Skip to content

Guidance that provides a methodology for ICT4D practitioners to assess software from the security an privacy point of view.

License

Notifications You must be signed in to change notification settings

unicef/holistic-assessments-for-ict4d

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

description cover coverY
A space for sharing a broader approach to assessing the security, privacy, and sustainability of ICT4D technology.
.gitbook/assets/UN0803447-Naftalin.jpg
-56

Introduction to the Project

In 2021, approximately 987 million people worldwide lacked official proof of identity, and as many as 1 in 4 children under the age of 5 were not registered at birth. The absence of identification documents systematically excludes these individuals from accessing their fundamental rights and fulfilling their obligations within their countries.

Although this project doesn't change the statistic, it focuses on the mindset and holistic approach for technical assessments necessary when considering a new partner for a digital transformation initiative under UNICEF. Our role as independent vendors, was to develop a holistic approach to assessments which can be utilized, replicated and iterated upon by other sectors engaging in a digital transformation initiative.

Background on the work

This work originated from UNICEF's focus on reviewing Electronic Civil Registration and Vital Statistic (eCRVS) solutions. These assessments are vital for evaluating the impact and effectiveness of eCRVS implementations. UNICEF aims to systematically scale up these reviews to ensure they are comprehensive and applicable across various sectors, including WASH (Water, Sanitation, and Hygiene), nutrition, and health. By doing so, UNICEF seeks to establish a robust framework for assessing the value and functionality of eCRVS systems in diverse contexts.

Furthermore, UNICEF emphasizes the need for the results of these assessments to be openly available to the ICT4D (Information and Communication Technology for Development) community. This openness will facilitate knowledge sharing and collaboration, helping to drive innovation and improvement in eCRVS and related systems. Making assessment findings accessible ensures that best practices and lessons learned can be disseminated widely, benefitting a broad range of development initiatives and enhancing the overall impact of eCRVS systems in improving public service delivery and governance.

Advocating For & Supporting Children Through Open Technology

UNICEF is mandated by the United Nations General Assembly to advocate for the protection of children's rights, meet their basic needs, and expand their opportunities to reach their full potential. Operating in 190 countries and territories, UNICEF is dedicated to reaching the world's most disadvantaged children, working tirelessly to save the lives of children and their mothers while generating evidence to support this mission. Central to this effort is ensuring that every child is recognized legally, with birth registration being a fundamental right enshrined in both the Universal Declaration on Human Rights and the Convention on the Rights of the Child.

"Birth registration not only establishes a child’s legal identity but also ensures access to essential services such as child protection, healthcare, and education, which are critical for securing their fundamental rights."

Efficient civil registration, encompassing births, deaths, marriages, and divorces, provides accurate and complete data essential for national planning and resource allocation. The Sustainable Development Goals (SDGs), particularly Goal 16.9, emphasize the importance of providing legal identity for all by 2030. The United Nations Legal Identity Agenda 2020-2030 supports this goal, advocating for sustainable civil registration, vital statistics, and identity management systems.

"To have fully configurable, standards-based, inter-operable and widely supported digital CRVS public goods to assure long-term cost savings for governments, partners, and UNICEF- supported digital CRVS deployments."

UNICEF, along with other agencies, has been instrumental in advancing the digitization of CRVS systems, aiming for comprehensive and interoperable digital public goods. This initiative, divided into two phases, involved a global landscape analysis and a technical quality assessment to ensure effective and secure implementation. The ultimate goal is to achieve 100% registration of CRVS events, facilitating legal identity documentation and the use of vital statistics for effective planning and international reporting.

\

Two Phase Assessment Process

• Phase 1 - Global Landscape Analysis

As outcome of phase 1, a comparative analysis has been made of the different solutions available on the market. Among them, a recommended solution has been identified as well as a set of common and country specific CRVS requirements. \


• Phase 2 – Technical quality assessment of the recommended solutions

During phase 1, a deep comparative functional and maturity analysis of the different solutions has been performed, however, only a superficial technical assessment from the software engineering and cyber security best practices has been done. In phase 2, the goal is to close this knowledge gap for the recommended solutions, and therefore, to minimize the organizational risk under implementation.

• Phase 2 – Sharing best practices built on technical quality assessments In addition, with the goal of being able to replicate and scale up this technical assessment, this phase also entails the definition some practical and actionable technical documents based on the existing best practices for the UNICEF's product lifecycle management that will help the organization to perform this analysis in a systematic way.

The documentation you find on this site is the result of Phase 2 work - the creation of A Holistic Approach to Assessments.

Designing Holistic Approach to Assessments

Our goal was to design a holistic approach to assessments which we outlined and implemented. The wide-ranging, multi-staged approach includes an initial assessment based on published documentation and resources, meetings and interviews with program staff, an application architecture review, a source code security audit, a DevSecOps deployment analysis, vulnerability scanning and penetration testing. Four technical assessments were completed, and the lessons learned from that work, have been extracted and integrated here into this guide. This approach will be discussed through the four lenses of People, Process, Technology and Partners.

It takes many people, process, technology and partners to be successful in ICT4D!