The Public Procurement and Disposal of Public Assets Authority (PPDA) has become the first among ten selected government entities to attain the internationally recognised ISO/IEC 27001:2022 Information Security Management Systems certification under the Uganda Digital Acceleration Project (UDAP), marking a significant milestone in Uganda’s drive to build secure, trusted and globally competitive digital public institutions.
The certification, was hailed by government leaders as a major step towards strengthening information security, enhancing public trust in digital services and safeguarding the integrity of Uganda’s increasingly digital procurement ecosystem.
Speaking at the launch, PPDA Executive Director Canon Benson Turamye said the achievement represents the beginning of a long-term commitment rather than the end of a process.
“Being the first entity places a responsibility on us,” Turamye said. “Certification is not a one-off event. We must sustain these standards through discipline and continuous improvement because future audits will determine whether we continue to meet the requirements.”
He noted that the recognition comes at a time when Uganda is rapidly digitising public procurement through the Electronic Government Procurement (eGP) system, making information security a fundamental pillar of transparency, accountability and public confidence.
According to Turamye, protecting procurement-related information extends beyond internal administration and directly affects the credibility of the country’s public procurement system.
“As procurement becomes accessible to suppliers locally and internationally, including women, youth and persons with disabilities, users must have confidence that the systems they rely on are secure,” he said.
PPDA’s Open Contracting Data Standards platform and Government Procurement Portal have already enhanced transparency by allowing citizens, civil society organisations and development partners to monitor public contracts in real time, improving accountability and enabling quicker interventions where necessary.
PPDA Board Chairman Julius K. Ishungisa described the certification as a governance milestone rather than merely a technical accomplishment.
“The information PPDA handles drives decisions that directly impact public expenditure, market competition, accountability and citizen trust in government,” he said. “Weak information management risks fairness, institutional reputation and public confidence.”
He added that while becoming the first among the ten selected entities is a notable achievement, sustaining compliance beyond the project’s lifecycle will be the true measure of success.
“The Board’s focus now shifts entirely to sustainability. Information security must become part of the daily culture of every staff member and every operational process.”
Executive Director of the National Information Technology Authority-Uganda (NITA-U), Dr Hatwib Mugasa, said the certification strengthens Uganda’s credibility in the global digital economy, where information security standards increasingly influence international partnerships and investment decisions.
“In many advanced digital economies, organisations cannot operate critical systems without recognised security certification,” Mugasa said. “Development partners routinely ask whether our systems are secure and internationally certified. This achievement significantly strengthens Uganda’s profile.”
He also highlighted Uganda’s growing local innovation capacity, revealing that the Electronic Government Procurement platform was developed by Ugandan professionals and has received international recognition for its quality.
“The auditors compared our system with established European platforms and found it to be even stronger in several respects. That should give Ugandans confidence in our own technical capabilities.”
Minister for ICT and National Guidance Hon. Kasule Lumumba described the certification as a national milestone in Uganda’s journey towards secure digital governance and stronger public trust.
“In today’s digital age, information security is foundational to public trust,” she said. “Public procurement handles highly sensitive financial and contractual information whose protection is essential for transparency, accountability and value for money.”
She said the certification aligns with Uganda’s Vision 2040, the Fourth National Development Plan, the Sustainable Development Goals and Agenda 2063 by promoting resilient, digitally enabled public institutions.
Lumumba challenged other government agencies to emulate PPDA while warning that maintaining certification would require continuous improvement rather than complacency.
“We cannot afford to go backwards after taking 14 years to reach this point,” she said. “Secure institutions build a secure nation. Government will continue supporting agencies that demonstrate commitment to information security and digital transformation.”
With annual surveillance audits expected to ensure continued compliance, officials stressed that the certification is not merely a badge of honour but an ongoing institutional obligation that will shape Uganda’s broader ambitions of building secure, transparent and globally trusted digital public services.