Hi DHIS2 community!
We wanted to share a resource we developed for our OpenFn community: Security Guidebook for Data Integration Implementers. Even though we have 100+ integration projects under our belt, we’re seeking input from other experts out there, especially since we’ve had limited integration experience with DHIS2. If you have any ideas, additions, or feedback (and/or DHIS2-specific considerations) we would love to hear it! Share your thoughts here in the thread, feel free to comment on the slides, or get in touch with me or my colleague @aleksa_krolls !
Thanks for sharing it @ritazagoni , that looks really good! I’m definitely going to get inspiration from it
I’d add that it’s important to have, regardless of laws and regulations, a Data Confidentiality Agreement signed between all parties before setting up an integration: that will help protect the confidentiality of data and set a clear understanding of roles and responsibility.
We at DHIS2 are developing a template based on some real use cases. You can find the template here.
On the design phase, it would be beneficial to perform a (Data) Privacy Impact Assessment (PIA or DPIA) to understand what data is being transferred and what security controls to put in place based on severity of risk.
We are also working on a PIA process guide + template. If you want to have a look and help us out on that, feel free to reach out to firstname.lastname@example.org and I’ll be happy to follow up with you.
Thanks a lot for the feedback and resource @Davide_Barbato ! Great points on the Data Sharing Agreement and PIA. A process guide would be a very useful resource. I’ll get in touch if I’m able to give a hand!