Kenya’s public sector1 is currently undergoing an impressive transition as the various ministries, government agencies, and institutions, and parastatals are in the process of transitioning bricks and mortar services to digital services. This ties in with the national long-term development policy known as “Vision 2030”2 which has as its overall theme a vision of transforming Kenya into a “globally competitive and prosperous nation with a high quality of life by 2030”3. In order to progress the aims envisaged by Vision 2030, Kenya’s Information and Communication Technology (“ICT”) Authority published the Kenya National ICT Masterplan4 (Masterplan) which has as one of its overriding principles the aim of developing Kenya as an ICT hub and a “globally competitive digital economy”. The six guiding principles of the Masterplan are: partnership; equity and non-discrimination; technology neutrality; environmental protection and conservation; good governance; and incentivising.
Kenya’s Ministry of ICT has also developed a draft National ICT Policy5 in recognition of the dynamic nature of the ICT sector and the need by the Government to regularly review ICT policies to resonate with the rapid technological advances, changing public needs and evolving global trends. The objectives of the National ICT policy include the promotion of an integrated, converged, technology neutral and secure ICT infrastructure to support delivery of various services.
Cloud services can be at the forefront of the government's digital transformation. The cloud can provide cost effective access to unprecedented power to rapidly process and analyse vast quantities of data to produce actionable analysis, insights, and better decision-making. Easily accessible data storage and multiple access and communication channels provide a modern, consistent, and seamless experience for officials as well as the public, facilitating public participation and co-operative governance and inter-departmental collaboration and broadening social inclusion. The cost optimisation, data security, and potential for open government made possible by cloud services are far superior to manual paper based processes.
In an important sector such as the public sector, it is however crucial to ensure that any move to the cloud complies with applicable regulation.
MICROSOFT'S COMMITMENT TO THE KENYA PUBLIC SECTOR
We believe that no cloud services provider has more experience of delivering compliant solutions to the public sector in Kenya than Microsoft. Microsoft recognises the need to create an enabling environment for the provision of cloud services in Kenya. It is for this reason that Microsoft intends to work with governments and policy makers in developing policies that will govern cloud usage in Kenya.6 Microsoft believes that the cloud is the best option for the public sector in Kenya. Already, Government institutions in Kenya appear to be embracing cloud services pursuant to an initiative by the Government to digitize its services. Research undertaken by the Communications Authority and the Kenya National Bureau of Statistics7 found cloud usage by public sector institutions to be higher than by private businesses.8
One of the key foundations of the Masterplan is the development of an integrated ICT infrastructure which aims at improving the quality of e-Government services. Today Kenyan residents, citizens, visitors, and investors all have access to a platform known as ‘”e-Citizen” which provides online access to various government departments and services.9 E-Citizen services include business registration, marriage certificate registration, issuance of driving licences, and immigration services. Through this platform users can apply, file and pay for any registrations, endorsements, or other official actions sought online without having to incur the costs of physically visiting the various governmental institutions or having to appoint agents. Microsoft stands ready to support our public service customers in Kenya to achieve similar benefits. Microsoft has already initiated plans to deliver the Microsoft Cloud - including Microsoft Azure, Office 365, and Dynamics 365 — from data centres located on the African continent, which will offer enterprise-grade reliability and performance to customers across Africa.
In addition, our subject-matter experts are available to understand your requirements and provide detailed information on the technical, contractual, regulatory, and practical aspects of any cloud project. This is all part of our commitment to helping our public sector customers smoothly navigate their way to the Microsoft cloud with confidence and enjoy the benefits of the digital transformation.
THE REGULATORY ENVIRONMENT
There is presently no uniform regulation for cloud services in Kenya with cloud adoption still being at an early stage. There are a number of laws that are relevant to any decision to move to cloud services, those that facilitate the use of cloud services and those that place constraints on the manner in which cloud services may be procured and used.
The State Department of ICT and Innovation together with the ICT Authority (together the “ICT Agencies”) are the government agencies responsible for providing centralised information technology, information systems, and related services in a maintained information systems security environment according to approved policy and standards.
