Solution assessment template

From Appiaplus
Jump to navigation Jump to search

Type of solution

...

Examples

  • ...

Main Characteristics

  • ...

Outcome Coverage

Informing Citizens Transmission Tracing Supporting healthcare provisioning Informing Policy Making and monitoring effectiveness Optimising resource allocation Organising Quarantining Enabling Research
Yes/No/Maybe Yes/No/Maybe Yes/No/Maybe Yes/No/Maybe Yes/No/Maybe Yes/No/Maybe Yes/No/Maybe

Requirements coverage - effectiveness

Effectiveness Factor Assessment
Accuracy of information
Speed of the process
Adaptability of the solution

Insights in transmission routes

  • Person-to-person, environmental
  • Presymptomatic
  • Asymptomatic
Support of isolation and quarantining
Targeted measures

Efficient use of resources

  • Triage
  • Testing
  • Contact tracers
Interoperability
Acceptable side-effects
Adoption and population coverage
Feasibility and elapsed time (Experience, Initial TTM, Scaling)
Technical dependability of the solution
Evidence

Requirements coverage - Privacy and Security

Privacy Factor Assessment

Minimal Requirements

  • GDPR compliance

Augmented Requirements

  • Adhere to the joint civil society statement: “States use of digital surveillance technologies to fight pandemic must respect human rights” (see Joint Civil Society Statement)
  • Solution is temporary
  • Purposes are limited to responding to the pandemic and phasing out the restrictive measures
  • Principle of least privilege
  • The way back to normality is known
  • Full Transparency (code, data, algorithms)
  • Granular user consent, regardless of the legal base
  • No mandatory use by citizens
  • No access to data except for public health authorities, subject to consent
  • Strictly limited retention period
  • No support for law and policy enforcement
  • No commercial exploitation

Zero-Trust model specific requirements

  • No trust must be expected from any party besides the developer
  • The solution must only transfer and centralise truly anonymous data
  • The anonymous nature of the data must be transparent and under scrutiny
  • The remaining surface attack must be secured
  • Transparency and scrutiny on the security measures

Trust-based specific requirements

  • Proper governance and oversight on the Trusted Party to strictly limit the processing to the stated purpose
  • Vetting of the personnel having access to the data
  • Applying the Principle of Least Privilege among the personnel of the data processor
  • Code of conduct for the personnel, actively enforced
  • Strict application of encryption in transit and at rest until the latest possible moment before processing
  • Reducing the attack surface to a minimum and securing it
  • Systematically distrusting any party not under direct control of the Trusted Party (like infrastructure providers)
  • Transparency and scrutiny on the security measures
  • Pseudonymisation without storage of re-personalisation data
  • Shortest possible retention period, preferably rolling
  • Applying data minimisation, limit the data centralised

Trade-off Analysis

(rows: decisions / columns: quality attributes)

(+ and - only indicate the fact that the decision has a positive or negative impact on the requirement. It does not qualify the level of support for the requirement, neither if it is good enough.)

requirement requirement requirement requirement ...
decision
decision
...
...
...

Trade-off Analysis

...

Discussion and open topics

Discussion, including ethical considerations

  • ...

Open Topics

  • ...