<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt">Edith,<br><br>In Kenya there is NO explicit and compelling legal framework for auditing Information Systems. The Kenya Comm. Act 2009 comes close but is too general and restricted to telcos. Furthermore the details of how these telcos are supposed to maintain security and integrity of their Infor systems is <span style="font-weight: bold;">correctly</span> left out since this does require and independent and substantive standolone legislation that touches on the role of an IT savvy Judiciary, IT Savvy Prosecution, IT Savvy Investigators/Law Enforcement and IT Savvy Organisastional Requirments (e.g being compelled to do regular and report on IS Audits - more like we do for the Financial Audits). So that is the ecosystem/framework that needs to kick in to guarantee us some semblance of a secure information
system landscape/knowledge industry.<br><br>Serious companies (mainly blue chip banking, insurance, telcos, etc) do Info System Audit either as best practice or as directed by their foreign Headquarters' legal requirements. US/EU/Australia have specific laws compelling companies to annually do and report on their Information Systems Governance, Risks and Assurance.<br><br>In Kenya the closest we have come to having this framework is through the repeated and still continuing attempts to have the Data Protection Bill, the Freedom of Information Bill as well last years CCKs discussions on eCommerce Regulations in palce. In all these exercises ISACA-Kenya (www.isaca.or.ke) which is the local chapter for the international (www.isaca.org) that deals with Information Systems Governance, Risks and Assurance has been participating. So my take going forward is just fix these laws and regulations and we can save ourselves the next election
fiasco in 2017.<br><br>Your never having heard of them (ISACA-Kenya) is because "tunatenda bila kusema" (we do without saying :- ) just to rephrase the now famous slogan.<br><br>walu.<br><br> <br><div><br></div> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Edith Adera <eadera@idrc.ca><br> <b><span style="font-weight: bold;">To:</span></b> Walubengo J <jwalu@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> <br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, March 12, 2013 9:53 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> RE: [kictanet] Our Response to Systematic ICT Systems Failure at
IEBC<br> </font> </div> <br>
Walu,<br><br>What is the legal and institutional framework for auditing such mega systems for public use? which is the standards body?<br><br>who would be responsible for carrying out such a public audit - afte action review?<br><br>Never heard of ISACA-Kenya?<br><br>Edith<br>________________________________________<br>From: kictanet [kictanet-bounces+eadera=<a ymailto="mailto:idrc.ca@lists.kictanet.or.ke" href="mailto:idrc.ca@lists.kictanet.or.ke">idrc.ca@lists.kictanet.or.ke</a>] on behalf of Walubengo J [<a ymailto="mailto:jwalu@yahoo.com" href="mailto:jwalu@yahoo.com">jwalu@yahoo.com</a>]<br>Sent: Tuesday, March 12, 2013 12:08 PM<br>To: Edith Adera<br>Cc: KICTAnet ICT Policy Discussions<br>Subject: Re: [kictanet] Our Response to Systematic ICT Systems Failure at IEBC<br><br>+1,<br>@ Sam,<br>From your pitch,<br>>>...are we saying that nobody in this list bid for this system? nobody tried? ... doesn't that mean we are just
talking ..... and talk is cheap.<br><br>am tempted to confess that indeed as a member of the ISACA-Kenya (the information system audit community) I did get an invite to make a bid to externally audit the election information system. But guess what, the invite came on a Friday Feb 22nd and was due by that Monday 25th which incidentally was then just 1week to the voting/election day. Assuming the eventual IS Auditor (whoever it was) did find issues that needed more than a week to fix?<br><br>My point which I have been singing all along, folks in Government and related type of organisations know what needs to be done, they just never get the complimentary and necessary support in a timely manner. So your post-mortem must go beyond the technical and begin to address the "organisational" context/issues.<br><br>walu.<br><br><br><br>________________________________<br>From: Sam Gichuru <<a ymailto="mailto:gichuru@gmail.com"
href="mailto:gichuru@gmail.com">gichuru@gmail.com</a>><br>To: <a ymailto="mailto:jwalu@yahoo.com" href="mailto:jwalu@yahoo.com">jwalu@yahoo.com</a><br>Cc: KICTAnet ICT Policy Discussions <<a ymailto="mailto:kictanet@lists.kictanet.or.ke" href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>><br>Sent: Tuesday, March 12, 2013 6:45 PM<br>Subject: Re: [kictanet] Our Response to Systematic ICT Systems Failure at IEBC<br><br>Edith,<br><br>I am one of those who suggested a full Audit of the system but only after the elections and I am definitely looking forward to this weeks #140 Friday with Brian, I hear people involved will be available for candid discussions.<br><br>What I am seeing and I stand to be corrected is the spectator syndrome, when everything is ok and the international press highlight Kenya as a tech destination, Mpesa is praised, Ushahidi and startups with all our Mvitus, we celebrate, claim our team