The ICT Authority specifically has developed a “GOK e-Readiness Assessment Tool” which provides guidance to government ministries, institutions, and agencies to ensure that all digital services are provided in accordance with the Government Enterprise Architecture (GEA) Framework10. The ICT Standards that have been developed in response to the GEA Framework include: the GEA Standard; Cloud Computing Standard; Data Centre Standard; Electronic Records and Data Management Standard; End-User Equipment Standard; ICTY Human Capital and Workforce Development standard; Information Security Standard; IT Governance Standard; ICT Network Standard; and Systems and Applications Standard.
The Cloud Computing Standard11 requires all government agencies to ensure that they fully comply with the standard for efficient and effective service delivery to citizens. This Standard also requires the ICT Authority to carry out quarterly audits in all Ministries, Counties and agencies (“MCAs”) to ensure their compliance with the Standard. One of the requirements under the Standard is that MCAs should ensure that cloud service providers adhere to regulatory law in relation to privacy and public record keeping requirements.12
The ICT Agencies have recognised the need for cloud services across government to eliminate the unnecessary duplication of information technology goods and services and to increase transparency and efficiency, as well as improving productivity and governance in all key sectors.13
Yes, cloud services are permitted. A move to cloud services would facilitate the achievement of a number of government policy objectives and regulatory requirements relating to co-operative governance, public participation and procedural fairness, information security, service delivery, rational decision-making and administrative efficiency. It will also enable the Government to achieve its objective of promoting the availability and access to efficient, reliable and affordable ICT infrastructure at the county, national and international levels. However, certain processes may need to be followed and certain requirements may need to be met prior to migrating to cloud services as noted in this overview.
At present there is no specific legislation governing the provision of cloud services in Kenya. There are however certain guidelines and regulations that would be relevant with respect to the provision of cloud services.
(i) Public procurement
A public sector body must, amongst other things, ensure that when it contracts for information, communication, and technology services it does so in a manner that achieves value for money in terms of cost, quality, quantity, and timeliness of the delivered works, goods or services.14 Importantly, a public sector body must ensure that a procurement contract should only be awarded to a service provider that has the necessary qualifications, capability, experience, resources, equipment, and facilities to provide what is being procured.
It follows that any public sector body must ensure that all public tenders regarding the procurement process must also incorporate the ICT Standards established by the ICT Authority which establish a blueprint for improving management of Government programs and processes. Even though open tendering is recognised as the preferred procurement method for procurement of goods, works and services an alternative procurement procedure may be used if it is allowed under the relevant law.15 In this regard, it may be possible to deviate from a competitive public tender process and approach a supplier directly in limited circumstances and as long as the purpose is not to avoid competition. Direct procurement is permitted in certain instances set out in the relevant legislation which include events where: (i) the goods, works, or services are available only from a particular supplier or contractor or where a particular supplier or contractor has exclusive rights in respect of the goods, works, or services and no reasonable alternative or substitute exists16; (ii) the procuring entity, procures goods, equipment, technology, or services from a supplier or contractor for reasons of standardization or because of the need for compatibility, and taking into account the effectiveness of the original procurement, the limited size of the proposed procurement in comparison to the original procurement, the reasonableness of the price and unsuitability of alternative goods or services.17
(ii) Access to information, transparency, and public participation
A public entity is inter alia required to facilitate access to information held by such an entity and publish all relevant facts while formulating important policies or announcing the decisions which affect the public18.The public has the right of access to information held by public sector bodies and to information held by another person and which is required for the exercise or protection of any of their rights or fundamental freedoms.19 Information held by a public or private body must be provided expeditiously and at a reasonable cost20 unless it is found to be exempt from the disclosure requirements set out in the relevant legislation.
Public sector bodies may be faced with requests for a significant number of records. Storage of information on the cloud will ensure that all information held by the public body is accessible, searchable, and easy to find with minimal effort to ensure that access to information requests can be addressed timeously.
