forked from DPGAlliance/publicgoods-candidates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
harmony.json
114 lines (114 loc) · 12.4 KB
/
harmony.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
{
"name": "Harmony",
"clearOwnership": {
"isOwnershipExplicit": "Yes",
"copyrightURL": "https://www.zenysis.com/#harmony"
},
"platformIndependence": {
"mandatoryDepsCreateMoreRestrictions": "Yes",
"isSoftwarePltIndependent": "Yes",
"pltIndependenceDesc": "Emails are sent via Mailgun API, a subscription-based email delivery service. An open functional alternative would be to continue using Mailgun API but use the OpenSMTP interface instead. Alternatively, since the project uses Flask, they can use flask-mail (https://flask-mail.readthedocs.io/en/latest/) and use the Mailgun SMTP credentials"
},
"documentation": {
"isDocumentationAvailable": "Yes",
"documentationURL": [
"https://github.com/Zenysis/Harmony"
]
},
"NonPII": {
"collectsNonPII": "Yes",
"checkNonPIIAccessMechanism": "Yes",
"nonPIIAccessMechanism": "Yes, Harmony use cases rely on integrating and then analyzing non-personally identifiable information. For example, Harmony can enable geographic triangulations across logistic management information systems (e.g.LMIS) and routine health systems (e.g. DHIS2).\n\nThere are mechanisms for both importing and extracting data from Harmony using non-proprietary formats: \nImporting data into Harmony: This project comes with a built-in ETL pipeline that has been proven to work in a variety of global health contexts. It provides a general framework for scraping data from any number of data sources or APIs, tools for standardizing this data into a common format (called Base Format), and libraries for merging these disparate datasets together to make them mutually queryable. The data pipeline is based on Zeus, an open-source, no-frills, command-line oriented pipeline runner.\n\n\nExtracting data: Harmony registered users can flexibly extract data from the platform in a number of ways. By using the analytics front-end, users can download query data in Excel, CSV, XML and ADX data formats. In addition, technical users can query the Druid open-source database directly by writing Druid database SQL queries or native Druid JSON-based queries. \n\n"
},
"privacy": {
"isPrivacyCompliant": "Yes",
"privacyComplianceList": [
"Protection of Personal Information (POPI) act"
],
"adherenceSteps": [
"Yes, the configuration of the platform is flexible and administrators are able to adjust how the platform operates to abide by local laws and requirements. Access to Protected Data at the indicator level, dashboards, analyses, and other functionalities can be managed on a per-user basis. Harmony administrators are responsible for determining the appropriate levels of access each user shall have at the highest level of granularity. For example, in South Africa, Harmony users configured the platform to respect the Protection of Personal Information (POPI) act. In addition, Harmony does not collect any personal information about users other than their sign-in information. "
]
},
"standards": {
"supportStandards": "Yes",
"standardsList": [
"HTML",
"CSS",
"Javascript",
"HTTPS",
"REST",
"JSON",
"CSV",
"ISO 3166"
],
"evidenceStandardSupport": [
"https://github.com/Zenysis/Harmony/blob/master/web/server/templates/layout.html",
"https://github.com/Zenysis/Harmony/blob/master/web/public/scss/components/navbar/_navbar.scss",
"https://github.com/Zenysis/Harmony/blob/master/web/client/services/APIService.js",
"https://github.com/Zenysis/Harmony/blob/master/data/pipeline/scripts/process_csv.py",
"https://github.com/Zenysis/Harmony/blob/master/web/client/components/AdvancedQueryApp/LiveResultsView/QueryResultActionButtons/ShareQueryModal/DownloadDataTab.jsx"
],
"implementBestPractices": "Yes",
"bestPracticesList": [
"Zenysis uses agile project methodologies to implement its software, including for Harmony, and has successfully completed all of its integration, analysis, monitoring and evaluation, and modeling projects using agile principles. For Harmony, new integrations will tend to inform how visualizations, dashboards, and analyses need to function, and changes to those components might inform how the integration pipeline should change as well. Within Harmony, the full feature set of the product is immediately available to users once data is integrated. Therefore, users will not have to wait until different phases of the project to begin interacting with data once the data integration pipeline is created. Instead, users can immediately begin analyzing data, creating reports, building dashboards, validating results, providing feedback and making decisions. User feedback is collected and requirements are incorporated back into the Project Library (a comprehensive knowledge management resource), spurring a new round of development. Agile development at Zenysis ensures that users are involved at every stage of development and results in a product that is tightly aligned with evolving user needs. Harmony was also developed in line with the Principles of Digital Development, including designing the software with the user in mind and building it for sustainability. The Harmony platform software was built with technical best practices at its core. Best practices include: Cross-browser compatibility: The platform supports Microsoft Edge, Google Chrome and Firefox Mobile web and responsive web design: While the platform is optimized for desktop computers, the platform interface is responsive and features are reasonably available on mobile devices. Internationalization: The platform supports writing systems outside of the Latin alphabet (all UTF-8 characters, not just those designated LATIN). The project is built with a robust translation and localization library that enables users to translate any content. Consistent style guidelines: Linters are used to maintain consistent style and naming conventions that adhere to the best practices for the respective language. Immutable data models: ZenModels are our well-documented, internal immutable data models. They are used to maintain immutability with React. Privacy and security Data Encryption in Transit: all communication between users of the Harmony platform and the server is encrypted with TLS. Servers should support TLS 1.3, Perfect Forward Secrecy (PFS) and Elliptic Curve Cryptography. This ensures that no Protected Data will leave servers in an unencrypted state. Data Encryption at Rest: Protected Data stored on configured servers is encrypted with Advanced Encryption Standard 128 (AES-128). Users are automatically logged out of their user session after 30 minutes of inactivity by default. "
]
},
"doNoHarm": {
"preventHarm": {
"stepsToPreventHarm": "Yes",
"additionalInfoMechanismProcessesPolicies": "Harmony comes with various guidelines, protocols, and tools to help prevent risks and ultimately avoid harm. For example, as noted above, all communication between users of the Harmony platform and the server is encrypted with TLS, Harmony servers should support TLS 1.3, the use of Perfect Forward Secrecy (PFS) and Elliptic Curve Cryptography ensures that no Protected Data will leave servers in an unencrypted state, and protected Data stored on configured servers is encrypted with Advanced Encryption Standard 128 (AES-128). Furthermore, at the user level, unique identifiers and passwords are given to each user with specific accessibility guardrails that are defined by key stakeholders overseeing any instance of Harmony. Users are also automatically logged out of their user session after 30 minutes of inactivity by default. Given Harmony is open source and may be used freely, if Zenysis is not supporting the Harmony implementation/utilization, we expect organizations to also establish their own data and privacy risk mitigation efforts, beyond what is already offered in the software, in accordance with any applicable local laws or best practices."
