Data Privacy and Access

v1-6
#1

Who is the ‘data controller’ with respect to the data held in CPIMS+?

Regarding the access of the maintenance company to the super user of Primero, what are the measures set in place today to ensure that there is no misuse of the provided access? Are these measures stipulated in a document that we can have in order to get it signed by the local company once on board?

#2

Each agency controls their own data.

You will need to establish your own service level agreements with local company – we do not know what they can do or are willing to do.

You can read our LTA Guidelines here: https://unicef.sharepoint.com/:b:/r/teams/PD-Primero/Primero/LTA%20Guidelines/Guidelines%20for%20use%20of%20LTASs%20for%20Primero%20Support%20Services_for%20publication.pdf?csf=1&e=ogbzjG

Please see our discussion on audit logs to ensure there is no misuse of the provided access.

#3

I think that is an internal sharepoint link

#4

Yes, it is an internal SharePoint link. We have created a Primero SharePoint site and we can provision access to anyone (internal and external). We have a large document library which we are hosting on the site. Anyone who does not have access to it and would like access can email me directly at jpanchalingam@unicef.org.

#5

Would be good to know what else is on that link. Can you provide a brief summary please? Thanks!

#6

Yes! Our document library includes information on Primero Project Management and Governance, Communications, Design, Security and Legal, Guidance and Learning Resources for the various modules of Primero.