(iii) Data security
The ICT Authority’s Information Security Standard sets out the standards to which it encourages all public sector bodies to adhere for the protection of information from security risks.21 These standards require all public bodies to have in place an information security policy, an information security plan, and the establishment of an information asset register for the purposes of ensuring proper data security across all classifications schemes. Thus before making a decision to move data to the cloud, a public sector body should consider what types of data will be stored in the cloud, the manner in which the information will be stored (using private cloud infrastructure, including on-premises, or hyperscale cloud infrastructure), and whether the cloud service provider meets the relevant security requirements for the type of information that will be stored.
All public bodies are required to ensure full compliance to the standards set out by the ICT Authority. The ICT Authority will carry out quarterly audits to determine compliance with the GEA Standards.22 All compliant agencies will be issued with a certificate of compliance whilst non-compliant agencies will receive a report detailing the inefficiencies and discrepancies, which will then be presented to the Standards Review Board. The board will determine the action to be taken against the non-compliant institution.
(iv) Co-operative governance and interoperability
The Constitution of Kenya recognises governments at the national and county levels as distinct and inter-dependent and requires them to conduct their mutual relations on the basis of consultation and cooperation23.
All spheres of government and all organs of state within each sphere are required to act in accordance with the values and principles of public services as enshrined in the Constitution of Kenya (“CoK”) which include: high standards of professional ethics; involvement of the people in the process of policy making; responsive, prompt, effective, impartial, and equitable provision of services and accountability for administrative acts.24
The GEA Standards seeks to implement the GEA Principles which include the importance of providing quality information and technology, protecting privacy, maintaining secure information, and providing a service to the public. In turn, the principles are intended to contribute to the aligning and cross-services and solutions with goals and strategies concluded across all governmental levels. The Integration Architecture Principles identify common components which seek to align the interoperability domains, standards, and procedures.
All of these obligations can be met cost effectively and comprehensively through the use of Microsoft's cloud services.
At the moment, there are no restrictions on the transfer of data outside Kenya. However, the draft Data Protection Bill, 201825 contemplates possible future restrictions on the flow of personal data outside Kenya save in specified circumstances, such as where:26
- the third party is subject to a law or agreement that requires the putting in place of adequate measures for the protection of personal data;
- the data subject consents to the transfer;
- the transfer is necessary for the performance or conclusion of a contract between the agency and the third party; and
- the transfer is for the benefit of the data subject.
Microsoft holds itself accountable to and is subject to laws of general application applicable to information technology service providers, and has binding agreements which, in its view, will likely constitute adequate measures. In addition, Microsoft adheres to the EU Model Clauses as well as the EU Privacy Shield and the ISO 27018 Privacy Standard. Microsoft is also committed to ensuring that its products and services comply with the EU General Data Protection Regulation (GDPR) which came into force in May 2018.
As noted above, Microsoft has also initiated plans to deliver the Microsoft Cloud from data centres located on the African continent.
- 1In this document we use the term public sector to include national government, provincial government, municipalities, public entities, municipal entities and constitutional institutions.
- 2 http://www.vision2030.go.ke/about-vision-2030/
- 14Section 3 of the Public Procurement and Asset Disposal Act, 2015.
- 15Section 91 of the Public Procurement and Asset Disposal Act, 2015
- 16Section 103(2)(a), Public Procurement and Assets Disposal Act, 2015.http://www.kenyalaw.org/lex//actview.xql?actid=No.%2033%20of%202015
- 17tion 103(2)(d), Public Procurement and Assets Disposal Act, 2015.
- 18Section 5(1) of the Access to Information Act 2016.
- 19Section 4(1) of the Access to Information Act, 2016 http://www.kenyalaw.org/lex//actview.xql?actid=No.%2031%20of%202016#part_II
- 20Section 4(3) of the Access to Information Act 2016
- 23Section 6(2) of the Constitution of Kenya.
- 24Article 232 of the Constitution of Kenya, 2010
- 25We have considered the Data Protection Bill, 2018, issued under Kenya Gazette Supplement No. 66 (Senate Bills No. 16) dated 30 May 2018 http://kenyalaw.org/kl/fileadmin/pdfdownloads/bills/2018/DataProtectionBill_2018.pdf
- 26Section 31 of the Draft Data Protection Bill, 2018.
