forked from DPGAlliance/publicgoods-candidates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
opencrvs.json
102 lines (102 loc) · 13.3 KB
/
opencrvs.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
{
"name": "OpenCRVS",
"clearOwnership": {
"isOwnershipExplicit": "Yes",
"copyrightURL": "Copyright (C) Plan International Inc, Plan International Australia, Jembi Health Systems NPC and Vital Strategies Inc. https://github.com/opencrvs/opencrvs-core/blob/master/README.md"
},
"platformIndependence": {
"mandatoryDepsCreateMoreRestrictions": "No",
"isSoftwarePltIndependent": "",
"pltIndependenceDesc": ""
},
"documentation": {
"isDocumentationAvailable": "Yes",
"documentationURL": [
"Functional: https://documentation.opencrvs.org/opencrvs-core/docs/system_overview/introduction",
"Technical: https://documentation.opencrvs.org/opencrvs-core/docs/technology/technologyIntroduction"
]
},
"NonPII": {
"collectsNonPII": "Yes",
"checkNonPIIAccessMechanism": "Yes",
"nonPIIAccessMechanism": "Non personally identifiable information can be extracted from OpenCRVS through a non-proprietary export of performance management reports (in csv format). This will include non-PII data such as the number of applications received, number of certificates issued, configurable by date and vital event, and disaggregated by gender. Regarding import, OpenCRVS enables the upload of country reference data such as the full administrative structure including statistical IDs, population sizes, crude birth/death rates by location, health facilities, civil registration offices, all in a non-proprietary format. "
},
"privacy": {
"isPrivacyCompliant": "Yes",
"privacyComplianceList": [
"Bangladesh: Birth and Death Registration Act, 2004",
"Bangladesh: Birth and Death Registration Rule, 2006."
],
"adherenceSteps": [
"OpenCRVS is configurable to ensure that it remains within the privacy, international and domestic laws laws of the jurisdiction in which it is implemented. A number of product features facilitate data protection and confidentiality: \n- access to the system follows a strict role-based permission model to ensure that personally identifiable data is only accessible to those that need it for genuine business purposes (e.g. validating a birth registration application). \n- data subjects are required to give their consent before the collection of personal data (e.g. during the birth registration application). \n- data subjects have the right to rectify data related to them, if it is inaccurate or incomplete (e.g. through the correct record function). For example, the Bangladesh pilot implementation of OpenCRVS is configured to comply with the applicable legislation for civil registration e.g. Birth and Death Registration Act, 2004 and Birth and Death Registration Rule, 2006."
]
},
"standards": {
"supportStandards": "Yes",
"standardsList": [
"OpenCRVS has been designed following the WCAG 2.1 AA accessibility standard, with all text, colours, buttons and full keyboard navigation passing tests. Some aspects have not yet been fully tested (e.g. zooming in and out and screen readers).",
"W3C international web standards used: XHTML5.0, CSS, JSON.",
"Security standards used: JSON Web Token, OAuth / OpenID Connect, SSL",
"Interoperability standards used: HL7 / FHIR",
"Cyber-security standards used: CREST (crest-approved.org) and Cyber Essentials (https://www.ncsc.gov.uk/cyberessentials/overview)",
"For more information, see https://documentation.opencrvs.org/opencrvs-core/docs/technology/technologyIntroduction"
],
"evidenceStandardSupport": [
"OpenCRVS has been penetration tested to UK government standards by an independent, CREST and Cyber Essentials certified organisation. Testing report available on request."