},
"dataPrivacySecurity": {
"collectsPII": "Yes",
"typesOfDataCollected": [
""
],
"thirdPartyDataSharing": "No",
"dataSharingCircumstances": [
""
],
"ensurePrivacySecurity": "Yes",
"privacySecurityDescription": "All communication between users of the Harmony platform and the server is encrypted with TLS. Harmony servers should support TLS 1.3, the use of Perfect Forward Secrecy (PFS) and Elliptic Curve Cryptography ensures that no Protected Data will leave servers in an unencrypted state, and protected Data stored on configured servers is encrypted with Advanced Encryption Standard 128 (AES-128)"
},
"inappropriateIllegalContent": {
"collectStoreDistribute": "No",
"type": "",
"contentFilter": "",
"policyGuidelinesDocumentationLink": "",
"illegalContentDetection": "",
"illegalContentDetectionMechanism": ""
},
"protectionFromHarassment": {
"userInteraction": "Yes",
"addressSafetySecurityUnderageUsers": "Yes",
"stepsAddressRiskPreventSafetyUnderageUsers": [
"Currently Harmony contributors and users interact through Zenysis' facilitation. E.g. A country's Information and Communications Technology (ICT) manager may want a new feature in Harmony, which is discussed and supported through Zenysis' engineering and product teams. Thus, at this time, any user that interacts with a contributor is known to Zenysis and does not include underage users. Furthermore, as noted above, access to data at the indicator level, dashboards, analyses, and other functionality can be delegated on a per-user basis. Harmony administrators are responsible for determining the appropriate levels of access each user shall have. Thus, access is established by administrators who target only professional users and also would be responsible for flagging, addressing, and taking any action necessary to project users. Users also have the ability to connect with Zenysis staff through various channels (in-platform, email, in-person, phone etc) in country or globally, if the user finds any issues utilizing our software or when dealing with contributors or when building the software. In the future, Zenysis will plan to have a Harmony Community of Practice, which will include age limits for participation and community guidelines that provide a code of conduct and governance for the community. The Zenysis team will create both automated and non-automated processes to flag inappropriate behavior, risk, harassment or any other deleterious actions or posts by users or contributors. "
],
"griefAbuseHarassmentProtection": "Yes",
"harassmentProtectionSteps": [
"Currently Harmony contributors and users interact through Zenysis' facilitation. E.g. A country's Information and Communications Technology (ICT) manager may want a new feature in Harmony, which is discussed and supported through Zenysis’ engineering and product teams. Thus, at this time, any user that interacts with a contributor is known to Zenysis and does not include underage users. Furthermore, as noted above, access to data at the indicator level, dashboards, analyses, and other functionality can be delegated on a per-user basis. Harmony administrators are responsible for determining the appropriate levels of access each user shall have. Thus, access is established by administrators who target only professional users and also would be responsible for flagging, addressing, and taking any action necessary to project users. Users also have the ability to connect with Zenysis staff through various channels (in-platform, email, in-person, phone etc) in country or globally, if the user finds any issues utilizing our software or when dealing with contributors or when building the software. In the future, Zenysis will plan to have a Harmony Community of Practice, which will include age limits for participation and community guidelines that provide a code of conduct and governance for the community. The Zenysis team will create both automated and non-automated processes to flag inappropriate behavior, risk, harassment or any other deleterious actions or posts by users or contributors. "
]
}
},
"locations": {
"developmentCountries": [
"United States of America",
"Uganda",
"Ethiopia",
"United Kingdom",
"Rwanda",
"South Africa",
"France"
],
"deploymentCountries": [
"Ethiopia",
"Benin",
"Rwanda",
"Zambia",
"Mozambique",
"Pakistan",
"Brazil",
"South Africa"
]
}
}