(#teamtech/ICT) is winning and write long blog posts and gazillion tweets etc<br><br>This only last as long as nothing goes wrong, but when it does, suddenly the conversation changes from "we" to "them", they have failed, they dint consult, they dint test, they... not us. This is what most football fans/Spectators do, they love their football team only when its winning, which basically makes one wonder are we players or are we fans of this game?<br><br>But to bring this home, we have a bigger problem, if this community started asking about the procurement process, the system architect and the companies that were selected to implement the IEBC system only after it failed, we are not engaging enough, are we saying that nobody in this list bid for this system? nobody tried? ... doesn't that mean we are just talking ..... and talk is cheap.<br><br>I would like to challenge the community to engage more with an aim to problem solve, to tender and bid
for local contracts, to build more open source solutions, to fundraise with an aim to seed fund startups, if we dont... we are going to be running around in circles and then move to Rwanda and guess what we will all say ..... they dint do xyz...<br><br><br>Let ask Ourselves ... who is they?<br><br><br>On Tue, Mar 12, 2013 at 4:35 PM, Edith Adera <<a ymailto="mailto:eadera@idrc.ca" href="mailto:eadera@idrc.ca">eadera@idrc.ca</a><mailto:<a ymailto="mailto:eadera@idrc.ca" href="mailto:eadera@idrc.ca">eadera@idrc.ca</a>>> wrote:<br>Harry,<br><br>Not sure you were in Kenya or buried your head in the sand!<br><br>It’s a fact that the system did not work and IEBC had to revert to the manual system as reported by the Chair of the IEBC on TV.<br><br>We need to learn to tell the truth as a country and confront our issues. Someone suggested on this list, can’t remember who, that as an ICT industry an audit should be carried out so we know
what went wrong and learn for the future.<br><br>Why do we always turn to the easy targets….tribalism, partisan interests etc when hard questions are asked?<br><br>Edith<br><br>From: kictanet [mailto:kictanet-bounces+eadera<mailto:kictanet-bounces%2Beadera>=<a ymailto="mailto:idrc.ca@lists.kictanet.or.ke" href="mailto:idrc.ca@lists.kictanet.or.ke">idrc.ca@lists.kictanet.or.ke</a><mailto:<a ymailto="mailto:idrc.ca@lists.kictanet.or.ke" href="mailto:idrc.ca@lists.kictanet.or.ke">idrc.ca@lists.kictanet.or.ke</a>>] On Behalf Of Harry Delano<br>Sent: March 12, 2013 3:22 PM<br>To: Edith Adera<br>Cc: KICTAnet ICT Policy Discussions<br>Subject: [kictanet] Our Response to Systematic ICT Systems Failure at IEBC<br><br><br>Aye..!<br><br>Could someone please aver what the furor was all about on this list when systems failed at IEBC last week. I thought it was so that<br>we could address systemic issues in that part of the election process..? Please
someone correct me, but I seem to be settling on<br>this conclusion that we collectively only raise hue and cry when the system(s) are perceived to be working against “us”, or not in<br>“our” interests – whichever side of divide each one of us sits. Once they serve ‘our’ interests, we quickly move on.. So where is<br>posterity in all this..? A pattern emerges where well calculated intellectual arguments everywhere nowadays, that thinly veil and<br>mask the real motives in us. We completely bury our heads in the ground and deny that we have deeply rooted issues that stem<br>from tribe, class etc and as a result, we are caught up in this vicious cycle that we cannot seem to free ourselves from and which<br>clouds our entire vision as a nation. Who will free us, if we do not take initiative ourselves..? How and when will we as a nation<br>confront this ‘monster’ head on, by first of all acknowledging it
exists. Then moving to deal with it. Can this list be at the forefront<br>of it..?<br><br>If so, let’s start now..<br><br>Harry<br><br>_______________________________________________<br>kictanet mailing list<br><a ymailto="mailto:kictanet@lists.kictanet.or.ke" href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><mailto:<a ymailto="mailto:kictanet@lists.kictanet.or.ke" href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>><br><a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br><br>Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/gichuru%40gmail.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/gichuru%40gmail.com</a><br><br>The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions
interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br><br>KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br><br><br><br>--<br>Warm Regards,<br>------------------------<br>Sam Gichuru<br><br><br>twitter: | @samgichuru<<a href="http://twitter.com/samgichuru" target="_blank">http://twitter.com/samgichuru</a>><br>Blog: | www.samgichuru.com<<a href="http://www.samgichuru.com/" target="_blank">http://www.samgichuru.com/</a>><br>Facebook: | Sam.g<<a href="http://sam.g/" target="_blank">http://sam.g/</a>>ichuru<<a href="http://www.facebook.com/sam.gichuru"
target="_blank">http://www.facebook.com/sam.gichuru</a>><br>Skype: Sam.gichuru<br>Cellphone: | +254-722-730565<br><br>Co-founder/ Director /Nailab Incubation<br>Location: | Nairobi<br>Website: | www.nailab.co.ke<<a href="http://www.nailab.co.ke/" target="_blank">http://www.nailab.co.ke/</a>><br>twitter: | @thenailab<br><br>_______________________________________________<br>kictanet mailing list<br><a ymailto="mailto:kictanet@lists.kictanet.or.ke" href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><mailto:<a ymailto="mailto:kictanet@lists.kictanet.or.ke" href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>><br><a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br><br>Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com"
target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com</a><br><br>The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br><br>KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br><br><br><br> </div> </div> </div></body></html>