],
"implementBestPractices": "Yes",
"bestPracticesList": [
"Principles for Digital Development - https://digitalprinciples.org/",
"Principles on Identification for Sustainable Development - http://documents1.worldbank.org/curated/en/213581486378184357/pdf/Principles-on-identification-for-sustainable-development-toward-the-digital-age.pdf",
"Handbook on Civil Registration and Vital Statistics Systems: Management, Operation and Maintenance - https://unstats.un.org/unsd/demographic-social/Standards-and-Methods/files/Handbooks/crvs/crvs-mgt-E.pdf",
"OpenCRVS design principles - https://documentation.opencrvs.org/opencrvs-core/docs/system_overview/designPrinciples"
]
},
"doNoHarm": {
"preventHarm": {
"stepsToPreventHarm": "Yes",
"additionalInfoMechanismProcessesPolicies": "OpenCRVS has been developed together with the support of a Technical Advisory Group (TAG), comprising a wide variety of international experts in the domain of civil registration and vital statistics, which has the following responsibilities:\n1. Provide strategic advice for the overall direction and positioning of the OpenCRVS product.\n2. Help identify short, medium and long term priorities for OpenCRVS product development.\n3. Share experiences and documentation of CRVS that can be used to inform the development of the product e.g. lessons learnt, requirements, and useful contacts.\n4. Support OpenCRVS research and policy development activities through working group or individual contributions.\n5. Support in the development of the sustainability model for OpenCRVS.\n6. Conduct additional research that will support development of OpenCRVS.\n7. Peer review technical, functional design standards and content to be used for the development of OpenCRVS.\n8. Advise compliance with relevant existing standards, including introductions to other relevant network and standardization bodies.\nMinutes of the TAG meetings can be found here:\nhttps://www.opencrvs.org/about-us\nThe UN guidelines for civil registration and vital statistics systems provide a very comprehensive basis to support governments to build, operate and maintain effective civil registration systems that prevent doing harm. These UN guidelines should be used in conjunction with any OpenCRVS implementation and can be found here: https://www.un.org/development/desa/capacity-development/tools/tool/principles-and-recommendations-for-a-vital-statistics-system-revision-3/\nWe engage with the OpenCRVS community so that vulnerabilities and risks can be continuously monitored. We have hosted webinars with this community to capture feedback from across the civil registration community. See an example call on “OpenCRVS: Product capabilities and technical deployment” here: https://www.youtube.com/watch?v=i7gsr6LiToo \n In order to understand and mitigate the risks (particularly for children) within a digital civil registration system, the project created “Identifying and addressing risks to children in digitised birth registration systems: a step-by-step guide”. (https://www.ohchr.org/Documents/Issues/Children/BirthRegistrationMarginalized/PlanInternationalGeneva_4.pdf) If not anticipated, digital civil registration systems can present a number of child protection threats:\n- Identity theft or fraud\n- Privacy violation\n- Targeting based on personal characteristics\n- Personal security violation or exploitation\n- Exclusion from the benefits of birth registration\nThe risk assessment tool, which forms part of this guide, should be used in collaboration with any OpenCRVS implementation to ensure these and other risks are identified and mitigated against. OpenCRVS has been designed specifically for low resource settings and to overcome the barriers typically seen in countries where birth and death registration is low. See https://documentation.opencrvs.org/opencrvs-core/docs/system_overview/keyFeatures which shows features that facilitate inclusion and aim to mitigate the risk that individuals are disadvantaged because they are not registered in the civil registry."
