Merge branch 'master' into kiva-protocol-2nhqrmzwm0q

.github/workflows/main.yml

@@ -41,26 +41,27 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUBTOKEN}}
         run: ./scripts/push.bash
 
-  open_pr:
-    needs: build
-    runs-on: ubuntu-latest
-    if: |
-      github.ref == 'refs/heads/master' &&
-      !contains(format('{0} {1} {2}', github.event.head_commit.message, github.event.pull_request.title, github.event.pull_request.body), '[skip pr]') &&
-      !contains(format('{0} {1} {2}', github.event.head_commit.message, github.event.pull_request.title, github.event.pull_request.body), '[pr skip]')
-
-    steps:
-      - uses: actions/checkout@v2
-      - id: file_changes
-        uses: trilom/file-changes-action@v1.2.3
-      - name: Install dependencies
-        run:
-          npm install
-      - name: open PR
-        env:
-          GITHUBTOKEN: ${{ secrets.GITHUBTOKEN }}
-        run:
-          node scripts/open_pr.js
+  # As of May 2021, this integration is disabled. Leaving it commented it out for reference.
+  # open_pr:
+  #   needs: build
+  #   runs-on: ubuntu-latest
+  #   if: |
+  #     github.ref == 'refs/heads/master' &&
+  #     !contains(format('{0} {1} {2}', github.event.head_commit.message, github.event.pull_request.title, github.event.pull_request.body), '[skip pr]') &&
+  #     !contains(format('{0} {1} {2}', github.event.head_commit.message, github.event.pull_request.title, github.event.pull_request.body), '[pr skip]')
+  #
+  #   steps:
+  #     - uses: actions/checkout@v2
+  #     - id: file_changes
+  #       uses: trilom/file-changes-action@v1.2.3
+  #     - name: Install dependencies
+  #       run:
+  #         npm install
+  #     - name: open PR
+  #       env:
+  #         GITHUBTOKEN: ${{ secrets.GITHUBTOKEN }}
+  #       run:
+  #         node scripts/open_pr.js
 
