Hi CoP colleagues, I am reaching out from LogicalOuctomes, as a follow up to several discussion threads regarding data protection in DHIS2 and safeguarding mechanisms. Like many community members, we’re looking at our DHIS2 work in the COVID-19 era and seeking to continuing adapting our approach to ensure we provide a high-level of data protection, both in terms of systems and policies, that ensure accountability to our partners and data subjects, and that satisfy GDPR and similar requirements in other contexts.
As such, we had a few questions we wanted to pass along to the COP, with any thoughts and input very much appreciated.
We’d be quite interested to know if any COP members have conducted Data Protection Impact Assessments (DPIAs), whether specifically related to use of DHIS2 in the context of COVID-19 activities, or for other purposes in the last 18 months, that are fully or partially shareable (e.g. results or key findings only).
We would also be interested in any vulnerability scanning or penetration testing reports that, likewise, are fully or partially shareable, for testing that has been completed within the last 18 months.
If anyone has put together a shareable security guide or handbook for DHIS2 implementation, we’d be very interested to review it.
It’s been great to see the data protection topic raised in different threads and during DHIS2 community events, and we look forward to continuing the conversation.