WE BUILD OUR TRUSTED CLOUD ON FOUR FOUNDATIONAL PRINCIPLES
Regulating the Use of Cloud Computing by Financial Institutions
Financial institutions (FIs) are increasingly turning to cloud computing technologies to help them meet their IT needs.LEARN MORE
Microsoft's Views on the Central Bank of Jordan Cloud Computing Guidelines.
Central Bank of Jordan Cloud Guidelines: A Microsoft CommentaryLEARN MORE
Cloud Computing and Data Offshoring for Banks
The Prudential Authority, an entity within the South African Reserve Bank (“SARB”) that works to ensure the safety and soundness of financial institutionsLEARN MORE
A compliance checklist for financial institutions in Nigeria
Microsoft is committed to providing a trusted set of cloud services to financial institutions in Nigeria. This checklist is aimed at financial institutions in Nigeria who want to use Microsoft cloud services.LEARN MORE
Trust In A Rapidly Changing Financial Services Market
Read on to find out how the adoption of cloud and knowledge of cloud regulations can help banks and financial institutions mitigate the disruptive influence of FinTech firms.LEARN MORE
Safe Cloud Principles for the Financial Services Industry
Learn more about the best practices that help financial institutions focus on and navigate through the relevant regulatory issues when moving to the cloud.LEARN MORE
Learn more about how Microsoft's Trusted Cloud can help banks and insurers meet their regulatory responsibilities.LEARN MORE
Financial Services, Banking and Capital Markets
Learn more about how Microsoft's cloud technology can help engage customers, empower employees, and optimise operations in the Financial Services, Banking, and Capital Markets industry.LEARN MORE
Data Sovereignty & the cloud – a Healthcare perspectiveLEARN MORE
Responding to the evolving cyber threat landscape in the healthcare sectorLEARN MORE
Microsoft Cloud for HealthLEARN MORE
Microsoft's Virtual Healthcare Information and Management Systems Society (HIMSS) BoothLEARN MORE
Democratizing AI in HealthLEARN MORE
Data Sovereignty - the Oil and Gas PerspectiveLEARN MORE
Responding to the evolving cyber threat landscape in the oil and gas sectorLEARN MORE
Microsoft Cloud for Oil & Gas and Mining Industry.LEARN MORE
Drill Deeper into Digital.
Accenture and Microsoft 2017 Upstream Oil and Gas Digital Trends Survey.LEARN MORE
Banco Angolano de Investimentos (BAI Group)
Innovative Angolan bank rethinks business with a cloud-first approach Read more…
goeasy improves productivity, increases employee satisfaction with Surface Book and Office 365 Read more…
International banking institution increases growth and market share through digital transformation Read more…
Towards a more secure digitized stock trading venue in Kuwait Read more…
Ecobank Ghana Limited
Microsoft Power BI solution helps boost Ecobank’s business performance Read more…
Digital payments company answers questions about using Azure Blockchain Workbench to help build a more prosperous Africa Read more…
The power of four: African bank embraces digitalization and increases efficiency with time-saving Microsoft Flow, PowerApps, Power BI, and SharePoint Read more…
Internet and mobile apps, move over. The new industry disrupter is bot technology. Nedbank, one of the major Read more…
Diamond Bank Plc
Diamond Bank is one of the 22 financial institutions operating in Nigeria, with a mission Read more…
ABN AMRO BANK
To prepare for its digital transformation, ABN Amro simplified and rationalized its IT Read more…
Kuwait Finance House
Islamic banking pioneer innovates again with digital banking shift Read more…
Société Générale Corporate & Investment Banking
This article is part of a series about customers who've worked closely with Microsoft on Service Fabric Read more…
I Choose Life Africa
Supported by cutting-edge Microsoft solutions, Kenyan nonprofit I Choose Life – Africa (ICL) is helping to grow and scale critical sustainable development initiatives across the country, affecting more than one million lives. Read more…
Kenya Red Cross
With solutions based on Microsoft Azure, Dynamics 365, Office 365, and Power BI, the Kenya Red Cross Society is now better equipped to provide key humanitarian aid. Read more…
James 127 Trust
Powered by Microsoft solutions like Azure, the James 1:27 Trust works to improve the quality and reach of care for some of Africa’s most vulnerable children, while supporting other NGOs across the continent Read more…