   api:
     needs: build

digitalpublicgoods/commcare-android.json

@@ -0,0 +1 @@
+commcare.json

digitalpublicgoods/commcare-cloud.json

@@ -0,0 +1 @@
+commcare.json

digitalpublicgoods/commcare.json

@@ -0,0 +1,180 @@
+{
+  "name": "CommCare",
+  "clearOwnership": {
+    "isOwnershipExplicit": "Yes",
+    "copyrightURL": "CommCare is an ecosystem of open source components, fronted by CommCareHQ (Web) and CommCare Mobile. CommCare Web is sourced under the open source BSD license while CommCare Mobile is sourced under the Apache License. Everything we produce has clearly defined, both, functional: https://confluence.dimagi.com/display/commcarepublic/Home \n technical: https://github.com/dimagi/"
+  },
+  "platformIndependence": {
+    "mandatoryDepsCreateMoreRestrictions": "No",
+    "isSoftwarePltIndependent": "",
+    "pltIndependenceDesc": ""
+  },
+  "documentation": {
+    "isDocumentationAvailable": "Yes",
+    "documentationURL": [
+      "Source code: https://github.com/dimagi/commcare-hq",
+      "Use cases: https://www.dimagi.com/sectors/",
+      "Functional: https://commcare-hq.readthedocs.io/"
+    ]
+  },
+  "NonPII": {
+    "collectsNonPII": "Yes",
+    "checkNonPIIAccessMechanism": "Yes",
+    "nonPIIAccessMechanism": "Data from CommCare can exported in using several data tools available as a part of the CommCare ecosystem. https://confluence.dimagi.com/display/commcarepublic/The+CommCare+Ecosystem"
+  },
+  "privacy": {
+    "isPrivacyCompliant": "Yes",
+    "privacyComplianceList": [
+      "GDPR",
+      "HIPPA"
+    ],
+    "adherenceSteps": [
+      "1. Terms of Service: https://www.dimagi.com/terms/latest/tos/",
+      "2. Privacy Policy: https://www.dimagi.com/terms/latest/privacy/",
+      "3. Business Agreement: https://www.dimagi.com/terms/latest/ba/",
+      "4. Acceptable Use Policy: https://www.dimagi.com/terms/latest/aup/"
+    ]
+  },
+  "standards": {
+    "supportStandards": "Yes",
+    "standardsList": [
+      "The CommCare application is built on OpenRosa standard tools and protocols, and leverages many different open-source technologies. ",
+      "Protocols are represented using XForms, a W3C backed standard approach to more advanced forms that support nested and repeatable elements, decision support, advanced validation, and extensive user interface controls."
+    ],
+    "evidenceStandardSupport": [
+      ""
+    ],
+    "implementBestPractices": "Yes",
+    "bestPracticesList": [
+      "Our design and style guide has the goal to ensure that our experiences meet the standards for accessibility required by WCAG AA, Section 508 and European Standards. Link: https://www.commcarehq.org/styleguide/atoms/"
+    ]
+  },
+  "doNoHarm": {
+    "preventHarm": {
+      "stepsToPreventHarm": "Yes",
+      "additionalInfoMechanismProcessesPolicies": "https://www.dimagi.com/blog/mobile-data-collection-nhs-guidelines/, \nhttps://www.dimagi.com/terms/latest/privacy/"
+    },
+    "dataPrivacySecurity": {
+      "collectsPII": "Yes",
+      "typesOfDataCollected": [
+        "CommCare allows for flexible data collection and thus partners can dictate the data they store. In the context of routine immunization demographic and health data will be collected and stored"
+      ],
+      "thirdPartyDataSharing": "No",
+      "dataSharingCircumstances": [
+        ""
+      ],
+      "ensurePrivacySecurity": "Yes",
+      "privacySecurityDescription": "https://confluence.dimagi.com/display/commcarepublic/CommCare+Technical+Overview?preview=%2F12223445%2F56885462%2FData+Security+Overview.pdf"
+    },
+    "inappropriateIllegalContent": {
+      "collectStoreDistribute": "No",
+      "type": "",
+      "contentFilter": "",
+      "policyGuidelinesDocumentationLink": "",
+      "illegalContentDetection": "",
+      "illegalContentDetectionMechanism": ""
+    },
+    "protectionFromHarassment": {
+      "userInteraction": "Yes",
+      "addressSafetySecurityUnderageUsers": "Yes",
+      "stepsAddressRiskPreventSafetyUnderageUsers": [
+        "CommCare doesn't have any technical measures to address the safety and security of underage users. We require the organizations who use CommCare to comply with applicable laws about minimum age requirements of end users."
+      ],
+      "griefAbuseHarassmentProtection": "No",
+      "harassmentProtectionSteps": [
+        ""
+      ]
+    }
+  },
+  "locations": {
+    "developmentCountries": [
+      "USA",
+      "India",
+      "South Africa"
+    ],
+    "deploymentCountries": [
+      "Afghanistan",
+      "Algeria",
+      "Angola",
+      "Bangladesh",
+      "Burkina Faso",
+      "Belize",
+      "Guatemala",
+      "Honduras",
+      "Benin",
+      "Bolivia",
+      "Botswana",
+      "Bravil",
+      "Haita",
+      "India",
+      "Chad",
+      "Niger",
+      "Kenya",
+      "Malawi",
+      "Peru",
+      "Thailand",
+      "Uganda",
+      "South Africa",
+      "Zimbwabwe",
+      "Mali",
+      "Burundi",
+      "Ivory Coast",
+      "Chile",
+      "Cambodia",
+      "Costa Rica",
+      "Indonesia",
+      "Nicaragua",
+      "Zambia",
+      "Cameroon",
+      "Canada",
+      "Colombia",
+      "Guinea",
+      "El Salvador",
+      "Ethiopia",
+      "Rwanda",
+      "Ghana",
+      "Greece",
+      "Grenada",
+      "Senegal",
+      "United States of America",
+      "Iraq",
+      "Jordan",
+      "Korea",
+      "Laos",
+      "Lebanon",
+      "Lesotho",
+      "Liberia",
+      "Madagascar",
+      "Malaysia",
+      "Mauritius",
+      "Mexico",
+      "Mozambique",
+      "Myanmar",
+      "Namibia",
+      "Nepal",
+      "Nigeria",
+      "Pakistan",
+      "Papua New Guinea",
+      "Philippines",
+      "Sierra Leone",
+      "South Sudan",
+      "Spain",
+      "Sri Lanka",
+      "Sudan",
+      "Syrian Arab Republic",
+      "Tanzania",
+      "Togo",
+      "Turkey",
+      "United Kingdom of Great Britain And Northern Ireland",
+      "Vanuata",
+      "Vietnam",
+      "Ukraine",
+      "Guinea-Bissau",
+      "Lebanon",
+      "Gambia",
+      "Venezuela",
+      "Bosnia",
+      "Malta"
+    ]
+  }
+}

