Self Hosting Primero v2 - Programme Guidance

For those of you who are interested in self hosting Primero v2, in addition to the guidance we have shared on Self-hosting background and set up and Installation Guidance, there are programmatic considerations that must be taken into account. The self hosting model for Primero is an implementation model we call “Tier 4”. This model has 2 sites, one “demo” and one “production”. We use the demo CPIMS+ to manage configurations (forms, roles, reports), to receive updates and security patches, and to test and train. Demo has no real data on it. In the Tier 4 model, the demo site lives on UNICEF’s Microsoft Azure servers. For the production site, we use the server that in the partner selected data center managed by a capable technical team who can support the infrastructure set up and maintenance. All the real data is stored on this server. This implies a higher level of accountability and management for the in-country team.
In this model, it should be clear that the Primero Team cannot be responsible for managing or supporting any of the following and partners are responsible for:

  • #1 All infrastructure including setting up servers, hosting, setting up monitoring and security measures, security certificates, data durability/data storage, backups, DNS, and configuration of the demo and production instance
  • #2 Owning, protecting and securing the data
  • #3 Disaster recovery protocols and data breach protocols
  • #4 Clear process in place for configuration promotion from “demo” to “production” to receive the most up-to-date releases (which include updates and security patches)
  • #5 Primero v2 is a progressive web application (PWA) and we have an identity provider that helps us securely authenticate and manage users. If a mobile device management solution is requested for mobile devices, this must be procured and maintained.

The set-up of local infrastructure demands ongoing technical support and budgets. Therefore, you must select a technical partner which has demonstrated a very good capacity, strong technical infrastructure skills and understanding of the work for the project sustainability.

Primero will be handling highly sensitive, personal data, it is crucial that a Terms of Use is signed by the Deputy Representative (if UNICEF is involved) or Minister or Head of Country Operations for this implementation. An Information Sharing Protocol and Data Breach Protocol is required for an implementation which is a case management tool, and is part of the Information Management standards for case management. This ensures you have a clear risk mitigation strategies in place, as well as governance and accountability for decisions that impact child safeguarding, data protection and cyber security. There must be considerations made for the on-going sustainability of the system which includes accounting for on-going costs and resourcing.

1 Like