Methodology

In the context of the , Global Good projects had to do a self-assessment of their matruity as a Global Good in order to be included in the Global Good Guidebook, which is maintained by Digital Square. The openIMIS Initiative filled a self assessment questionnaire on openIMIS maturity on 2022-09-12 ( ) which was then evaluated by a peer review committee. At the same time a Digital Square security expert did a back ground check on the projects' security management framework. The results were discussed after the evaluation.

Result Summary

The initial evaluations of the security expert were done based on publicly available documents of the projects on their security measures.

• Round 1: Although openIMIS had done extensive security tests and reviews, the project had decided to document these in a protected space in order not to expose potential loop holes of live systems in countries. As a result, the first evaluation rated openIMIS as failed.

• Round 2: After being pointed to the relevant documents by the Digital Square key account manager for openIMIS, a new evaluation was done by the security expert. The new results attributed openIMIS a score of almost 100% fulfilment of the Digital Square standards, which was the best result of all the products in the catalogue.

openIMIS passed the assessment. As a result, openIMIS continues to be included into the Digital Square Global Good Guidebook, which is a compendium of Digital Square-approved software tools and technologies in the health sector:

Remediation

• A wiki page was created to provide a landing page on the openIMIS security strategy as part of the openIMIS roadmap. It links to the relevant resources and test results: .

• As a next step it was agreed that openIMIS will analyse the software life-cycle aiming at a Secure Development Lifecycle.

Report