IT to the business (i.e., delivery of promised
business value). Ensure that IT service providers are regulated and managed so as to maintain expected
level of performance in delivery of their services to the government.

3.0 APPLICATION

This standard applies to:

• Central Government of Kenya
• County Governments
• Commissions and independent bodies
• State Corporations

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
10
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

4.0 NORMATIVE REFERENCES

The following standards contain provisions which, through reference in this text, constitute provisions of
this standard. All standards are subject to revision and, since any reference to a standard is deemed to
be a reference to the latest edition of that standard, parties to agreements based on this standard are
encouraged to take steps to ensure the use of the most recent editions of the standards indicated below.
Information on currently valid national and international standards can be obtained from Kenya Bureau of
Standards.
• COBIT 5
• PRINCE2
• PMBOK®6
• ISO 10006:2018
• ITIL V4
• CISA Review Manual 27th edition
• Government Enterprise Architecture

5.0 TERMS AND DEFINITIONS

5.1. Accounting Officer - any person appointed by the Treasury and charged with the duty of accounting
for any service in respect of which moneys have been appropriated by Parliament or any person to whom
issues are made from the exchequer account.
5.2. Enterprise Architecture - Enterprise architecture (EA) is a conceptual blueprint that defines the
structure and operation of ICT in an organization. EA involves documenting an organization’s IT assets in a
structured manner to facilitate understanding, management and planning for IT investments. An EA often
involves both a current state and an optimized future-state representation (e.g., a road map).
5.3. Enterprise IT Governance - EGIT is about the stewardship of IT resources on behalf of all stakeholders
(internal and external) who expect their interests to be met. Management, processes, operational
governance structure of the enterprise ICT.
5.4. Service desk - A Service Desk is a primary IT function within the discipline of IT service management.
It is intended to provide a Single Point of Contact to meet the communication needs of both users and IT
staff.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
11
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

6.0 ABBREVIATIONS

EA Enterprise Architecture
WAN Wide area Network
LAN Local Area Network
SLA Service Level Agreement
MCDA Ministry, County and agency
ICTA ICT Authority
ROI Return on Investment
NEMA National Environment Management Authority
CIO Chief Information Officer
QOS Quality of Service
COBIT Control Objectives for IT
PMBOK Project Management Book
SWOT Strength Weakness Opportunity and Threat
CMMI Capability Maturity Model Integration
COSO Committee of Sponsoring Organizations
PPP Public Private Partnership
GEA Government Enterprise Architecture
CISO Chief Information Security Officer
IT Information Technology

7.0 SUBDOMAINS
The following are the sub-domains covered under the ICT Governance Standard
1. Enterprise Architecture
a. Business Architecture
b. Application architecture
c. Information / Data Architecture
d. Infrastructure Architecture
e. Security and Compliance
f. Project Management and Governance Architecture
g. Performance Architecture

2. ICT Governance
a. Independent ICT Function
b. ICT Governance Committees
c. ICT Organization
d. ICT Strategy
e. ICT Project Governance

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
12
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

3. ICT Service Management

a. ICT Service Strategy
b. Service Level Management
c. ICT Service Design
d. ICT Service Transition
e. ICT Service Continuous Improvement

8.0 ENTERPRISE ARCHITECTURE

a) MDAs and Counties shall develop an Enterprise architecture as a conceptual blueprint that defines
the structure and operation of ICT in an organization.
b) MDAs and Counties shall be guided by the approved Government Enterprise Architecture when
developing their enterprise Architecture based on appropriate business, application, information,
and infrastructure, security, performance and project governance architecture to support the entire
ecosystem.

8.1. Business Architecture

8.1.1. Business plans and objectives
a) MDAs and Counties shall adapt principles of their specific business architecture in line with the
Government Enterprise Architecture.
b) MDAs and Counties shall have clearly defined ICT plans, objectives and metrics that support business
goals.
c) MDAs and Counties shall have mechanisms for monitoring performance of ICT investments.

8.1.2. Business Process

a) MDAs and Counties shall have business processes designed and applied to focus on service to
Citizens provided as a single interface through multiple access platforms.
b) MDAs and Counties will seek to optimize business processes and then use performance standards to
define automation requirements.

8.2. Application Architecture

a) MDAs and Counties shall ensure the design; implementation and delivery of the application
architecture shall adhere to the application architecture principles as guided by GEA.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
13
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

8.3. Information / Data Architecture

a) MDAs and Counties shall adopt appropriate analytical services for discovery interpretation of
meaningful data patterns.
b) MDAs and Counties shall implement master data management to define and manage their critical
data with integration and single point of reference.

8.4. Infrastructure Architecture

a) MDAs and Counties shall ensure the design, implementation and delivery of the infrastructure
architecture shall adhere to the infrastructure architecture principles as guided by GEA. The
principlesare: -
a. Ensuring technology diversity is contained
b. Technology components are able to interoperate and exchange information
b) The MDAs and Counties shall implement LAN/WAN, internet,computing, enterprise networks,
storage and data center to support business operations in line with the GEA and Infrastructure
Standards.

8.5. Security and Compliance

a) MDAs and Counties shall ensure the design, implementation and delivery of information security shall
adhere to the information security architecture principles as guided in the GEA
b) MDAs and Counties shall establish information security governance structure as guided by appendix
1b

8.6. Project Management and Governance Architecture

a) MDAs and Counties shall ensure the design, implementation and delivery of ICT projects shall adhere
to the project management and governance architecture principles as defined in the GEA.

8.7. Performance Architecture

8.7.1. Capability Maturity Model Integration (CMMI)
a) MDAs and Counties shall improve business goals or develop process guidance models that provide a
clear definition to promote improved performance.

8.7.2. Balanced Scorecard

a) MDAs and Counties shall have an ICT Balanced Scorecard to measure performance consisting of four
perspectives: IT Value, User, Operational Excellence, and Future Orientation

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
14
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

9.0 Governance of ICT Function

9.1. Independent ICT Function
a) MDAs and Counties shall have a defined structure for the ICT function in the organization reporting to
the Accounting Officer or the Chief Executive Officer (CEO).

9.2. ICT Governance Committees

MDAs and Counties shall establish two ICT governance committees;
a) An IT Strategy committee to provide strategic advice on ICT initiatives and investments to the board
as defined in Appendix 1.
b) An IT Steering Committee to define the IT mission and goals aligned with the strategic direction of
the organization; authorize and direct the development of the services and operation plans as defined in
Appendix 1.

9.3. ICT Organization

a) MDAs and Counties shall establish an ICT organization structure that adequately responds to the
business goals, mandate and vision of the organization.
b) The head of the ICT function shall report to the accounting officer and shall hold either the following
titles
i. Chief Information Officer (CIO)
ii. Chief Information Technology Officer (CITO)
iii. Chief Technology Officer (CTO)
iv. Director ICT (DICT) or Head of IT (HIT)
c) The head of the ICT function shall be registered with the ICT Authority as an ICT practitioner/
professional.
9.4. IT strategy
a) IT shall be a strategic objective in the overall strategic plan of the MDAs and Counties.
b) The MDAs and Counties shall prepare and maintain an ICT strategic plan with clear IT vision and
mission that defines how the MDAs and Counties plans to improve internal services and services to
businesses and citizens.
c) The strategy shall be developed with input from internal and external stakeholders.
d) The strategy shall be informed by a situational analysis of internal and external business environment
e) The strategy shall define specific tasks and responsibilities for achieving value delivery from ICT
investment
f) The strategy shall be implemented to achieve ICT optimized investment

9.5. ICT Project governance

a) All ICT projects within MDAs and Counties shall be classified under the following categories;
i. Departmental Project
ii. Institutional Project
iii. Inter-Agency Project
iv. Multi sectoral Project
v. Inter-governmental project

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
15
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

c) Every project shall have project sponsor (accounting officer, group or committee established to guide
the project, Principle Project Champion)
d) MDAs and Counties shall establish a Project Management Office /Secretariat.
e) Projects shall be based on clear and compelling business case and have the documents as prescribed
in Appendix 5
f) A project implementation committee shall be established to report to the project sponsor and shall be
chaired by a project manager.
g) MDAs and Counties shall adopt and approve a project’s implementation methodology based on globally
accepted approaches such as PMBOK or Prince 2.
h) MDAs and Counties shall adopt software development methodologies that include waterfall, agile,
SDLC and SCRUM as guided by the Systems and Applications standard
i) MDAs and Counties shall carry out their project management as guided in Appendix 4-16.

