Type of solution
...
Examples
Main Characteristics
Outcome Coverage
| Informing Citizens
|
Transmission Tracing
|
Supporting healthcare provisioning
|
Informing Policy Making and monitoring effectiveness
|
Optimising resource allocation
|
Organising Quarantining
|
Enabling Research
|
| Yes/No/Maybe
|
Yes/No/Maybe
|
Yes/No/Maybe
|
Yes/No/Maybe
|
Yes/No/Maybe
|
Yes/No/Maybe
|
Yes/No/Maybe
|
Requirements coverage - effectiveness
| Effectiveness Factor
|
Assessment
|
| Accuracy of information
|
|
| Speed of the process
|
|
| Adaptability of the solution
|
|
|
Insights in transmission routes
- Person-to-person, environmental
- Presymptomatic
- Asymptomatic
|
|
| Support of isolation and quarantining
|
|
| Targeted measures
|
|
|
Efficient use of resources
- Triage
- Testing
- Contact tracers
|
|
| Interoperability
|
|
| Acceptable side-effects
|
|
| Adoption and population coverage
|
|
| Feasibility and elapsed time (Experience, Initial TTM, Scaling)
|
|
| Technical dependability of the solution
|
|
| Evidence
|
|
Requirements coverage - Privacy and Security
| Privacy Factor
|
Assessment
|
|
Minimal Requirements
|
|
|
Augmented Requirements
- Adhere to the joint civil society statement: “States use of digital surveillance technologies to fight pandemic must respect human rights” (see Joint Civil Society Statement)
- Solution is temporary
- Purposes are limited to responding to the pandemic and phasing out the restrictive measures
- Principle of least privilege
- The way back to normality is known
- Full Transparency (code, data, algorithms)
- Granular user consent, regardless of the legal base
- No mandatory use by citizens
- No access to data except for public health authorities, subject to consent
- Strictly limited retention period
- No support for law and policy enforcement
- No commercial exploitation
|
|
|
Zero-Trust model specific requirements
- No trust must be expected from any party besides the developer
- The solution must only transfer and centralise truly anonymous data
- The anonymous nature of the data must be transparent and under scrutiny
- The remaining surface attack must be secured
- Transparency and scrutiny on the security measures
|
|
|
Trust-based specific requirements
- Proper governance and oversight on the Trusted Party to strictly limit the processing to the stated purpose
- Vetting of the personnel having access to the data
- Applying the Principle of Least Privilege among the personnel of the data processor
- Code of conduct for the personnel, actively enforced
- Strict application of encryption in transit and at rest until the latest possible moment before processing
- Reducing the attack surface to a minimum and securing it
- Systematically distrusting any party not under direct control of the Trusted Party (like infrastructure providers)
- Transparency and scrutiny on the security measures
- Pseudonymisation without storage of re-personalisation data
- Shortest possible retention period, preferably rolling
- Applying data minimisation, limit the data centralised
|
|
Trade-off Analysis
(rows: decisions / columns: quality attributes)
(+ and - only indicate the fact that the decision has a positive or negative impact on the requirement. It does not qualify the level of support for the requirement, neither if it is good enough.)
|
|
requirement
|
requirement
|
requirement
|
requirement
|
...
|
| decision
|
|
|
|
|
|
| decision
|
|
|
|
|
|
| ...
|
|
|
|
|
|
| ...
|
|
|
|
|
|
| ...
|
|
|
|
|
|
Discussion and open topics
Discussion, including ethical considerations
Open Topics
