Health
PlatformDomainAcademyDesign SystemFeedback
v1.5
v1.5
  • 👋Introducing Health
    • Release Notes
      • HCM v1.5 Release Notes
        • Migration from v1.4 to v1.5
        • Service Build Updates
        • Release Checklist
      • HCM v1.4 Release Notes
        • Migration from v1.3 to v1.4
        • Service Build Updates
        • Release Checklist
      • v1.3 Release Notes
      • v1.3 Tech Release Summary
        • Master Data Management Service (MDMS) & Configuration Updates
        • Test Cases
        • Service Build Updates
      • v1.2 Release Notes
      • v1.0 Release Notes
  • Product Roadmap
  • 💙HEALTH CAMPAIGN MANAGEMENT
    • Understanding Health Campaign Management (HCM)
    • Value Proposition
  • 🎯HCM PRODUCT SUITE
    • Functional Specifications
      • Campaign Type Setup
      • Campaign Setup
      • Inventory
      • Boundary Hierarchy
      • Beneficiary
      • Boundary Data Specs
      • Draft System User Setup
      • Role Action Mapping
    • Building Blocks & Services
    • Health Products
      • DIGIT HCM App
        • User Manual
          • Single Round Campaigns
            • Registration & Delivery
              • Registration & Delivery: IRS
                • Product Requirement Document
          • Multi-Round Campaigns
            • Registration & Delivery
            • Download Beneficiary Data
          • Common Functions
            • User Management
            • 2D Voucher Scanning
            • Proximity-Based Search
            • Voucher-Based Registration and Distribution
            • Tracking Beneficiary Referrals
            • Tracking Side-Effects for Beneficiaries
            • Tracking Adverse Events
            • Health Facility Referral
            • Raising Complaints
            • Resolving Complaints
            • Inventory Management
              • User Manual
                • Stock Management
                • Stock Reconciliation
                • View Reports
                • Bale Scanning
            • Attendance Management
          • Support Functions
            • Language Selection
            • Login
            • Forgot Password
            • Project Selection
            • Hamburger Menu
            • Help
            • Sync
            • Checklist
      • Campaign Management Dashboard
        • User Manual
        • Configurations
          • MDMS Configurations and s3 assets
          • IRS Dashboard Chart Configurations
        • Kibana Dashboard Integration With DSS Module
          • Auth Proxy Setup and Configuration for Kibana
      • Microplanning
      • HCM Console
  • 🚀REFERENCE IMPLEMENTATIONs
    • Mozambique
      • LLIN Overview
      • Customisation
      • Rollout
  • 🧰TECHNOLOGY
    • Architecture
      • High Level Design
        • Health Campaign System High Level Design
        • Design Decision Log
      • Low Level Design
        • Registries
          • Individual
          • Household
          • Product
          • Facility
          • Attendance
        • Services
          • Project
          • Stock
          • Referral
      • Field App Architecture
        • UI Packages
          • Closed HouseHold package
          • Registration & Delivery Package
          • Referral Reconciliation Package
          • Inventory Management Package
          • Attendance Management Package
          • DIGIT Scanner Package
          • Digit Showcase Package
          • Digit Data Model Package
          • DIGIT DSS Package
    • Standards
    • Security
    • Interoperability
  • 🪝SETUP
    • Planning an HCM Implementation
    • Establish Project & Team
    • Gathering Requirements
    • Installation
      • Install Using GitHub Actions in AWS
      • System Data Setup
      • Project Data Setup
      • Setup Mobile App
      • Setup Kibana Dashboard
        • Create or Edit Existing Dashboards
      • Server Cleanup
    • Configuration
      • Configuring HCM to Campaign and Country Needs
      • Service Configuration
        • Individual Registry
        • Household Registry
        • Product Registry
        • Facility Registry
        • Stock & Inventory
        • Project Services
        • Referral Management
        • Attendance
        • Complaints
          • QA Sign-Off
            • Test Cases
        • User Management
          • QA Sign-Off
      • UI Configuration
        • Stock Management
        • Language Selection
        • Login
        • Forgot Password
        • Project Selection
        • Dashboard Configuration
          • Dashboard UI Enhancements
          • HCM Dashboard Master Promotion Guide
        • Attendance Management
          • Attendance Package Extraction and Interaction with HCM Application
    • Quality Assurance Testing
      • Regression Test cases
  • 🔵COMMUNITY
    • Source Code
    • Committee
      • Digital Product Advisory Committee Charter
      • Idea Management Process
      • Sessions
        • November 2023 Session
        • August 2024 Session
          • Minutes of the Meeting
Powered by GitBook

https://creativecommons.org/licenses/by/4.0/

On this page
  • Overview
  • Global Standards For All
  • Product Owner
  • Implementing Agencies/Programme Owners

Was this helpful?