10. Government ICT Projects Implementation Standards and guidelines

10.1. Project Initiation
MDAs and Counties shall: -
i. Identify the specific business problem or opportunity.
ii. define project objectives in alignment to the institutional goals and objectives.
iii. Conduct a high-level risk assessment and define the mitigation measures for the project.
iv. Undertake:
a. initial scoping
b. definition of requirements
c. analysis of alternative solutions
d. calculation of cost estimates
e. identification of benefits and
f. identification of high-level timelines.
v. identify the project sponsor, key stakeholders and document their roles and responsibilities for
implementation of the project.
vi. Conduct an assessment of potential organisational impact
vii. Identify source and means of funding for the project
viii. perform a feasibility study to determine the viability of an idea, in terms of legal, economic and
technical aspects of the project
ix. Develop a Concept note, business case and submit for approval.

10.2. Project planning

MDAs and Counties shall: -

i. In agreement with all stakeholders (project teams, sponsors, vendors, and users) describe scope of the
project so as to ensure that there is a clear understanding of their roles and expectations.
ii. Identify and define the project tasks in terms of priority, sequence and expected timelines for completion

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
16
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

iii. Develop a human resource plan for the project that will define the roles and responsibilities of the
project team
iv. Formulate a risk management plan that will assist in the identification of the projects risks and their
mitigation measures.
v. Develop a quality management plan that will include activities for quality assurance and control.
vi. Prepare the communication plan for the project that will describe how the milestones of the project
will be communicated to all the relevant audiences. The plan shall also define how issues related to the
project will be communicated and resolved.
vii. Develop a stakeholder management plan that will describe how they will be engaged throughout the
project lifecycle.
viii. Formulate a change management plan for the project that will describe the process for requesting,
logging, evaluating, and approving (or denying) changes requested during the project implementation.
ix. Define the project procurement plan in line with public procurement and disposal Act.
x. Describe the budget of the project and document as per the specific tasks and deliverables.
xi. Source for funding of resources required for the project execution
xii. Develop and submit a project plan to guide stakeholders, sponsors, and project team on all the
phases of the project

10.3. Project execution

MDAs and Counties shall: -
i. Undertake the planned tasks as described in the plans in order to meet the objectives of the project.
ii. acquire, develop and manage the project team.
iii. communicate the progress of the project to all key stakeholders, sponsors and team members.
iv. conduct change management that might entail the appropriate request, review, approval and
implementation of any proposed changes.
v. Perform quality assurance to ensure that quality metrics are kept in check throughout the project
cycle.
vi. Document deliverables and milestones for all ICT projects
vii. Develop progress reports for all ICT projects

10.4. Project controlling and monitoring

MDAs and Counties shall:

i. Determine if the project is within budget, scope, and is meeting timelines and milestones.
ii. Continually track, review, adjust and report on the performance of the project.
iii. perform issue, risk, cost and quality management
iv. Perform quality checks of the delivered output to identify any preventive or corrective actions
needed.
v. monitor the implementation of any approved changes or revision of schedule.
vi. Document information related to the project’s output.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
17
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

10.5. Project closing

MDAs and Counties shall:
i. Ensure there is a formal handover and signoff by stakeholders of all the project deliverables.
ii. Ensure that all the relevant project documentation is completed and signed by the appropriate
stakeholders. This shall include closing out all the outstanding project related contracts and agreements
with vendors.
iii. Make sure that on completion of the project, transfer of knowledge/ capacity building is done for
users and ICT administrators. The support documentation shall also be prepared and handed over.
iv. finalize all project reports, store and archive them for future reference
v. Identify and document lessons learned from the project to serve as reference for future projects
vi. Develop the end project report.
11. ICT Service Management
11.1. ICT Service Strategy
a) MDAs and Counties shall develop an ICT service strategy to create new and improved services.

11.2. ICT Service management

a) MDAs and Counties shall have a service charter for IT enabled services.
b) The charter shall define the desired outcomes of the services.
c) The charter shall define the assets required to offer the services.
d) MDAs and Counties shall annually evaluate usage of the IT enabled services and customer
satisfaction.

11.3. Service level management

a) MDAs and Counties shall develop and sign service level agreement (SLA) with service providers
(internet, systems support, maintenance etc.) to ensure availability and reliability of IT enabled services.
b) The SLA shall define performance metrics for the service providers.
c) MDAs and Counties shall monitor achievement of service levels and compare them with agreed
service targets in the SLA
d) SLAs shall have penalties for failure to meet agreed service levels

11.3.1. Service desk

a) MDAs and Counties shall establish an IT service desk management system to handle all incident
reports and requests from end users
b) The service desk shall have 1st level, 2nd level and 3rd level support
c) The service desk shall develop and document standard operation procedures for IT services
d) MDAs and Counties shall have a system to track customer complaints, compliments and resolution

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
18
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

11.3.2. IT Operations Control

a) MDAs and Counties shall designate staff to manage the day-to-day operational activities in IT e.g.,
back up, routine maintenance, print and output management, installations to ensure they are done in a
reliable and timely manner
b) MDAs and Counties should manage fraud using COSO framework
c) MDAs and Counties should adopt IT service and governance framework such as COBIT for internal
controls and management of IT
d) All MDAs and counties shall document ICT operations in standard operating procedures

11.3.3. Business Relationship Management

a) MCDA shall conduct and document customer satisfaction surveys on IT enabled services annually for
internal and external customers
b) MCDA shall conduct training and awareness programs annually to sensitize internal and external
customers on IT enabled services

11.4. IT Service Design

11.4.1. Availability Management
a) MDAs and Counties shall develop and implement quarterly preventive maintenance plans for IT
equipment
b) MDAs and Counties shall develop and maintain manuals on how to operate and maintain systems and
equipment
c) MDAs and Counties shall develop a disaster recovery plan for all services

11.4.2. IT Infrastructure Capacity Management

a) MDAs and Counties shall annually evaluate the capacity of IT infrastructure to understand the current
environment and plan for future needs. The ICT Authority shall validate such evaluation
b) MDAs and Counties shall establish a framework for IT infrastructure improvement
c) MDAs and Counties shall set realistic targets for IT infrastructure improvement, prioritize gaps and
propose achievable solutions

11.4.3. Information Security Management

a) MDAs and Counties shall establish an information security management framework as guided by the
information security standard
b) The Information Security function shall be a unit within the ICT department.

11.4.4. Supplier management

a) All ICT suppliers and contractors Government shall be registered by ICT Authority in accordance with
the requirements stipulated in Appendix 33

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
19
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

11.5. IT Service transition

11.5.1. IT Service change management

a) MDAs and Counties shall develop a policy to ensure that any changes to IT enabled services are
conducted with minimal disruption to services
11.5.2. Knowledge management
MDAs and Counties shall implement an ICT knowledge base which shall contain a database of common
IT service problems and how to solve them

11.6. IT Continuous service improvement

11.6.1. Service and process performance review
a) MDAs and Counties shall conduct quarterly performance reviews of IT processes and IT enabled
services in line with performance contracting guidelines. The review shall include suggestions for
improvement. MCDA s shall seek guidance from ICT Authority
b) MDAs and Counties shall conduct benchmarking with the aim of identifying shortcoming and
developing plans for improvement
c) MDAs and Counties shall, in collaboration with ICT Authority, conduct regular system audits for all
systems to ensure compliance and conformity to the ICT standards.

12.0 LEGAL AND REGULATORY

12.1. Kenya laws on ICT

MDAs and Counties shall identify the specific laws and regulations affecting IT in their organizations and
respond accordingly. The Kenya laws on ICT include:
a) Computer Misuse and Cybercrime Act 2018 -Information Security, Systems and Applications
b) Access to Information Act 2016- E-records, Systems and Applications
c) Kenya Information and Communications Act 2013- E- records and Data Management, Systems and
applications
d) Data Protection Act 2019
e) Evidence Act 2014- E-records and Data Management
f) Legal Notice 183, 2013 (The Information and Communication Technology Authority Order 2013)- IT
Governance, Information Security, Systems and Applications, E-records and Data Management
g) Public Archives and Documentation Service Act 2012- E-records and Data Management
h) Industrial Property Act 2001 and Copyright Act- End User Devices, Systems and applications, cloud
computing, Information Security
i) Public Officers Ethics Act 2003- End user devices, IT Governance, Systems and Applications
j) NEMA guidelines on E-waste- End User Devices
k) Private Public Partnership Act 2013 – IT Governance

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
20
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

12.2. Roles and responsibilities

a) IT functions in MDAs and Counties shall seek legal advice as necessary internally or externally to
better manage contracts
b) MDAs and Counties shall seek technical advice or service from competent third party as maybe
required from ICT Authority.