},
"dataPrivacySecurity": {
"collectsPII": "Yes",
"typesOfDataCollected": [
"As a civil registration system, OpenCRVS is designed to collect PII, as prescribed in the laws and regulations of the jurisdiction where the system is being implemented. The PII collected depends on the vital event being registered but typically the following is collected and processed by OpenCRVS:\n- Full name\n- Home address\n- Personal identification number\n- Telephone number\nAlthough not formally PII, the following data is also collected by OpenCRVS, however when linked with other data it could be used to to identify a specific person:\n- Date of birth\n- Gender "
],
"thirdPartyDataSharing": "Yes",
"dataSharingCircumstances": [
"As a foundational registry, OpenCRVS is designed to share PII with other government systems, as prescribed in the laws and regulations of the jurisdiction where the system is being implemented. Typically this is with foundational ID systems (e.g. National ID) and health systems (e.g. DHIS2). This feature of interoperability is very important as the universal data set of birth and deaths can help ensure government services are inclusive.\nNational ID: OpenCRVS can integrate with any National ID system in order to reliably validate the existence of NID numbers provided during civil registration applications as well as reduce the time spent on the application form itself by pulling data from the NID system and auto-populate form fields.\nUse Cases: OpenCRVS can be integrated with a National ID system in a number of ways, depending on system capabilities. Current use cases include:\n- To validate the existence of a NID number\n- To auto-populate the form with data from the NID field to minimise required effort from registration staff\n- To create a National ID for a new registration when the event occurs.\nHealth: Births and deaths often occur in health facilities and those that occur in the community can be dealt with by health staff at the community level. These actors already use digital health systems to conduct their work and much of the data required for birth/death notifications is already gathered. We know that health staff are busy and need to focus on life-saving activities rather than administrative ones. To address the opportunity that this data has for civil registration, OpenCRVS can integrate with existing health systems via a FHIR mediator (leveraging existing health standards) and can receive data from health systems for follow up within the OpenCRVS system.\nUse Cases: OpenCRVS can integrate with an existing health system via its OpenHIE compliant and FHIR standard interoperability layer, OpenHIM. Current use cases include:\n- To receive birth/death notification information from a health system\n- To allow Registration Agents and Registrars to view this data as an 'in-progress' application and complete it in OpenCRVS\n- To see disaggregated data related to the notifications received from health systems https://documentation.opencrvs.org/opencrvs-core/docs/system_overview/interoperability Interoperability standards were not available at the start of the project, so the OpenCRVS project has taken existing open standards (HL7/FHIR) and extended them for the purposes of integration with civil registration systems. Although not currently a recognised standard, we hope that these extensions become de-facto standards over time as their implementation becomes more widespread."
],
"ensurePrivacySecurity": "Yes",
"privacySecurityDescription": "Our mobile application and microservices are secure, protected by 2-Factor Authentication utilising OAuth JWT best practices. Our privacy policy can be found here: https://www.plan.org.au/privacy-policy/\nIn order to understand and mitigate the risks (particularly for children) within a digital civil registration system, the project created “Identifying and addressing risks to children in digitised birth registration systems: a step-by-step guide”. (https://www.ohchr.org/Documents/Issues/Children/BirthRegistrationMarginalized/PlanInternationalGeneva_4.pdf) If not anticipated, digital civil registration systems can present a number of child protection threats:\n- Identity theft or fraud\n- Privacy violation\n- Targeting based on personal characteristics\n- Personal security violation or exploitation\n- Exclusion from the benefits of birth registration\nThe risk assessment tool, which forms part of this guide, should be used in collaboration with any OpenCRVS implementation to ensure these and other risks are identified and mitigated against. OpenCRVS has been designed specifically for low resource settings and to overcome the barriers typically seen in countries where birth and death registration is low. See https://documentation.opencrvs.org/opencrvs-core/docs/system_overview/keyFeatures which shows features that facilitate inclusion and aim to mitigate the risk that individuals are disadvantaged because they are not registered in the civil registry."
},
"inappropriateIllegalContent": {
"collectStoreDistribute": "No",
"type": "",
"contentFilter": "",
"policyGuidelinesDocumentationLink": "",
"illegalContentDetection": "",
"illegalContentDetectionMechanism": ""
},
"protectionFromHarassment": {
"userInteraction": "No",
"addressSafetySecurityUnderageUsers": "",
"stepsAddressRiskPreventSafetyUnderageUsers": [
""
],
"griefAbuseHarassmentProtection": "",
"harassmentProtectionSteps": [
""
]
}
},
"locations": {
"developmentCountries": [
"United Kingdom",
"South Africa",
"Bangladesh"
],
"deploymentCountries": [
"Bangladesh"
]
}
}