Guidelines

Software
Development
Table of Contents
1.0 Introduction........................................................................................................... 2
1.1 Purpose ........................................................................................................... 2
1.2 Scope .............................................................................................................. 2
1.3 Objectives ......................................................................................................... 2
2. Documentation Requirements ...................................................................................... 2
2.1 General Documentation Requirements ...................................................................... 2
2.1.1 Software Requirements Specifications (SRS) ........................................................ 2
2.1.2 Architecture Documentation ............................................................................. 2
2.1.3 API Documentation ........................................................................................ 3
2.1.4 User Documentation ...................................................................................... 3
2.1.5 Developer Documentation................................................................................ 3
2.1.6 Configuration Documentation ............................................................................ 3
2.1.7 Security Documentation .................................................................................. 3
2.1.8 Operational Documentation .............................................................................. 4
2.1.9 Licensing and Legal Documentation ................................................................... 4
3. Additional Software Requirements ................................................................................ 4
3.1 Security ............................................................................................................ 4
3.1.1 OWASP Compliance ...................................................................................... 4
3.1.2 Audit Trails .................................................................................................. 4
3.1.3 Sector-Specific Security Requirements ................................................................ 4
4. Usability Standards................................................................................................... 5
4.1 Accessibility....................................................................................................... 5
4.2 User Experience ................................................................................................. 5
5. Regulatory Compliance.............................................................................................. 5
5.1 Data Protection .................................................................................................. 5
6. Interoperability Standards ........................................................................................... 5
6.1 Data Exchange Standards ..................................................................................... 5
6.2 Integration Standards ........................................................................................... 5

1
 NITDA Software Development Guideline
1.0 Introduction
1.1 Purpose
This guideline establishes the minimum requirements for the development of software to be used by
Nigerian government entities. It ensures that all software meets quality, security, and operational
standards, promotes the growth of the local software testing market, and enhances the efficiency and
effectiveness of government services.
1.2 Scope
This regulation applies to all software developed or modified for use by Nigerian governmental
institutions, including applications, systems, and platforms that interface with government operations or
services.
1.3 Objectives
• Ensure software is fit for purpose, meeting functional and non-functional requirements.
• Protect government institutions from operational risks through security, reliability, and
performance standards.
• Foster collaboration and communication among stakeholders in the software development
lifecycle, including developers, testers, and government entities.

2. Documentation Requirements
All software and applications developed or modified for government use must conform to the following
documentation requirements:
2.1 General Documentation Requirements
Each software must be accompanied by the following set of documentation to ensure transparency,
maintainability, and effective use.
2.1.1 Software Requirements Specifications (SRS)
• Functional Requirements: Define the intended functional capabilities of the software in line with
ISO/IEC/IEEE 29148:2018.
• Non-Functional Requirements: Specify performance, security, usability, reliability,
maintainability, portability, efficiency, and other applicable non-functional requirements of the
system.
2.1.2 Architecture Documentation
• System Overview: Provide a high-level understanding of the software's structure and purpose.
• Component Diagrams: Visualize the major components and their interactions.

2
 • Data Flow Diagrams: Illustrate data movement within the system, including data processing
and storage.
• Design Decisions: Document key architectural decisions and the rationale behind them.
• Technology Stack: Specify the technologies used, including programming languages,
frameworks, and tools.
2.1.3 API Documentation
• Endpoint Descriptions: Provide detailed descriptions of available API endpoints for developers
to interact with the software.
• Authentication and Authorization: Explain the mechanisms for secure access to the API.
• Error Handling: Document error reporting and handling mechanisms.
• Rate Limiting: Include information on rate limits to prevent abuse of the API.
2.1.4 User Documentation
• User Guide: A comprehensive guide to using the software's features.
• FAQ Section: Answers to frequently asked questions.
• Troubleshooting: Guidance for solving common problems.
• Feature Walkthroughs: Instructions for using key features.
• Glossary: Definitions of key terms.
2.1.5 Developer Documentation
• Code Structure Overview: Describe the codebase organization.
• Coding Standards and Conventions: Outline coding standards and guidelines.
• Setup and Installation Guide: Instructions for setting up the software.
• Build and Deployment Instructions: Steps for building and deploying the software.
• Dependency Management: Details on managing software dependencies.
• Extensibility Guidelines: Instructions for adding features without disrupting functionality.
• Testing Instructions: Provide procedures for testing the software.
2.1.6 Configuration Documentation
• Configuration Files Overview: Describe configuration files and their role.
• Environment Variables: List and explain environment variables.
• Configuration Options: Document available options for configuring the software.
• Setup Scenarios: Provide sample setup scenarios for different use cases.
2.1.7 Security Documentation
• Security Architecture: Detail the security architecture, covering key security mechanisms and
controls.
• Security Policies: Outline the policies governing security operations.