13.0 ICT RISK MANAGEMENT

13.1. General
a) ICT risk management will be undertaken as guided in Appendix 11, 12 and 13

13.2. ICT Risk framework

a) MDAs and Counties shall develop a risk strategy
b) MDAs and Counties shall set acceptable levels of risk.
c) MDAs and Counties shall undertake regular risk assessment for identification, recording, analysis and
mitigation.
d) Responsibility for risk mitigation shall be assigned to the relevant function for managing key risks
depending on the type of risk and its possible impact, the MDAs and Counties shall adopt any of the
following mitigation measures: Reduce, Transfer, Accept and Mitigate risks.

14.0 SOURCING, RESOURCING AND FINANCING OF IT FUNCTIONS

14.1. General
a) To support IT Governance, MDAs and Counties shall establish structures to manage IT resources as
per Appendix 4.
14.2. Sourcing of ICT equipment, products and services
a) MDAs and Counties shall source ICT resources while adhering to the GoK ICT standards. as per the
guidelines below
i. MDAs and Counties should evaluate its ICT function and determine the most appropriate method of
delivering the ICT function based on the following;
1. Is this a core function of the organization
2. Does this function have specific knowledge, processes, and staff critical to meeting its goals and
objectives and that cannot be replicated externally or in another location?
3. Can this function be performed by another party or in another location for the same or lower price,
with the same or higher quality and without increasing risk?
4. Does the organization have experiences managing third parties or using remote/offshore locations to
execute IS or business functions?
5. Are there any contractual or regulatory restrictions preventing offshore locations or use of foreign
materials.
a) On completion of the sourcing strategy, the IT steering committee should review and approve the
strategy. At this point, if the committee has chosen to use outsourcing, a rigorous process should be
followed including the following steps;

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
21
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

1. Define the IT function to be outsourced

2. Describe the service levels required and minimum metrics to be met
3. Know the desired level of knowledge, skills, and quality of the expected service provider
4. Know the current in-house cost information to compare with third party bids
5. Conduct due diligence reviews of potential service providers
6. Confirm any considerations to meeting contractual or regulatory requirements.

14.3. Resourcing
a) MDAs and Counties should develop a guideline for the engagement of consultants, contractors and
external service providers. The guidelines should document the decision to acquire external support. The
guidelines should provide a framework for the accounting of the consultancy, contracting and external
service provision.
b) The MCDA should develop a risk assessment and management framework for the consultants,
contractors and external suppliers.
c) MDAs and Counties while resourcing the ICT functions should ensure there is clear segregation
of roles in the assigned functions as per the GoK ICT Human Capacity and Workforce Development
standard.
d) MDAs and Counties must use a consistent and evidence-based ICT resources strategic planning
process.
e) MDAs and Counties can use the public private partnership to resource their ICT functions while
guided by the GoK PPP Legal and regulatory framework that includes Private Public Partnership Policy,
Private Public Partnership Act and Private Public Partnership regulations.
f) All ICT professionals shall be registered as guided in Appendix 23 and the ICT human capacity
standard

14.4. Financing
a) MDAs and Counties shall allocate funds for ICT activities through the annual budget. The ratio of ICT
to institutional budget shall be at least 5%
b) The budget shall be aligned to the ICT strategy
c) The budget shall be allocated for development and recurrent purposes
d) The development budget shall cover ICT Infrastructure enhancement and improvement
e) The recurrent budget shall cover ICT infrastructure maintenance and servicing
f) Donor funded government ICT initiatives shall be subject to the requirements of government ICT
standards.
14.5. Asset management
a) MDAs and Counties shall maintain and update an inventory of all ICT assets. The inventory system
shall be automated and shall show relationships between these assets
b) MCDA should ensure that their ICT equipment are physically standard tagged for identification and
tracking.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
22
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

14.6. Capacity building

a) The IT establishment shall cover all the relevant IT technical cadres including Basic support, Network,
systems and database administration, IT service management, IT project management, Web administrators,
information security officers, other contextual IT roles
b) MDAs and Counties shall develop and implement ICT training policy in line with ICT human resource
development standard
c) The policy shall define required ICT qualifications for different cadres of staff as per the ICT human
capacity standard IT education, training and development needs shall be fully identified and addressed for
all staff regularly
d) IT staff shall be trained on professional courses, ethics and code of conduct outlined in the ICT Human
Capacity Development Standard

14.7. Tools
a) ICT personnel shall be issued the relevant software and hardware tools to manage IT resources (e.g.,
for user support, hardware maintenance, IT service and project management, application development)

14.8. Innovation
a. MDAs and Counties shall establish a resource center for IT research and innovation
b. The resource center shall manage knowledge through databases and online resources to spur innovation

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
23
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Appendix 1: IT GOVERNING COMMITTEES

a) Committees
LEVEL IT STRATEGY COMMITTEE IT STEERING COMMITTEE
Responsibility -Provides insight and advice to -Decides the overall level of IT
the board on topics such as: spending and how costs will be
-The relevance of the allocated
-Aligns and approves the
development in IT from a
enterprise’s IT architecture
business perspective
-Approves project plans and
-The alignment of IT with the
budgets, setting priorities and
business direction milestones
-The achievement of strategic IT -Acquires and assigns
objectives appropriate resources
-The availability of suitable -Ensures that projects
IT resources, skills and continuously meet business
requirements including a
infrastructure to meet the
reevaluation of the business
strategic objectives
case
-Optimization of IT costs,
-Monitors projects plan for
including the role of and value delivery of expected value and
delivery of external IT sourcing desired outcomes, on time and
-Risk, return and competitive within budget
aspects of IT investments -Monitors resource and priority
-The contribution of IT to the conflict between enterprise
divisions and the IT functions as
business.
well as between projects.
-Exposure to IT Risks, including
-Makes recommendations
compliance risks
and requests for changes to
-Direction to management strategic plans (Priorities,
relative to IT strategy funding, technology approaches
-Drivers and catalysts for the and resources)
boards IT -Communicates strategic goals
to projects teams
-Is a major contributor to
management’s IT governance
responsibilities and practices

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
24
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

b) Sub-Committees
COMMITTEE RESPONSIBILITIES MEMBERSHIP
Information Security Sub- • Facilitates achieving • C-level executive management
Committee consensus on priorities and and senior managers from IT,
trade-offs. • Application owners,
• Business process owners,
• Serves as an effective
• Operations,
communications channel and
• HR, audit and
provides an ongoing basis for
• Legal
ensuring the alignment of the
security program with business
objectives.
• The committee will
deliberate on the suitability of
recommended controls and
good practices in the context
of the organization, including
the secure configuration of
operating systems (OSs) and
databases.

Project steering committee – Reviews project progress • a senior representative from

regularly (e.g., semimonthly or each business area
monthly) and • The project manager
Holds emergency meetings • The project sponsor who
when required. assumes the overall ownership
– Serves as coordinator and and accountability of the
advisor. Members of the
project and chairs the steering
committee should be
committee.
available to answer questions
and make user-related decisions
about
system and program design.
– Takes corrective action
if necessary due to project
progress and issues
escalated to the committee.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
25
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 2: GOK PROJECT MANAGEMENT GOVERNANCE STRUCTURE

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
26
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 3: ICT ORGANIZATION STRUCTURES

i. Large MCDA’s

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
27
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

ii. Medium MCDA’s

iii. Small MCDA’s

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
28
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 4: PROJECT GOVERNANCE ROLES

Project Role Accountabilities, responsibilities and tasks

Corporate Client - Has ultimate authority in large, complex or politically driven
projects.
- Is the champion of the project, promotes the benefits of the
project to the community and may be viewed as the ‘public face’ of
the project. For example, the Corporate Client may be the Premier,
Minister of the State or Head of Agency.
- May also be the Project Funder.
In a small, less complex project, there would be no Corporate Client,
but the Project Sponsor would act as the champion of the project,
and fulfil the role of the Project Champion.

