General Guidelines for the Management of Information and Communication Technologies in the Panama

General Guidelines for the Management of Information and Communication Technologies provide a comprehensive framework for managing Information and Communication Technologies (ICT) in the public sector. It was established by the National Authority for Government Innovation (AIG) to standardise ICT processes across state entities, ensuring robust infrastructure, secure systems, and efficient digital services. These guidelines serve as a foundation for integrating ICT into public administration, focusing on regulatory compliance, security, and the modernisation of public services. By adhering to these standards, public institutions can enhance their operational efficiency, promote transparency, and ensure the security of data and systems.

The guidelines are applicable to all state entities, including autonomous and semi-autonomous bodies, public companies, and municipal governments. They also extend to private organisations where the state owns at least 51% of the capital. This ensures consistency and uniformity in ICT practices across a wide range of public sector operations.

The legal framework supporting these guidelines is rooted in key legislative acts, such as Law 65 of 2009, which created the AIG and established its authority to oversee ICT-related activities in public institutions. Additional laws and executive decrees, such as Law 83 of 2012 and subsequent amendments, outline the adoption of electronic systems for government processes and reinforce the principles of digital governance.

A major emphasis of these guidelines is on facilitating citizen access to government services through digital means. Institutions are required to maintain updated information on an official government portal, ‘Panamá Tramita,’ where all public processes and requirements are published. This portal is central to ensuring transparency and ease of access for citizens and businesses. Additionally, the guidelines encourage the adoption of online services, with a progressive shift towards full digitalisation. This includes options for initiating and completing processes entirely online, using electronic signatures, and ensuring that existing public databases are leveraged to minimise redundant information requests from users.

Security and risk management are core components of these guidelines. Entities must implement robust measures to protect the confidentiality, integrity, and availability of information, with recommendations to adopt internationally recognised standards such as ISO 27001 and ISO 27002. Institutions are encouraged to appoint dedicated security officers, such as Chief Information Security Officers (CISOs), to oversee the development and enforcement of security policies. Incident management processes are also outlined, requiring institutions to report cybersecurity issues to the state’s Computer Security Incident Response Team (CSIRT).

In terms of project and asset management, the guidelines emphasise the importance of proper planning and oversight of ICT projects. All projects must align with best practices in project management to ensure timely delivery within budget constraints while meeting quality expectations. Furthermore, institutions are required to maintain detailed inventories of their ICT assets, categorised into hardware, software, and licensing information. This ensures accountability and facilitates efficient resource allocation.

The development and deployment of software applications are addressed with a focus on security and quality. From the design phase to implementation, applications must incorporate security measures and undergo rigorous testing, including functional, performance, and security evaluations. The guidelines recommend the use of ISO/IEC 25000 standards for assessing software quality, ensuring that applications meet user requirements and operate reliably.

The guidelines also provide directives for maintaining ICT infrastructure. Institutions must follow standardised procedures for acquiring and upgrading hardware and software, ensuring compatibility with existing systems and alignment with their digital agendas. Maintenance practices are designed to maximise the lifespan and effectiveness of ICT investments while minimising risks associated with outdated technology.

To support the overarching objectives of digital transformation, each institution is required to establish a Digital Government Unit responsible for leading and coordinating ICT initiatives. This unit must develop an annual operational plan and a broader institutional digital agenda, outlining short-, medium-, and long-term goals for technological modernisation. These plans are submitted to the AIG for approval and form the basis for aligning institutional efforts with national digital strategies.

By setting these comprehensive standards, the guidelines ensure that public sector institutions in Panama can effectively integrate ICT into their operations, providing secure, accessible, and efficient services to citizens. These guidelines are not only a roadmap for technological advancement but also a commitment to fostering transparency, accountability, and innovation in public administration.