3
 • Vulnerability Management: Explain how vulnerabilities are identified, tracked, and resolved.
• Penetration Testing Reports: Include penetration testing results to verify the software’s security.
• User Access Control: Define user roles and access levels, including how authorization is
managed.
2.1.8 Operational Documentation
• Deployment Procedures: Detailed steps for deploying the software in production environments.
• Monitoring and Alerts: Document monitoring mechanisms and alert handling processes.
• Backup and Recovery: Procedures for backup and restoration of data in case of system failure.
• Disaster Recovery Plan: Comprehensive disaster recovery procedures.
• Maintenance Tasks: Routine maintenance activities required to keep the software operational.
2.1.9 Licensing and Legal Documentation
• License Agreement: Legal terms for using the software.
• Third-Party Licenses: List of licenses for third-party libraries and dependencies.
• Copyright Information: Copyright notices and intellectual property statements.
• Compliance Documentation: Ensure the software meets legal and regulatory compliance
requirements.

3. Additional Software Requirements

3.1 Security
3.1.1 OWASP Compliance
• All software must be developed in accordance with secure coding practices that mitigate the
OWASP Top 10 security vulnerabilities. Compliance with the OWASP Application Security
Verification Standard (ASVS) is also required to ensure the implementation of comprehensive
and effective security measures.
3.1.2 Audit Trails
• Detailed Audit Trails: Implement logging mechanisms to capture all user actions and system
events.
• Tamper-Evident Logs: Apply cryptographic techniques to ensure the integrity of logs and
prevent unauthorized modifications.
3.1.3 Sector-Specific Security Requirements
• Industry-Specific Compliance: Software must meet the security requirements of the specific
sector (e.g., healthcare, finance) in which it is to be used.

4
4. Usability Standards
4.1 Accessibility
• WCAG 2.1 Compliance: Ensure software meets the Web Content Accessibility Guidelines
(WCAG) 2.1, making it accessible to users of all classes, including those with disabilities.
4.2 User Experience
• Intuitive Design: Software should be designed with a focus on user experience, ensuring that it
is intuitive and easy to navigate.
• Feedback Mechanisms: Incorporate mechanisms for users to provide feedback on usability and
functionality, promoting continuous improvement.

5. Regulatory Compliance
Ensure that the software complies with all relevant local and international standards and regulations.
This includes, but is not limited to, adhering to industry-specific guidelines, data protection laws,
security standards, and any other regulatory requirements that apply to the software's functionality,
development, and deployment.
5.1 Data Protection
• Compliance with Nigeria’s Data Protection Regulation (NDPR) and other relevant data privacy
laws is mandatory, ensuring that user data is collected, processed, and stored responsibly.

6. Interoperability Standards
6.1 Data Exchange Standards
• Standardized Data Formats: Ensure software uses standardized formats (JSON, XML, CSV)
for data exchanges to ensure compatibility across different systems.
• National Data Exchange Regulation Compliance: Ensure compliance with national regulations
governing secure and efficient data exchange.
6.2 Integration Standards
• API Compatibility: Software must support integration with existing government systems through
well-defined APIs, ensuring seamless data exchange and interoperability.