Project Sponsor - Ultimately accountable and responsible for the project, and is
sometimes referred to as the Project Owner.
- Responsible for the attainment of the agreed Project Target
Outcomes. The Target Outcomes should be secured before the
project is closed formally.
- Member of the Steering Committee, and is usually the Committee
Chair. For projects where there is no Steering Committee, the
Sponsor assumes responsibility for approving the project scope and
all subsequent decision-making.
- Oversight of the business management and project management
issues that arise outside the formal business of the Steering
Committee.
- Provides support by advocacy at senior levels, and ensures that
the necessary resources (both financial and human) are available to
the project.
- May also be the Business Owner for the project and can also
be the Funder, but it varies within government, depending on the
budgetary arrangements and decisions about who will be managing
the Outputs after the project closes. In the case of large whole-
of-government projects, the project funds may be managed by
one Agency on behalf of the government, but there may be several
Business Owners.

The Corporate Client and Project Sponsor may be the same person
for some projects.
The Project Sponsor must be identified for all projects, no matter
what the size or complexity.
Accountable to: Corporate Client (where applicable)

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
29
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Project Role Accountabilities, responsibilities and tasks

Steering Committee - Responsible and accountable for policy and resourcing decisions
essential to the delivery of project Output and the attainment of project’s
Target Outcomes.
- Accountable to the Corporate Client and/or Sponsor for providing the
Project Manager and Team with effective management and guidance in
the development of the project Outputs and implementation of required
organisational change, in order to attain the project’s Outcomes.
- Responsible for ensuring appropriate management of the project
components outlined in the endorsed Project Business Plan, which usually
includes approving the initial Project Proposal or Business Case and then
the Project Business Plan.
- Responsible for assessing, approving or rejecting changes to the scope
as documented in the Project Business Plan as the project progresses.
- Responsible for monitoring progress (not just activity) and scrutinising
the project’s budget.
- Ultimately accountable for ensuring appropriate risk management
processes are applied, which may include responsibility for undertaking
specific risk management activities.
- Must also consider how (or if( the project’s objective(s(, Outcomes, Target
Outcomes, and longer-term business benefits align with the organisational
strategic agenda and direction, and making the hard decisions to re-scope
or terminate the project if there is little or no alignment.
- Should develop an agreed Terms of Reference for how the Steering
Committee will operate.

The composition of the Steering Committee may change as the project

moves through its various phases or stages, to ensure the best expertise
and experience are available when required.
Not all projects require a Steering Committee. The need for a Steering
Committee is dependent on the complexity and nature of the project and is
determined by the Corporate Client and/or Project Sponsor.
Accountable to: Corporate Client (where applicable) or Project Sponsor
(Refer to Appendix 3 Steering Not Rowing: A Charter for Project Steering
Committees and Their Members.)

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
30
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Project Role Accountabilities, responsibilities and tasks

Business Owner(s) - Responsible for managing the project Outputs for utilisation by Project
Customers.
- Responsible for ongoing maintenance (including costs) of the project
Outputs after the project closes.
- Accountable to the Project Sponsor and/or Corporate Client (or their
delegate(s)) following formal project closure for the achievement of and
reporting against the project’s Target Outcomes and realisation of the
longer-term business benefits.
- Must be satisfied that the project’s Outcomes (including Target
Outcomes( and longer term business benefits are meaningful in the
context of the Business Unit’s operational environment and forward
strategic agenda.
- Contracted by the Project Sponsor and/or Steering Committee to
implement the change management described in the Outcome Realisation
Plan, and thereby achieve the project’s Outcomes, Target Outcomes and
realise the business benefits.
- May be required to contribute resources to the project to ensure the
change management described in the Outcome Realisation Plan is
implemented effectively.
- ‘Owns’ the Project Outcome Realisation Plan, although the Project
Manager may assist in its development.
- Must be satisfied that the project scope includes all of the Outputs
necessary for the realisation of the project’s Target Outcomes and agreed
business benefits.
- May be required to contribute resources to the project to ensure that the
Outputs are developed satisfactorily and ‘fit for purpose’.
- Responsible after project closure for ensuring the project’s Target
Outcomes and agreed longer-term business benefits are used to revise
the Business Unit’s relevant performance measures. Agency or Divisional
Corporate or Annual Business Plans should be updated appropriately.
Reporting lines and requirements may also need to be updated post-
project.
- Responsible after project closure for ongoing ownership and
maintenance of the project Outputs, which may require revised budget
forecasts to accommodate maintenance costs and staffing implications.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
31
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Project Role Accountabilities, responsibilities and tasks

Project Customers The person or entities that will utilise the project Outputs to undertake
their own activity, and therefore unconsciously generate the project
Outcomes and business benefits as a by-product of this utilisation. For
example, the Tasmanian public, who transacts business with Service
Tasmania, would have been classed as Project Customers when the entity
was set up. Project Customers are sometimes described as Beneficiaries

Project Observer - May be a role in a large, complex or politically driven project, possibly
involving whole-of-government or more than one Agency where potential
learnings through observation of project processes are possible.
- Usually present at Steering Committee meetings or Project Team
meetings to act as an information channel to the Agency/organisation they
are representing.
- The Observer’s Agency may not necessarily be represented on the
Steering Committee if they are not Business Owners.
- Cannot participate in decision-making while attending meetings.
- May raise issues for discussion on the understanding that those issues
may or may not be addressed or resolved as part of the meetings. The
issues may be considered outside of the formal meeting structure.
- Accountable to the Agency they are representing. If issues arise that may
have implications for the Agency/organisation, they have a responsibility
to report these issues back to their Agency/organisation. The Agency/
organisation may then wish to raise these issues formally with the Project
Sponsor.
Please note: The Project Sponsor and/or Steering Committee Chair should
agree to the role of the Project Observer before that role is implemented.

Quality Consultants - Work independently of the Project Team.

- Often contracted from outside the Agency/organisation.
- Maybe contracted to undertake formal Quality Review of the project as a
whole in terms of structure, processes, and progress toward Outputs.
- Maybe contracted to undertake formal Quality Review of the quality
of products or services (Outputs) being produced within a project in a
technical field (eg law, IT, construction).

(Refer to Appendix 4 A Charter for Project Management Quality Advisory

Consultants and Appendix 5 A Charter for Project Management Quality
Review Consultants.)
Accountable to: Project Sponsor and/or Steering Committee

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
32
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Project Role Accountabilities, responsibilities and tasks

Project Director - Usually created to manage a large, complex or politically sensitive
project or program of projects in partnership with one or several Project
Manager(s).
- Responsible for the implementation of the Project/Program Business
Plan following its approval by the Steering Committee.
- Directs and monitors project/program activity through quality
management, detailed plans and schedules, and reports progress to the
Steering Committee.
- Provides expert and authoritative advice to various Ministers, Heads
of Agency and senior representatives of the public and private sectors
and key community stakeholders on a wide range of sensitive issues
associated with the project/program.
- Provides highest-level leadership by articulating the project/program
vision, and negotiating and defining objectives and developing and
nurturing highest-level relationships with stakeholders and end users, to
facilitate the effective delivery of a major government initiative.

Accountable to: Project Sponsor and/or Steering Committee

Project Manager - Contracted by the Project Sponsor and/or Steering Committee to
deliver the defined project Outputs as articulated in the approved Project
Business Plan.
- Works in partnership with and reports to the Project Director to
implement the Project Business Plan.
- Responsible for engaging the Project Sponsor, Business Owner(s) and/or
Steering Committee in order to clarify the project Objectives, Outcomes,
Target Outcomes, required Outputs and stakeholders within agreed time,
cost and quality parameters.
- Develops and maintains the Project Business Plan, Project Work/
Execution and Implementation Plan(s) and related schedules.
- Responsible for organising the project into one or more sub-projects,
managing the day-to-day aspects of the project, resolving planning and
implementation issues, and monitoring progress and budget.
- Reports to the Project Sponsor and/or Steering Committee at regular
intervals.
- Manages (client/provider/stakeholder) expectations through formal
specification and agreement of the project objective(s), Outcomes, Target
Outcomes, Outputs, quality requirements, resources required, budget,
schedule, project structure, roles, and responsibilities.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
33
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Project Role Accountabilities, responsibilities and tasks

- Requires demonstrated high-level project management skills. A Project
Manager cannot lead effectively unless they have credibility. For most
projects, it means the Project Manager must have knowledge of how the
Outputs will be created, and how the Target Outcomes will be realised
from the utilisation of those Outputs as described in the Outcome
Realisation Plan.

