description | cover | coverY | layout | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
A space for sharing a broader approach to auditing the security, privacy, and sustainability of ICT4D technology |
.gitbook/assets/UN0803447-Naftalin.jpg |
-56 |
|
This collection of documents represents a set of perspectives, experiences, and guidelines on engaging with technology within the Information and Communications Technology for Development (ICT4D) space. In particular, the work focuses on the benefits and impacts of adopting free and open-source software that is secure and privacy-focused.
This approach will be discussed through the four lenses of People, Process, Technology and Partners.
{% embed url="https://www.youtube.com/watch?v=MBhL1YsrZfQ" %}
This work grew out of the UNICEF Digital Center of Excellent (DCoE) team's focus on evaluation Electronic Civil Registration and Vital Statistic (eCRVS) solutions. To do this, a holistic audit process was designed and implemented. The wide-ranging, multi-staged approach includes an initial assessment based on published documentation and resources, meetings and interviews with program staff, an application architecture review, a source code security audit, a DevSecOps deployment analysis, vulnerability scanning and penetration testing. Four audit evaluations were completed, and the lessons learned from that work, have been extracted and integrated here into this guide.
While there are some more thoughts on Who We Aim To Help, in summary this guide has been created to assist anyone in the ICT4D space who as encountered the question "Has it been audited?", and wondered if that was a financial question or a technology question. Whether you are a procurement specialist, a regional specialist, a technologists for development, or in a program or sales role, this guide has something for you. If you are in charge the audit, or just trying to understand what kind of questions to ask about during an evaluation, this guide has something for you. If you are a vendor, a platform developer, an entrepreneur, an open-source developer, this guide has something for you.
It takes many people, process, technology and partners to be successful in ICT4D!