ICT Authority
ICTA Assessment Digital Readiness & E-Services
Menu

Digital Readiness Assessment

A data-driven diagnosis of Kenya's public sector digital maturity, infrastructure, and service delivery capabilities.

GCI Summary Structures Skills Policy Actions

Governance & Capability (GCI)

Governance and capability provide the enabling environment for sustainable digital transformation. Structures exist in many MDAs, but skills, budget protection and policy enforcement vary widely.

2.2
Average GCI Score
Mid-low maturity: uneven capability, inconsistent execution.
77%
CIO / ICT Head
Most MDAs have an accountable ICT lead — but mandate and authority differ.
63%
Ring-fenced ICT Budget
Budget protection is common, but not universal — a frequent delivery blocker.
What strong governance enables
  • Prioritised, funded roadmaps (not “project-of-the-month”).
  • Standardised controls (security, data, records, procurement).
  • Delivery predictability via steering, KPIs, and accountability.
Where to focus first

Start by strengthening decision rights: clarify who approves standards, budgets, and architectures, then build the “delivery spine” (steering + roadmap + KPIs).

How to interpret GCI
Structures
CIO/ICT leadership, steering, strategy/roadmap, budget protection.
Capability
Skill depth, delivery practices, and ability to sustain systems.
Policy & enforcement
Adoption plus real compliance (audits, controls, consequences).

Governance Structures

Prevalence of key enabling structures across MDAs.

Accountability Funding certainty
Interpretation
  • Leadership roles are relatively common, but steering and roadmaps are less prevalent.
  • Where steering committees are missing, prioritisation becomes reactive and project outcomes become inconsistent.
  • Roadmaps (and architecture guardrails) are key to reducing duplication and vendor lock-in.
Starter governance package
  • Named accountable CIO/ICT head with clear mandate.
  • Quarterly steering committee with a published decision log.
  • 12–18 month roadmap aligned to service priorities.
  • Ring-fenced budget lines and procurement plan tied to roadmap.

Digital Skills Profile

Self-reported ICT skills distribution (from assessment).

Delivery capacity Sustainability
Risk

High proportion of basic/moderate capability can limit secure delivery, integration, and operations.

What “good” looks like
  • BAU ops + security coverage
  • Integration + data skills
  • Product / service delivery capability
Fast win

Create a shared “tiger team” pool for high-need MDAs: integration, security, and delivery coaching.

Suggested capability ladder
Basic
End-user support; ad-hoc maintenance.
Moderate
Ops coverage; limited integration; some standards.
Good
Service delivery, security practices, integration ability.
Advanced
Architecture, data engineering, DevSecOps, platform skills.

Policy Adoption

Reported policy adoption across MDAs.

Adoption vs enforcement

Adoption is a starting point. Real impact requires operational controls: audits, incident reporting, access reviews, retention schedules, and clear accountability for exceptions.

Highest leverage policies
  • Cybersecurity (minimum controls + incident workflow)
  • Data protection (classification + processing controls)
  • BCP/DR (critical services + tested recovery)

Recommended Actions

Strengthen governance “spine” and capability so digital investments become repeatable, secure, and measurable.

1) Clarify decision rights

Define who approves architectures, standards, budgets, and platform choices — and publish decisions.

  • Steering charter
  • Decision log
  • Architecture guardrails
2) Fund and protect the roadmap

Ring-fence critical spend and align procurement to roadmap milestones (avoid “one-off” projects).

  • Roadmap-linked budget lines
  • Lifecycle O&M included
  • Vendor performance KPIs
3) Build shared capability

Improve delivery capacity quickly via shared teams and common tooling (security, integration, data).

  • Cross-MDA delivery “tiger teams”
  • Training aligned to service priorities
  • Standard platform patterns
Starter 90-day governance cadence
Weeks 1–4
  • Confirm CIO/ICT mandate + decision rights
  • Stand up steering committee + agenda
  • Baseline policy gaps & critical controls
Weeks 5–8
  • Publish roadmap and KPIs
  • Align ring-fenced budget to roadmap
  • Launch shared capability support (security/integration)
Weeks 9–12
  • First governance review cycle
  • Audit policy enforcement (samples)
  • Adjust roadmap based on delivery evidence

Note: Percentages reflect reported ranges and assessment synthesis; use as directional indicators for prioritisation.