The Project Manager must be identified for all projects, no matter what the
size or complexity.
Accountable to: Project Director (where applicable), Project Sponsor and/
or Steering Committee

Project Team - Led by the Project Manager or Project Team Leader.

- Responsible for completing tasks and activities required for delivery
of the project Outputs, as outlined in the Project Business Plan and
elaborated in the Project Execution and/or Implementation Plan(s).
- Usually includes representatives from the Business Unit(s) impacted by
the project.
- Must include the requisite skills for each phase of a project to ensure
success. The skills should be explicitly identified as a part of the project
planning process.

The composition of the Team may change as the project moves through its
various phases.
Accountable to: Project Manager and/or Project Team Leader.

Project Team Leader - Usually appointed in large and/or complex projects to work under the
direction of the Project Manager.
- May be a representative of a Business Unit impacted by the project.
- Responsible for completing the required tasks and activities as defined
in the Project Execution and/or Implementation Plan(s) for delivering the
project Output(s).
- Accountable to: Project Manager

Project Officer - Responsible for completing tasks and activities required for delivering
project Output, as determined by the Project Manager or Project Team
Leader.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
34
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Project Role Accountabilities, responsibilities and tasks

- May also be directly involved in the development and quality assurance
of specific Outputs.
- Accountable to: Project Manager or Project Team Leader

Reference Groups • Provide forums to achieve consensus among groups of stakeholders.

• Do not do the work of Output production, but may ratify/endorse
Output quality on behalf of the stakeholders they represent.
• The group may already exist, have an indefinite life span or may
continue for the life of the project.
• Maybe a general reference group delegated by the Steering
• Committee to monitor or modify the Project Business Plan for approval
by the Steering Committee.
• May consist of collection of people with like skills to address a
particular set of issues.
• May report to the Steering Committee or Project Manager, depending
on who has appointed them and what they are requested to achieve.
• Members provide an excellent channel to assist the project
communicate information to and from their stakeholder group(s) who
may be impacted by, or impact on, the project.

Accountable to: Project Sponsor and/or Steering Committee via the

Project Manager or Project Director (where applicable)
Advisory Groups • Forums of stakeholders, usually experts to provide specific advice or
technical expertise to the project.
• Do not do the work of Output production, but may advise the Project
Manager on Output quality (‘fitness-for-purpose’( on behalf of the
stakeholders they represent.
• Members provide an excellent channel to assist the project
communicate information to and from their stakeholder group(s) who
may be impacted by, or impact on, the project.
• Able to advise the project of any emerging issues from a stakeholder
perspective.
• Members may also be willing to play an ongoing role in Output
maintenance after the project has closed, to ensure the Outputs
remain relevant and retain their practical utility.
• May report to the Steering Committee or Project Manager, depending
on who has appointed them and what they are requested to achieve.
• The group may already exist, have an indefinite life span or may
continue for the life of the project. An information technology advisory
group is an example.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
35
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Project Role Accountabilities, responsibilities and tasks

Working Groups • Small specialist work groups, each dedicated to producing a well-
defined Output within a specific timeframe, appointed by the Project
Manager.
• Report directly to the Project Manager. May also report to the
Reference/Advisory Group on Output development progress.
• Membership may be drawn from Reference or Advisory Groups, or the
Business Unit(s) where Output implementation will occur.
• May have no life beyond the delivery of that Output.
• Probably involve one or more members of a Project Team to support
activity.
• Members provide an excellent channel to assist the project
communicate information to and from their stakeholder group(s) who
may be impacted by, or impact on, the project.
• Members may also be willing to play an ongoing role in Output
maintenance after the project has closed, to ensure the Outputs
remain relevant and retain their practical utility.

Accountable to: Project Manager or Project Director (where applicable)

Consultants • Are employed from outside the organisation to provide independent,
high-level specialist expertise or professional advice unavailable from
internal resources, to assist project decision-making.
• Typically Project Consultants may include:
- Information technology specialists who define and manage the
technological aspects of the project
- Representatives employed by stakeholders to ensure their interests
are represented and managed
- Legal advisers who assist in the development and review of the
contractual documentation
- Auditors who ensure compliance with internal and external audit
requirements

May report directly to the Chair of the Steering Committee (or perhaps the
Chair of a general Reference Group).
Please note: The Head of Agency or Deputy Secretary (or equivalent)
must approve any decision to engage a consultant prior to the
Agencyundertaking the appropriate procurement process.

Accountable to: Project Sponsor and/or Steering Committee via the

Project Manager or Project Director (where applicable)

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
36
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Project Role Accountabilities, responsibilities and tasks

Contractors Are employed, external to the business area, to provide a specified service
in relation to the development of project Outputs. Examples include
developing guides and/or manuals, business application software, develop
and deliver marketing programs, prepare and deliver training to staff in the
business area.
May be engaged to undertake work as part of the Project Team.

APPENDIX 5: PROJECT MANAGEMENT DOCUMENTATION

PHASE KEY DOCUMENTS OTHER DOCUMENTS PROFORMAS
INITIATE Project Proposal Business Needs
Feasibility Study Report Analysis
Project Business Case Project Brief

MANAGE Project Business Plan Risk Management Plan Project Status Report
Project Execution Plan Stakeholder Project Risk Register
Project Review and Engagement Plan Project Issues Register
Evaluation Report Organizational Change
Project Phase Review Management (or
Report Transition) Plan
Implementation Plan
Project Communication
Strategy and Action
Plan
Marketing Strategy
Training Strategy

FINALISE Outcome Realization Handover Plan

Plan Project Output
Project Closure Report Management Plan
Project Review and
Closure Report

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
37
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 6: PROJECT DOCUMENTATION DEVELOPMENT

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
38
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 7: A GENERIC PROJECT GOVERNANCE MODEL FOR LARGER, MORE

COMPLEX PROJECTS

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
39
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 8: SAMPLE OUTCOME REALIZATION DATA FOR THE PROJECT BUSINESS

PLAN

Target Performance Measure Baseline Target Level Target Accountability

Outcome Indicator Date
The A description The The current The targeted The date Who is
measurable of the type of actual level of the level of by when accountable for
benefits change that performance performance the the achievement
that are will indicate indicator as (i.e how target of the targeted
sought from performance at [date] success is levels outcomes and
undertaking towards the defined are to be reports on the
a project achievement progress towards
(i.e what of the Target the target?
we want to Outcomes
achieve)

APPENDIX 9: STAKEHOLDER ENGAGEMENT PROCESS

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
40
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 10: STAKEHOLDER COMMUNICATION CHANNELS

VERBAL ELECTRONIC WRITTEN VISUAL

• Presentations/ • Personal email • Mailouts of • Display – workplace,
briefing sessions to identified important conference
(one-to-one, one- stakeholders (one to documentation • Transport
to-many) one, one to many) (letter, advertising
• Telephone • Broadcast email memorandum, • ‘Roadshow’
(one-to-one)/ (one to many) factsheet, FAQs) • ‘Parody’
Teleconferences
• Internet/intranet • Newsletter presentation – play,
(one-to-many)
including online • Advertising puppet show
• Forums
forums, fact – newspaper, • 3D presentation
• Networking
sheets, newsletter, magazine, web
facilitation
SharePoint – web • Pamphlets and
• Staff meetings
• Seminars/ sharing of ongoing brochures (consider
workshops project planning shelf life issues)
• Community with internal • Information in
meetings and/or external agency newsletters
• Launches stakeholders etc
• Specific events • SMS messaging • Media release
• Social gatherings • Weblog • Ministerial
• Visitation programs • Facebook, Myspace, • Request for Tender
• Radio/television YouTube (RFT)
• Twitter • Contract
• RSS Feed • Project planning
• CD-ROM/DVDs documentation
• Fax stream, faxback

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
41
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 11: ELEMENTS OF THE RISK MANAGEMENT PROCESS

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
42
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 12: RISK MATRIX FOR GRADING RISKS

Seriousness
Likelihood Low Medium High Extreme
(Insignificant (Reasonable (Will have
adverse adverse significant
impact, note impact, needs adverse
only) monitoring) impact)
Low N D C Extreme
(Unlikely to
occur during
project)
Medium D C B Extreme
(May occur at
some stage in
project)
High C B A Extreme
(Probably will
occur during
project)

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
43
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 13: RECOMMENDED ACTIONS FOR GRADES OF RISK

