No. 5
52
Computer Misuse and Cybercrimes
2018
(b) fails to provide to the Director such additional
information as may be necessary within a specified
period in order to evaluate the report of an audit in
line with the critical infrastructure after he or she
has been requested to do so to the Director;
(c) hinders, obstructs or improperly attempts to
influence any member of the Committee, person or
entity to monitor, evaluate and report on the
adequacy and effectiveness of an audit;
(d) hinders, obstructs or improperly attempts to
influence any person authorized to carry out an
audit;
(e) fails to co-operate with any person authorized to
carry out an audit; or
(0 fails to assist or provide technical assistance and
support to a person authorized to carry out an
audit.
(6) A person shall not perform an audit on a critical
information infrastructure unless he or she —
(a) has been authorized in writing by the Director to
perform such audit; or
(b) is in possession of a certificate of appointment, in
the prescribed form, issued by the Director, which
certificate must be submitted to the owner or
person in control of a critical information
infrastructure at the commencement of the audit.
PART III—OFFENCES
14. (1) A person who causes, whether temporarily or
permanently, a computer system to perform a function, by
infringing security measures, with intent to gain access, and
knowing such access is unauthorised, commits an offence
and is liable on conviction, to a fine not exceeding five
million shillings or to imprisonment for a term not
exceeding three years, or to both.
(2) Access by a person to a computer system is
unauthorised if—
(a) that person is not entitled to control access of the
kind in question to the program or data; or
Unauthorised
access.