digitalpublicgoods/divoc.json

@@ -0,0 +1,95 @@
+{
+  "name": "DIVOC",
+  "clearOwnership": {
+    "isOwnershipExplicit": "Yes",
+    "copyrightURL": "https://github.com/egovernments/DIVOC/blob/main/LICENSE"
+  },
+  "platformIndependence": {
+    "mandatoryDepsCreateMoreRestrictions": "No",
+    "isSoftwarePltIndependent": "",
+    "pltIndependenceDesc": ""
+  },
+  "documentation": {
+    "isDocumentationAvailable": "Yes",
+    "documentationURL": [
+      "https://divoc.egov.org.in/tech-docs",
+      "https://github.com/egovernments/DIVOC",
+      "https://github.com/egovernments/DIVOC/discussions"
+    ]
+  },
+  "NonPII": {
+    "collectsNonPII": "Yes",
+    "checkNonPIIAccessMechanism": "Yes",
+    "nonPIIAccessMechanism": "A masked format can be provided including the usage details and general stats about treatment "
+  },
+  "privacy": {
+    "isPrivacyCompliant": "Yes",
+    "privacyComplianceList": [
+      "GDPR & HIPAA for personalised medicines",
+      "21 CFR part 11"
+    ],
+    "adherenceSteps": [
+      "https://www.farmatrust.com/copy-of-privacy-policy"
+    ]
+  },
+  "standards": {
+    "supportStandards": "Yes",
+    "standardsList": [
+      "GS1",
+      "GTIN",
+      "EPCIS",
+      "ISO/IEC 12207"
+    ],
+    "evidenceStandardSupport": [
+      "System architecture designs and white-paper.The link https://divoc.egov.org.in/tech-docs has our Implementation and end-user guides, API documentation, Deployment instructions, Setup configuration. Additionally, the link https://divoc.egov.org.in/understand-divoc#divoc-presentations-1 also has a country-adoption guide, for implementation instructions for adopters (e.g. country authorities)."
+    ],
+    "implementBestPractices": "Yes",
+    "bestPracticesList": [
+      "We comply with and the EUs Falsified Medicines Directive (FMD) and the USAs Drug Supply Chain Security Act (DSCSA) to track serialised packs of medicines"
+    ]
+  },
+  "doNoHarm": {
+    "preventHarm": {
+      "stepsToPreventHarm": "Yes",
+      "additionalInfoMechanismProcessesPolicies": "All CfA’s media partners, who are the primary platform for the public to access the tools, are governed by their local press/media ombuds oversight mechanisms. This allows for users to lodge complaints that are independently adjudicated and ruled on. There have been no transgressions since the project launched in 2013."
+    },
+    "dataPrivacySecurity": {
+      "collectsPII": "No",
+      "typesOfDataCollected": [
+        ""
+      ],
+      "thirdPartyDataSharing": "No",
+      "dataSharingCircumstances": [
+        ""
+      ],
+      "ensurePrivacySecurity": "Yes",
+      "privacySecurityDescription": "DIVOC is meant for last-mile vaccination administration and credentialing (with the architecture based on data minimalism, well-designed privacy & security).  But as highlighted in earlier responses, these measures need to be addressed in the individual privacy policies adopted by the various implementers. The tools are embedded in partner media websites, which are governed by privacy policies and terms of service that comply with local media freedom laws."
+    },
+    "inappropriateIllegalContent": {
+      "collectStoreDistribute": "No",
+      "type": "",
+      "contentFilter": "",
+      "policyGuidelinesDocumentationLink": "",
+      "illegalContentDetection": "",
+      "illegalContentDetectionMechanism": ""
+    },
+    "protectionFromHarassment": {
+      "userInteraction": "No",
+      "addressSafetySecurityUnderageUsers": "",
+      "stepsAddressRiskPreventSafetyUnderageUsers": [],
+      "griefAbuseHarassmentProtection": "",
+      "harassmentProtectionSteps": [
+        ""
+      ]
+    }
+  },
+  "locations": {
+    "developmentCountries": [
+      "India"
+    ],
+    "deploymentCountries": [
+      "India",
+      "Sri Lanka"
+    ]
+  }
+}