Grade Risk Mitigation Actions Who

A & Extreme Mitigation actions to reduce the Project Steering Committee and/
likelihood and seriousness to be or Project Sponsor
identified, costed and prioritized
for implementation before
the project commences or
immediately as they arise during
project execution.
B Mitigation actions to reduce Project Steering Committee and/
the likelihood and seriousness or Project Manager
to be identified costed and
prioritized. Appropriate actions
implemented during project
execution,
C Mitigation actions to reduce Project Manager
the likelihood and seriousness
to be identified and costed for
possible action if funds permit.
D&N To be noted; no action is needed Project Manager
unless grading increases over
time.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
44
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 14: ISSUE MANAGEMENT FLOWCHART

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
45
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 15: SAMPLE PROJECT ISSUES REGISTER

Issue Description Raised Date Priority Responsible Actions Status Date

Number By Officer & Resolved
Progress
Notes
1.1 Lack of Working 1/09/22 High Jane Letter of Open
agency Group invitation
from
Project
Sponsor
(i.e
Director)
to
agencies
which
are not
2.1 Lack of Project 1/11/22 High Senior Project Send out Open
registrants Manager Officer reminder
for next via email
forum to the
project
1.3 How to Project Medium Senior Matrix to be Closed 30/11/22
show links Team 10/09/22 Medium Project developed
between PM member Officer and
documents published

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
46
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 16: PROJECT CLOSURE

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
47
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 17: SAMPLE SERVICE MANAGEMENT STRUCTURE (ITIL) FOR SMALL

ORGANIZATIONS

Head of IT

Service Business Programme

Management Teams Management

Service Desk Infrastructure Business Analysis

Systems
• Incident Mgmt • Business Analysis
• Problem Mgmt Application • Project Management
Support
• Service Requests • Change Management
• Change Co-ordination • Commercial Mgmt
• SLA Reporting • 2nd/3rd Level Support • Account Management
• Vendor Mgmt • Problem Resolution • Contracts/Procurement
• Design & Planning
• Maintenance
• Projects
• Change ‘Building’

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
48
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 18: SAMPLE SERVICE MANAGEMENT STRUCTURE (ITIL) FOR LARGE

ORGANIZATIONS

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
49
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 19: SERVICE DESK 1ST, LEVEL, 2ND LEVEL AND 3RD LEVEL SUPPORT
DEFINITIONS

GENERAL DEFINTIONS
First Level • Dedicated and managed Support area/telephone access
Support • Routine call and incident taking, logging and classification
• Initial fast resolutions to Routine Incidents – e.g. password resets
• Short term support to keep lines open and provide access to IT
• Calls within target guidelines before escalation – e.g. 5 - 10 minutes
• Generally at least 40% - 50% of calls resolved
Second Level • Dedicated and managed Support area
Support • Longer resolution Incidents – e.g. more than 5-10 minutes
• Incidents that require greater technical knowledge or system access
• Fast Response and Target resolution times – support is highest priority
• Task to build Knowledgebase to ensure future response in Incident
Management/1st Level
• Involvement in the technical analysis and resolution of underlying Problems
• Generally 40% - 50% of calls resolved
Third Level • Long Term Problem resolution
Support • Incidents/Problems that require high level of technical knowledge or system
access
• Task to build Knowledgebase to ensure future response in Incident
Management/1st or 2nd Level
• Generally, less than 10% of calls handled

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
50
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 20: SAMPLE ICT STRATEGY FORMAT

ICT STRATEGY FORMAT & TEMPLATE

STRATEGIC PLAN FORMAT and TEMPLATE

Strategy Development Process

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
51
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Note: All Strategic plan proposals should be accompanied with a ‘Table of Contents’ and should be in the
order depicted below.

Executive Summary

Give brief outline of the (Org/Dept).

Environmental Analysis

Internal Environment

[Internal Assessment: Organizational assets, resources, people, culture, systems, partnerships, suppliers,
etc]

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
52
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

External Environment

[Internal Assessment: Organizational assets, resources, people, culture, systems, partnerships, suppliers,
etc]

Tools for comparison analysis

[It involves specifying the objective of the institution or project and identifying the internal and external
factors that are favorable and unfavorable to achieving that objective.]

Examples:
SWOT Analysis; Six Forces Model; VRIO; PEST analysis; Porter’s Four Corners Model

Benchmarking

[Benchmarking is the process of comparing one’s business processes and performance metrics to
industry bests and/or from other industries. Dimensions typically measured are quality, time, and cost.
Improvements from learning mean doing things better, faster, and cheaper.
Benchmarking involves management identifying the best institutions in their industry, or any other
industry where similar processes exist, and comparing the results and processes of those studied
(the “targets”) to one’s own results and processes to learn how well the targets perform and, more
importantly, how they do it.]

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
53
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Best practices

[A bestpractice is a technique, method, process, activity, incentive, or reward that is believed to be

more effective at delivering a particular outcome than any other technique, method, process, etc. when
applied to a particular condition or circumstance. The idea is that with proper processes, checks, and
testing, a desired outcome can be delivered with fewer problems and unforeseen complications. Best
practices can also be defined as the most efficient (least amount of effort) and effective (best results)
way of accomplishing a task, based on repeatable procedures that have proven themselves over time
for large numbers of people.]

Gap Analysis

[Identify the gap between the optimized allocation and integration of the inputs, and the current level
of allocation. This helps provide the institution with insight into areas which could be improved. The gap
analysis process involves determining, ‘where you are now’ and ‘where you want to be’.]

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
54
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Strategic Plan
The strategic plan should be communicated to all relevant individuals, including stakeholders and
sponsors. It should include the following:

Vision

[What the org/dept wants to be; it should be compelling, vivid and concise, challenges everyone to reach
for something significant – inspires a compelling future; it is time bound. An organization’s Vision sets
out its aspirations for the future. The Vision is the ‘dream’ of the future, a picture painted in words, which
is intended to inspire people by appealing to the heart as well as the head.]

Mission

[Our purpose of existence; should be brief and to the point; it provides context for major decisions and
capable of infinite fulfillment; it is not time bound].

MISSION Formulation
Answer each of these questions.
What services and/ or products will the organization/department offer?

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
55
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Who are the people who may use or benefit from this services or products?

What are the reasons for the organization/ department?

Why will the organization/ department exist?

Now combine all the answers into one statement of purpose.

Values

[Values will guide every major decision making; it embodies the spirit of the org/ dept; revisit Vision and
Mission statement.]

Strategic Objectives

List specific actionable results needed to support the vision and the mission. Use the mnemonic
SMART/ER

S Specific
M Measurable
A Attainable
R Relevant
T Time bound
And
E Evaluate
R Reevaluate

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
56
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Initiatives

[These are actions that will lead to achievement of your objectives, often taking the form of projects or
programs]

Measures (KPI(s), Timeline and Deliverables

[These are objective, quantifiable methods for measuring success. Indicators and monitors of success.
It includes; performance measurement, initiatives and projects and action plans.]

[Each Initiative has a supporting Action Plan(s) attached to it. Action Plans are geared toward operations,
procedures, and processes They describe who does what, when it will be completed, and how the
organization knows when steps are completed Like Initiatives; Action Plans require the monitoring of
progress on Objectives, for which measures are needed]

Quick wins

[These are improvement which is expected to provide a Return on Investment in a short period of time
with relatively small cost and effort.]