Based in South Africa, 2Enable is a leading nationwide digital education solution with roots in the Casterbridge Music Development Academy. Read more…
Human Development Foundation
Pakistan-based nonprofit the Human Development Foundation empowers marginalized communities through social capital development, quality education, healthcare, economic development, and sustainable environment initiatives. Read more…
The Citizens Foundation
By building schools in Pakistan’s impoverished areas and rural communities and providing training for principals and teachers, The Citizens Foundation is building a brighter future for all. Read more…
Lebanese Red Cross
With solutions based on Microsoft Azure, Dynamics 365, Office 365, and Power BI, the Lebanese Red Cross is moving toward real-time monitoring and response. Read more…
Qatar Computing Research Institute (QCRI)
Qatar research institute embraces the power of AI for global impact Read more…
Gauteng Provincial Government (GPG)
Youth unemployment in South Africa is 30 percent. Microsoft Services is helping change that. Read more…
Buffalo City Metropolitan Municipality
South African Eastern Cape residents benefit from digitally transformed services Read more…
Iconic London conference center revolutionizes workplace with Microsoft 365 Read more…
Abu Dhabi Global Market Courts
Pioneering digital transformation in the legal and justice system Read more…
Mobile APP on Azure launches for George. Read more…
Johannesburg Roads Agency
The Johannesburg Roads Agency (JRA) maintains roadways, bridges, and Read more…
Gauteng Provincial Legislature
Gauteng Provincial Legislature (GPL), the legislative arm of one of South Africa’s Read more…
Hollands Kroon has radically reimagined what it means to work in Read more…
University Puerto Rico Humacao
The University of Puerto Rico at Humacao wanted to reduce crime and improve compliance Read more…
Agrimetrics is one of four agritech centres set up using government funding with the Read more…
Business Sweden, an organization that helps Swedish companies to grow their global Read more…
New York’s largest healthcare provider streamlines patient care processes with Microsoft business applications Read more…
With Azure AD B2C, top UK healthcare provider now offers a secure web portal as user-friendly as its facilities Read more…
National Department of Health, South Africa
The South African government’s National Department of Health (NDoH) Read more…
Providence St. Joseph Health
Providence St. Joseph Health is moving beyond the typical Read more…
Varian Medical Systems is a leading radiotherapy company recognized for its advanced treatment Read more…
Medical Teams International, a nonprofit provider of health care and humanitarian aid Read more…
Opened in 2005, Soddo Christian Hospital is a 130-bed, full-service facility serving Wolayita Read more…
Transforming IT to create organizational value requires a change in outlook Read more…
Italian National Institute for Insurance Against Accidents at Work
The National Institute for Insurance Against Accidents at Work (INAIL) in Italy wanted to Read more…
365mc improves the efficiency and safety of Liposuction with data analysis Read more…
Scientific Drilling International
Scientific Drilling International uses Power BI to optimize operations Read more…
Chevron productivity climbs with security-enhancing Microsoft cloud services Read more…
Royal Dutch Shell mining oil gas office365
Employee engagement soars as Shell energizes internal communication with Office 365 Read more…
The global population today is approximately 7.4 billion today, and is projected to Watch video
Shell mining oil as azure databricks
Shell invests in safety with Azure, AI, and machine vision to better protect customers and service champions Read more…
Chevron Customer Video
Chevron Customer Video Watch customer video
Royal Dutch Shell
Shell gives developers freedom to create, reduces IT costs with dev-test solution in the cloud Read more…
BP deploys Microsoft 365 to improve user experience and security Read more…
Royal Dutch Shell
How AI is building better gas stations and transforming Shell’s global energy business Read more…
Qatar’s Oryx Gas-to-Liquids (GTL) runs world-leading industrial Read more…
Seadrill is the leading oil and gas deep-water driller, operating globally Read more…
Naas, Ireland–based Oilfield Solutions (OFS) seeks to be a “powerful partner” Read more…