National Information Technology Authority Uganda Feasibility Study for Integration of National Databases Final Report August 2015 Table of Contents 1 Document Control ....................................................................................................................................... 8 1.1 Report version control ...................................................................................................................... 8 1.2 Approved by ........................................................................................................................................ 8 1.3 Definition of key terms, acronyms and abbreviations ................................................................. 9 1.4 Definition of Terms .......................................................................................................................... 10 2 Executive Summary .................................................................................................................................. 12 2.1 Introduction ...................................................................................................................................... 13 2.2 Project Objectives ............................................................................................................................ 13 2.3 Scope of Services ............................................................................................................................. 13 2.4 Approach and methodology ........................................................................................................... 18 2.5 Summary of current state results ................................................................................................. 19 2.6 Summary of recommendations ..................................................................................................... 20 3 Current State Assessment ...................................................................................................................... 21 3.1 Current State Assessment Exercise ............................................................................................. 22 3.1.1 Current state Approach ......................................................................................................... 22 3.2 Case study Review ........................................................................................................................... 23 3.2.1 Approach used / Implementation peculiarities .................................................................. 23 3.2.2 Technical designs used ........................................................................................................... 26 3.2.3 Implementation costs ............................................................................................................. 31 3.2.4 Business/Commercial model used ........................................................................................ 31 3.2.5 Challenges faced by the case studies .................................................................................. 32 3.2.6 Phased implementation approach was used ...................................................................... 34 3.2.7 E-services implemented ......................................................................................................... 34 3.2.8 Lessons Applicable to the Government of Uganda ........................................................... 43 3.3 Data collection process ................................................................................................................... 49 3.3.1 Challenges faced during the data collection process ........................................................ 50 3.4 Current Business Applications ....................................................................................................... 52 3.4.1 Current Business Application Observations ....................................................................... 52 3.5 Database Management information system ................................................................................ 59 3.5.1 Database Management Information System Observations; ............................................ 59 3.6 Business Application interfaces..................................................................................................... 61 3.6.1 Internal integration ................................................................................................................. 61 3.6.2 External Integration ................................................................................................................ 62 3.7 MDAs that requested Integration .................................................................................................. 64 P a g e | 2 Feasibility Study for Integration of National Databases 3.8 MDA e-Services ................................................................................................................................ 71 3.8.1 E-services observations ......................................................................................................... 71 3.8.2 Existing e-services................................................................................................................... 72 3.9 Infrastructure and Security Controls ............................................................................................ 73 3.9.1 IT governance Observations .................................................................................................. 73 3.9.2 Information security Observations; ..................................................................................... 74 3.9.3 Infrastructure security ........................................................................................................... 74 3.9.4 Interface documented controls and Embedded controls ................................................. 76 3.9.5 Embedded Controls ................................................................................................................. 76 3.9.6 Monitoring techniques and tools .......................................................................................... 77 3.9.7 Disaster Recovery Planning................................................................................................... 77 3.10 Legal and Regulatory Landscape analysis .............................................................................. 79 3.10.1 Data Protection ................................................................................................................... 79 3.10.2 Access to Information ........................................................................................................ 81 3.10.3 E-Government ...................................................................................................................... 82 3.10.4 Computer Misuse Act, 2011 ............................................................................................. 83 3.10.5 National Information Security Policy............................................................................... 84 3.10.6 Electronic Transactions ..................................................................................................... 84 3.10.7 Electronic Signatures ......................................................................................................... 85 3.10.8 Registration of persons act ............................................................................................... 86 3.10.9 National Databank Management and Data ProtectionRegulations 2015 ................. 87 3.10.10 The Registration of Persons (Births and Deaths) Regulations, 2015........................ 87 3.10.11 E-Government related laws from other countries ......................................................... 88 3.11 Assessing NITA-U against the Integration Requirements..................................................... 91 4 Future state Design .................................................................................................................................. 94 4.1 Proposed Legal Framework Recommendations ......................................................................... 95 4.1.1 Governance .............................................................................................................................. 95 4.1.2 Proposed legislation/regulations .......................................................................................... 96 4.1.3 Formal Policies and Procedures ........................................................................................... 97 4.2 Information Security ....................................................................................................................... 99 4.2.1 Security Framework considerations .................................................................................... 99 4.2.2 Objectives ................................................................................................................................. 99 4.2.3 Responsibility ........................................................................................................................... 99 4.2.4 Need for security ................................................................................................................... 100 4.2.5 Security rules ......................................................................................................................... 100 4.2.6