Organization Structure

[Organizational structure allows the expressed allocation of responsibilities for different functions
and processes to different entities such as the department, workgroup and individual. Please provide a
diagram]

Resource

Personnel

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
57
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Finance/ Budget

Facilities/ equipment

Summary: (include a 5 by 5-year timeline towards 2030

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
58
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

INVESTORS PROVIDERS CONTROLLERS

• The Board • Project and change • Internal audit and external
• IT Council/Management Team managers (IT and Business) audit (due diligence)
• Senior business unit managers • Project and change managers • External regulators
e.g. key customers of IT services (IT and • Corporate governance
• Business Partners Business) coordinator
• External investors/shareholders • Programme managers • Risk managers
– as part of corporate governance • Business managers and users • Compliance – regulatory and
• Technical delivery and support internal
teams • Finance/Project Managers/IT
• Key players e.g. Business and business
sponsors, Project managers – reviewers of
champions benefits/ROI
• Relationship managers and • Post investment appraisal/
internal Post project
communications teams review teams
• Suppliers (especially
outsourced service providers)
• Contract and procurement
management
• Peripheral players/influencers/
Policy owners
e.g. HR, Facilities Management,
Legal

Legal and regulatory Responsibilities

Understand requirements (what • Advise on IT related technical Maintain awareness of current
regulations are to be complied and and emerging laws, and
with)
regulations affecting IT to assess
their impact on the organization’s
business
• Set the mandate commercial risks that could • Develop an understanding of
impact legal and regulatory their impact on
requirements
• Set priorities and expectations • Provide proposals and business the organization and advise
cases for accordingly on “what is needed” -
not necessarily “how”
• Establish and ensure the legal and regulatory programmes, • Monitor adequacy of controls
expected degree of compliance projects or action plans and
• Based on advice concerning • Formulate solutions for compliance processes
risk and cost: compliance or commercial
contracts

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
59
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

INVESTORS PROVIDERS CONTROLLERS

Define who is accountable ongoing good control of legal • Monitor the business and IT
• Obtain internal or external and regulatory requirements functions for performance in
assurance as required that • Exploit technology and tools meeting legal and regulatory
issues have been addressed and where requirements and report
controls established appropriate for ensuring back to management
• Monitor and evaluate compliance (e.g. with advice regarding any
compliance asset registers) shortcomings
programmes and significant • Execution of compliance and • Provide independent
commercial contracts contractual processes, and assurance to management
• Sign off specific compliance operation of elated controls that adequate controls are in
programmes • Provide compliance framework place to deal with legal and
• Provide approvals when to ensure a sustainable regulatory requirements
required for “business as usual” approach to
significant legal or regulatory compliance
decisions • Provide evidence of
compliance
• Provide information relating to
the cost of compliance and also
cost of any incidents
• Evaluate impact on business
environment together with
business units
• Ensure vendors, service
providers, and subcontractors
are involved properly and
integrated within the overall
compliance
approach

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
60
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 21: RISK MANAGEMENT PROCESS

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
61
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 22: ACCREDITATION OF ICT SERVICE PROVIDERS

A. REGISTRATION
i. An application for registration as a contractor/supplier shall be made online through the accreditation
portal https://accreditation.icta.go.ke/and user shall create their profile using the following information
as well as attaching supporting documents:

a. Company documents
b. Company profile
c. Certified copies of the identity documents of the principal or principals of the firm;
d. Certificate of incorporation
e. Certificate of partnership, where applicable
f. Certified copies of the shareholders’ certificates of the company;
g. In the case of a trust, a copy of trust deed
h. In the case of a foreign contractor-proof of current registration status from their country of domicile or
origin certified by a local commissioner oath. The registration of a foreign contractor shall be guided by
the relevant government policies.
i. Business permit
j. KRA compliance certificate
k. Relevant compliance certificate
l. In the case of an application relating to specialized software, a certified copy of the current license
issued by the relevant statutory regulatory or Authority or organization.
m. Staff qualification
n. CVs, IT related university certificate, project management certificate national id copies and KRA pin for
all of all directors
o. CVs, IT related degree, professional certifications, certification in project management for all technical
staff
p.Company experience in the area of specialization
q. LPOs, LSOs, and Contracts
r. Financial status
s. Certified bank statements and audited accounts for the past three (3) years;
t. For foreign contractor - Sufficient proof of financial capability of the contractor

ii. ICT suppliers shall also be required to adhere to the following code of conduct

a. Ensure government receives competent professional services.

b. Enhance the professional development of its staff.
c. Respect the confidentiality of any information given by government institutions
d. Enhance integrity in the delivery of products and services to government institutions
e. Comply with all government of Kenya laws and regulations.
f. Protect and respect third-party intellectual property and utilize it only after having properly secured
rights to its use.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
62
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

iii. An application shall not be considered duly completed for purposes of this regulation, unless all
documents are received by the Authority.
iv. The Authority shall make a decision on an application by a person or firm within five working days of
receivingsuch application including rejection if such person does not fully comply with requirements
set by the Authority, and shall inform the applicant accordingly giving reasons for such rejection.
v. A register of registered contractors shall be kept.
vi. A person who qualifies for registration in a specialized area shall be issued with a Certificate of
Registration in the specialized area of ICT by the Authority.
vii. A person or firm shall submit an annual application for renewal of the certificate of
registration to the Authority in the prescribed form accompanied by the prescribed fee (See
schedule B) and the Authority shall process the application in accordance with the provisions
of the standard.
viii. A person who is aggrieved by the decision of the Authority in relation to the category
of registration may submit a written petition indicating the reasons of such grievance,
sufficient to justify review or the assessment by Authority.
ix. The Authority shall within thirty days of receiving a petition under notify the person of the
Authority’s decision on both applications.
x. Registration of contractors under ICTA - I (See schedule B) category shall be open to both local
and foreign contractors.
xi. Any registrations that fall between ICTA -2 to ICTA -8 as set out in the standard shall be restricted
to local contractors only.
xii. A contractor may make an application for upgrading to the Authority in a form to be prescribed
by the Authority accompanied by the prescribed fee, and the Authority shall process the application in
accordance with the provisions of the standard.
xiii. Application for renewal of the license shall be submitted online to the Authority at least thirty days
before the expiry of such license.
xiv. In each year during which a contractor holds a license, thecontractor or, in the case of a firm or
company; thepartner whopossesses technicalqualifications, skills or experience shall attend at least one
Continuous Professional Development eventrecognized by the Authority and the Authority shallconsider
the attendanceswhile determining anapplication to renew or upgrade the Contractor.
xv. During the vetting and verification of contractor’s documents, the Authority/representative may visit
contractor’s premise to ascertain the information provided.
xvi. The Authority shall publish list of contractors with valid licenses.

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
63
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

SCHEDULE A. Enforcement
i. There shall be payable to the Authority such fees for its services astheAuthority may determine from
time to time.
ii. The Authority may remove thename of the firm or a contractor from the register of contractors if the
contractor has been debarred from participating in a procurementprocess underanylegislation or received
written complaints from any government agency in regards to the contractors’ performance;

iii. The registration of a contractor shall be suspende after investigations into his conduct have been
concludedandit is establishedthat the contractor has engagedin misconduct.
iv. Fails to comply with the provisions in regard to the payment of the fees;
v. The Authorityshallconductan inquiry in to the conduct or thecontractor before removing thename of the
contractor from the register.

SCHEDULE B. Accreditation Scoring Criteria

REFERENCE PARTICULARS SPECIFIC SCORE MATRIX MAXIMUM AWARDED
ITEMS SCORE SCORE
A General Business Business 5 marks
registration permit
and permit [7 Relevant 2 marks
marks] compliance
certificates
(Government,
Manufacturer)
as per
category

B Technical Technical Degree (at 1 marks

Directors’ Director least BSc in
Qualification [4 marks] Computer
and work Science, IT or
experience. related)

Experience Work 3 marks

Experience
in (3) similar
assignments,
1 Mark per
assignment

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
64
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Points Registration/
Renewal Fee (KES.)
ICTA 1 85 – 100 30,000
ICTA 2 75 – 84 25,000
ICTA 3 65 – 74 20,000
ICTA 4 55 – 64 15,000
ICTA 5 45 – 54 12,000
ICTA 6 35 – 44 10,000
ICTA 7 25 – 34 5,000

FOREIGN CONTRACTOR
ICTA 1 75,000
ICTA 2
ICTA 3
ICTA 4
ICTA 5
ICTA 6
ICTA 7
ICTA 8
TOTAL

REFERENCE PARTICULARS SPECIFIC SCORE MATRIX MAXIMUM AWARDED

ITEMS SCORE SCORE
C Staff Technical Technical 10 marks
qualification staff in project team
specialized – at least 5
area persons (2
[27 marks] marks per
staff)
Scoring is
based on the
following.
 Degree
(at least BSc
Computer
Science, /IT
or related(2
marks per
staff)

Diploma in
IT or related
(1mk per
staff)

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
65
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

REFERENCE PARTICULARS SPECIFIC SCORE MATRIX MAXIMUM AWARDED

ITEMS SCORE SCORE
C Relevant 5 marks
professional
certification (1
mark per staff)
Work 10 marks
experience
in 2 similar
assignments
per staff
(maximum of 2
marks for each
staff)
 2 marks
Certification
in project
management
(any staff)

D Company Details of Demonstrable 25 marks

experience projects capacity at
undertaken company level
in area of by providing
specialization evidence of
(max 5 5 relevant
projects) projects
[25 marks] carried out for
the last 5 years,
evidenced
by copy of
purchase order
or contract and
contact details,
job completion
certificates/
Client
testimonials/
contracts (25
marks)

