Despite a scathing auditor-general's report that found a widespread lack of IT security and governance among government departments, it will be at least another year before a framework is in place.
IT governance and security is vital to protect information and eliminate corruption. However, the AG's report for the year to March 2011 found that, of the 38 national departments audited, 81% did not have full security management systems in place; and 79% did not have a complete IT governance framework.
The root cause of the lack of IT governance and IT security is the Department of Public Service and Administration's (DPSA's) delay in rolling out frameworks, the AG found.
Yet, despite the AG's urging that these aspects be implemented, governance is only set to be “enhanced” by next March, while a “minimum” information security standards framework will also be developed by then.
Delayed commitments
According to the AG's report, former public service and administration minister, Richard Baloyi, had “committed to developing and implementing a government-wide IT governance framework”.
“Although the framework has not been finalised, the minister has demonstrated his commitment to completing the project through various sessions held with leadership within government.”
The estimates document also notes the DPSA will improve government's IT security by “developing the minimum information security standards framework by March 2013”.
In addition, the department will be “conducting research” on an identity management framework, to be complete by the same time.
Dubious deadline
Mark Walker, director of insights and vertical industries for IDC's Middle East, Africa and Turkey region, says IT governance and security are vital.
Walker explains everything within government is digitised, from electricity accounts to national strategic planning documents, which is why security is key. “One good hack will expose the entire nation.”
Governance is also vital to cut down on corruption, says Walker. “Corruption flourishes where governance fails.”
In the absence of a national ICT policy, there is no sense of direction, says Walker. He adds that there is also no continuity due to constant top-level changes within government departments and agencies such as the State IT Agency (SITA).
Walker says SITA has had a new CEO every year for the past decade, which means there is no continuity. He explains that stability takes about two years to entrench.
Under normal circumstances, March next year would be a “hard stop” when all the required systems should be in place, says Walker. However, he is doubtful that government will be anywhere near this target due to the amount of work involved. “It's the same old story over and over again.”
Neither SITA, nor the DPSA have responded to questions sent a month ago around the AG's findings, and the department did not reply to a request for comment on why it would take until March next year to implement the vital frameworks.
Share