Export as PDF
  1. TECHNOLOGY

Standards

PreviousDIGIT DSS PackageNextSecurity

Was this helpful?

Overview

Global standards vary from stakeholder natures, functioning, and deliverables. The core agenda of this exercise was to find a few globally certified standards in the DPP space that fit each of these roles:

  • Product owner: A product owner is an entity that owns, governs, or controls the product's codebase. They are responsible for its architecture design, roadmap, and versions.

  • Implementing agencies: An agency that deploys and configures a product for the program owner is an implementing agency (IA).

  • Programme owners: A “programme owner” is an entity responsible for delivering specific public goods, services, or social welfare. A Program owner is usually a government entity.

Global Standards For All

Product Owner

Depending on the nature of the work, the product owner undertakes the as a direction for standardisation.

What is it?

  • The privacy framework comprises three parts: Core, profiles, and implementation tiers.

  • Each component reinforces privacy risk management by connecting business and mission drivers, organisational roles and responsibilities, and privacy protection activities.

  • The core enables a dialogue — from the executive level to the implementation/operations level — about important privacy protection activities and desired outcomes.

  • Profiles enable the prioritisation of the outcomes and activities that best meet organisational privacy values, mission or business needs, and risks.

  • Implementation tiers support decision-making and communication about the sufficiency of organisational processes and resources to manage privacy risk.

The advantages of NIST are:

  • It pushes for privacy engineering functions to be embedded in the design of the software.

  • It promotes transparency as the guidelines are communicated to implementing agencies (IAs) and programme owners.

  • It enhances trust as it encourages proactive privacy measures to be taken from the design stage itself.

  • It streamlines operations by embedding privacy into the functional and design practices, avoiding costly retroactive changes.

Implementing Agencies/Programme Owners

Why ISO 27701?

The upcoming Digital Personal Data Protection Bill will require companies that are eligible to be an IA to undergo steps similar to those in ISO 27701.

The steps/key components of ISO 27701's Privacy Information Management System (PIMS) are:

  • Privacy risk management: ISO 27701 will require an IA to identify and assess privacy risks associated with the processing of Personally Identifiable Information (PII) and implement appropriate controls to mitigate these risks.

  • Privacy policy and procedures: ISO 27701 requires an IA to develop and implement privacy policies and procedures that are aligned with the administering authority’s overall information security policies and procedures.

  • Data subject rights: ISO 27701 requires the IA to establish procedures for handling data subject requests, such as access, rectification, and erasure of personal data. With such a feature embedded, the citizens would be allowed to exercise their right to privacy.

  • Privacy training and awareness: ISO 27701 requires an IA to provide privacy training and awareness programs to employees and other stakeholders to ensure that they understand their roles and responsibilities in protecting PII.

  • Incident management: ISO 27701 requires an IA to establish procedures for managing privacy incidents, including breach notification, investigation, and remediation.

  • Third-party management: ISO 27701 requires an IA to establish procedures for managing third-party relationships that involve the processing of PII, including due diligence, contract management, and monitoring.

  • Assurance: ISO 27701 assures senior members of administrative authorities, and other stakeholders, such as citizens and partners that the organisation is committed to protecting Personally Identifiable Information (PII) and has implemented international best practices for privacy management.

  • Trust: ISO 27701 can help organizations build trust with stakeholders by providing tangible evidence of their commitment to protecting PII.

  • Compliance: ISO 27701 supports compliance with globally recognised data protection and privacy regulations such as GDPR, CCPA, and others.

  • Risk management: ISO 27701 helps the IA identify and mitigate privacy risks, reducing the likelihood of data breaches, reputational damage, and financial losses.

  • Global standard: ISO 27701 is a respected global standard for privacy information management and can be used by agencies of all sizes and from all sectors.

  • Integration: ISO 27701 is an extension of ISO 27001, meaning it can be integrated with an existing Information Security Management System (ISMS) to enhance privacy management and compliance efforts.

In conclusion, by getting certified under ISO 27701, implementing agencies can demonstrate their commitment to protecting PII, build trust with stakeholders, comply with data protection and privacy regulations, and improve their privacy risk management efforts.

An IA’s core responsibility is to deploy the product. Its functions require hands-on functions of customisation, configuration, training, and support. The IA ideally has complete access to the data of citizens. For an IA getting certified under is recommended. This certification requires a certification to ISO 27001 as a first step.

🧰
NIST Privacy Framework
ISO 27701