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
66
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

REFERENCE PARTICULARS SPECIFIC SCORE MATRIX MAXIMUM AWARDED

ITEMS SCORE SCORE
5 marks for
each projects
carried out
in Kenyan
government
institutions or
3 marks for
each project
carried out
in private
organizations

Largest Project cost 10 Marks

projects value (KES)
in area of Over 50m (10
Specialization marks)
for the last 5 – 50m (7
5 years [10 marks)
marks] 1 – 5m (4
marks)
Below 1m (1
mark)
E Financial Turnover in KES High turnover 15 Marks
status [15 marks] (Over 50m) (15
marks)
Average
turnover
(5-50m) (10
marks)
Low turnover
(below 5m) (5
marks)
Cash flow in • Over 50m (12 12 marks
KES [12 marks] marks)
• 5 – 50m (8
marks)
• 1 – 5m (4
marks)
• Below 1m (1
mark)

TOTAL 100 Marks

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
67
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 23: ACCREDITATION OF ICT PROFESSIONALS

1. REGISTRATION OF ICT PROFESSIONALS

Applicant should be compliant with the standard on ICT Human Capital and workforce development, both
ethically and in terms of professional qualifications in the area of expertise. ICT Authority shall issue a
certificate of accreditation on compliance with the standard.
To commence the registration process, ICT Authority will register ICT Professionals according to four
categories of registration. The professional registrations category includes the following:
a. ICT Professional
b. ICT Practitioner
c. ICT Graduate
d. ICT Technician

2. CODE OF PROFESSIONAL CONDUCT

Registered professionals and ICTA accreditation/certification holders shall:

a. Perform their duties with objectivity, due diligence and care, in accordance with professional IT
standards and procedures for effective governance and management of Information and Communications
Technologies.
b. Serve for public good in a lawful manner, while maintaining high standards of conduct and character.
c. Maintain the privacy and confidentiality of information obtained in the course of their activities.
d. Perform services only in areas of their competence
e. Inform appropriate parties of the results of work performed including the full disclosure of all significant
facts
f. Support the professional education of stakeholders in enhancing their understanding of the governance
and effective management of information and communications technology.
Failure to comply with this Code of Professional Ethics can result in an investigation into a registered
professional or accredited holder’s conduct and, ultimately, in disciplinary measures including exclusion
from the roll of IT professionals.

3. APPLICATION PROCESS

Step 1: Registration
a. Register and create your profile on the ICT professionals accreditation portalhttps://professionals.icta.
go.ke/
b. Check if you meet the criteria below for the registration category you wish to apply for, select the
categoryand submit the application.

i. ICT Technician requirements

• Diploma certificate in ICT/Engineering related field from accredited institution of learning; or Diploma
certificate in any field from accredited institution of learning with proof of two years’ experience practicing
ICT;
• Copy of National ID/Passport.
• Application fee: Kshs. 600
• Annual subscription: Kshs.500

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
68
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

ii. ICT Graduate requirements

• Graduate certificate in ICT/Engineering related field from accredited institution of higher learning
• Copy of National ID/Passport.
• Application fee: Kshs. 1000
• Annual subscription: Kshs.1000

iii. ICT Practitioner requirements

• Proof to show that the applicant has been practicing ICT either through employment or private
engagement for at least 2 years.
• Copy of National ID/Passport
• Application fee: Kshs. 5000
• Annual subscription: Kshs.1000

iv. ICT Professional Requirements

• Graduate certificate in ICT/Engineering related field from accredited institution ofHigher learning or A
Copy of the Registration Certificate for either ICT Graduate/Practitioner from ICTA.
• Professional Certificate in the specific area from recognized institution by ICTA/government body
• Letters of reference from employer(s) covering the previous two years confirming professional integrity
• Statements of two referees detailing their knowledge of the applicant.
• Application fee: Kshs. 5000
• Annual subscription: Kshs.3000
c. In case of any difficulties or in need of more details please contact standards department via email
standards@ict.go.ke

Step 2: Assessment Evaluation

ICT Authority will conduct an evaluation of the application to make the decision on whether the application
is successful or not. The applicant will be notified within 5 days of the application on the evaluation
decision. The ICT Authority may contact individual’s referees to ascertain the information filled in the
applicant’s application form.
4. Continuous Professional Development (CPD)
CPD is defined as the undertaking of development activities that lead to the systematic maintenance,
improvement and broadening of knowledge and skills, and the development of personal qualities necessary
for the execution of professional and technical duties throughout a person`s ICT professional career.
CPD Requirements
a) Certified Professionals (CP) must complete 90 CPD hours over a period of three years.
b) Members shall demonstrate commitment to professional development via written evidence of CPD
activities.
c) Sources of CPD
• Attend conferences, seminars, training courses, presentations.
• Present papers at conferences and seminars, write articles for journals (Contributions to knowledge)

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
69
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

APPENDIX 24: GOVERNMENT ICT PROJECT GOVERNANCE STRUCTURES

A. National ICT Project Governance Structures

Name of Committee. Membership Terms of Reference
1. The ICT Oversight Committee His Excellency the President –Chair Review and approve
Members projects for initiation
Cabinet Secretary-; To provide oversight of
Ministry of LandHousing flagship ICT Projects
& Urban Development To receive and consider
Ministry of interior and Coordination reports from inter-
Ministry of Education ministerial Steering
Science and Technology Project Committee
Ministry of ICT To resolve inter-
Ministry of Devolution and Planning ministerial Project
Ministry of National Treasury challenges.
Chief Executive Officer, ICT Appointing Authority:
Authority-Secretary H.E. The President
Meeting: Bi-annual

2. Inter-Ministerial Project Steering Principal Secretary Ministry of ICT Champion

Committee – Chair Implementation of Key
Members Projects
Permanent Secretary -; 2. Monitor and
Ministry of Lands, Housing Evaluation Projects and
and Urban development take necessary action
The National Treasury for the success of the
Ministry of interior and Coordination project.
Ministry of Education 3. Prepare and report
Science & Technology Projects status to
Ministry of Devolution and Planning oversight Committee
Chief Executive officer , ICTA – 4. Resolve inter-
Secretary ministerial Project
challenges.
5. Receive and review
quarterly reports from
Project Implementation
and Monitoring
Committee.
Co-opt the ministry that
own the key project(s)

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
70
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Name of Committee. Membership Terms of Reference

Appointing Authority:
H.E.The President
Meetings: Quarterly

B. Ministries, Agencies and Counties

1.0 Project Implementation and Monitoring/Steering Committee

Role Person Terms of Reference
Project champion (Chair) A top-ranking officer from the Initiate projects within
organ Ministries, Agencies & Counties
Ps for Ministry and CEO for Review and approve project
Agencies concepts and implementation
plans
Resolve project challenges to
ensure smooth implementation
Review and approve project
budget
Monitor and evaluate projects at
implementation stage
Prepare and present quarterly
progress report to inter-
ministerial project Steering
committee
Appoints Project implementing
team[s]
Co-opt stakeholder’s
representatives or other
members
Meetings: Regularly
Appointing Authority: Cabinet
Secretary/Governor/CEO
appropriately

Project owner The user of the system

Chair of Technical committee This is the person who
is responsible for the
implementation of the system.
[Head of ICT]

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
71
 GOVERNMENT ICT STANDARD ICTA. 5.003.2023

Project owner Project Manager ICT Authority

Project Management Office

Project Technical Committee

Role Person
Project owner and Chair The user of the system
Project manager (Secretary) The person who is responsible for the execution of
the project
Beneficiaries’ representative Stakeholder’s representative(s)
PMO Liaison officer An officer from the ICTA PMO
Consultant / Systems integrator Representative(s) of any third party who is involved
in the development of the project
Standard Liaison officer A Standard officer from ICTA
Technical liaison Selected technical expert(s) in line with the
technical requirements of the project

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
72
GOVERNMENT ICT STANDARD ICTA. 5.003.2023

ICT Authority
Telposta Towers, 12th Floor, Kenyatta Ave
P.O. Box 27150 - 00100 Nairobi, Kenya
t: + 254-020-2211960/62
Email: info@ict.go.ke or communications@ict.go.ke or standards@ict.go.ke
Visit: www.icta.go.ke

Become a fan: www.facebook.com/ICTAuthorityKE

Follow us on twitter: @ICTAuthorityKE

The ICT Authority is a State Corporation under the State Corporations Act 446
www.icta.go.ke
73