Methodology
In the context of the Digital Square Notice G0 , Global Good projects had to do a self-assessment of their matruity as a Global Good in order to be included in the Global Good Guidebook, which is maintained by Digital Square. The openIMIS Initiative filled a self assessment questionnaire on openIMIS maturity on 2022-09-12 (
| View file | ||
|---|---|---|
|
Result Summary
The initial evaluations of the security expert were done based on publicly available documents of the projects on their security measures.
Round 1: Although openIMIS had done extensive security tests and reviews, the project had decided to document these in a protected space in order not to expose potential loop holes of live systems in countries. As a result, the first evaluation rated openIMIS as failed.
Round 2: After being pointed to the relevant documents by the Digital Square key account manager for openIMIS, a new evaluation was done by the security expert. The new results attributed openIMIS a score of almost 100% fulfilment of the Digital Square standards, which was the best result of all the products in the catalogue.
openIMIS passed the assessment. As a result, openIMIS continues to be included into the Digital Square Global Good Guidebook, which is a compendium of Digital Square-approved software tools and technologies in the health sector: https://digitalsquare.org/resourcesrepository/2023/5/25/global-goods-guidebook-version-40
Remediation
A wiki page was created to provide a landing page on the openIMIS security strategy as part of the openIMIS roadmap. It links to the relevant resources and test results: Theme: Security .
As a next step it was agreed that openIMIS will analyse the software life-cycle aiming at a Secure Development Lifecycle.
Report
| View file | ||
|---|---|---|
|
|