OpenCRVS

OpenCRVS is an open-source software for civil registration, designed for low resource settings

Website: https://www.opencrvs.org/

Type of Digital Public Good

1. Is it relevant to one of the Sustainable Development Goals?

  • 16. Peace and Justice Strong Institutions

    Evidence: OpenCRVS is a digital public good to help achieve universal civil registration and evidence-based decision making in all country contexts.
    OpenCRVS was created in direct response to:
    SDG Goal/Target 16.9: "By 2030, provide legal identity for all, including birth registration"
    Indicator: Proportion of children under 5 years whose births have been registered with a civil authority, by age
    addition (as of March 2017), 67 of the 230 SDG indicators can be measured effectively by using data derived from well-functioning CRVS systems, in particular for the numerators (births, deaths) and denominators (total population, live births, total deaths). These indicators cover 12 of the SDG 17 goals (Goals 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 16, and 17).

    Link to Evidence: https://documentation.opencrvs.org/opencrvs-core/

  • 17. Partnerships to achieve the Goal

    Evidence: OpenCRVS is a digital public good to help achieve universal civil registration and evidence-based decision making in all country contexts.
    OpenCRVS was created in direct response to:
    SDG Goal/Target 17.18: "By 2020? increase significantly the availability of high-quality, timely and reliable data disaggregated by income, gender, age, race, ethnicity, migratory status, disability, geographic location and other characteristics
    relevant in national contexts"
    Indicator 1: Proportion of sustainable development indicators produced at the national level with full disaggregation when relevant to the target, in accordance
    with the Fundamental Principles of Official Statistics
    SDG Goal/Target 17.19: "By 2030? support statistical capacity building in countries"
    Indicator 2: Proportion of countries that have conducted at least one population and housing census in the last 10 years and have achieved 100 percent birth
    registration and 80 percent death registration.
    In addition (as of March 2017), 67 of the 230 SDG indicators can be measured effectively by using data derived from well-functioning CRVS systems, in particular for the numerators (births, deaths) and denominators (total population, live births, total deaths). These indicators cover 12 of the SDG 17 goals (Goals 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 16, and 17).

    Link to Evidence: https://documentation.opencrvs.org/opencrvs-core/

2. Does it use an appropriate open license?

Yes, this project is licensed under the following license(s):

3. Is ownership clearly defined?

Is the ownership of the project and everything that the project produces clearly defined and documented?

Yes

If yes - please link to the relevant copyright, trademarks, or ownership documentation for the project.

Copyright (C) Plan International Inc, Plan International Australia, Jembi Health Systems NPC and Vital Strategies Inc. https://github.com/opencrvs/opencrvs-core/blob/master/README.md

4. Does the license of libraries/dependencies undermine the openess of the project?

Does this open project have mandatory dependencies (i.e. libraries, hardware) that create more restrictions than the original license?

No

If yes - are the open source components able to demonstrate independence from the closed component(s) and/or are there functional, open alternatives?

Not Applicable

If yes - please describe how the open source components are independent and/or list the open alternatives for the closed component:

Not Applicable

5. Is there documentation?

Does some documentation exist of the source code, use cases, and/or functional requirements. For software projects, this should be present as technical documentation that would allow a technical person unfamiliar with the project to launch and run the software. For data projects, this should be present as documentation that describes all the fields in the set, and provides context on how the data was collected and how it should be interpreted. For content, this should indicate any relevant compatible apps, software, hardware required to access the content and any instructions about how to use it.

Yes

If yes - please link to the relevant documentation:

6. Is non PII data accessible?

Does this project collect or use non-personally identifiable information (non-PII) data?

Yes

If yes - is there a mechanism for extracting or importing non-personally identifiable information (non-PII) from the system in a non-proprietary format?

Yes

If yes - describe the mechanism for extracting or importing non-personally identifiable information from the system in a non-proprietary format:

Non personally identifiable information can be extracted from OpenCRVS through a non-proprietary export of performance management reports (in csv format). This will include non-PII data such as the no. of applications received, no. of certificates issued, configurable by date and vital event, and disaggregated by gender.Regarding import, OpenCRVS enables the upload of country reference data such as the full administrative structure including statistical IDs, population sizes, crude birth/death rates by location, health facilities, civil registration offices, all in a non-proprietary format.

7. Does the project adhere to privacy and other applicable international and domestic laws?

Has this project taken steps to ensure adherence with relevant privacy, domestic, and international laws? For example, the General Data Protection Regulation (GDPR) in the European Union or the Supplementary Act A/SA.1/01/10 on Personal Data Protection for the Economic Community of West African States (ECOWAS) (yes/no)

Yes

If yes, please list some of relevant laws that the project complies with:

  • Bangladesh: Birth and Death Registration Act, 2004
  • Bangladesh: Birth and Death Registration Rule, 2006.

If yes, please describe the steps this project has taken to ensure adherence (include links to terms of service, privacy policy, or other relevant documentation):

  • OpenCRVS is configurable to ensure that it remains within the privacy, international and domestic laws laws of the jurisdiction in which it is implemented. A number of product features facilitate data protection and confidentiality:
    - access to the system follows a strict role-based permission model to ensure that personally identifiable data is only accessible to those that need it for genuine business purposes (e.g. validating a birth registration application).
    - data subjects are required to give their consent before the collection of personal data (e.g. during the birth registration application).
    - data subjects have the right to rectify data related to them, if it is inaccurate or incomplete (e.g. through the correct record function). For example, the Bangladesh pilot implementation of OpenCRVS is configured to comply with the applicable legislation for civil registration e.g. Birth and Death Registration Act, 2004 and Birth and Death Registration Rule, 2006.

8. Does the project adhere to standards and best practices?

Does this project support standards? (i.e. Web Content Accessibility Guidelines (WCAG) 2.1 or other standards such as those listed on W3C)

Yes

Which standards does this project support (please list)

Can you point to evidence of your support? (i.e. please link to your validator, open test suite, etc.)

  • OpenCRVS has been penetration tested to UK government standards by an independent, CREST and Cyber Essentials certified organisation. Testing report available on request.

Was this project built and developed according to or in adherence with any design, technical and/or sector best practices or principles? i.e. the Principles for Digital Development?

Yes

Which principles and best practices does this project support (please list)

9. Does the project do no harm?

Has this project taken steps to anticipate, prevent and do no harm?

On the whole, does this project take steps to ensure that it anticipates, prevents and does no harm?

Yes

Is there any additional information you would like to share about the mechanisms, processes or policies that this project uses to avoid doing harm?

OpenCRVS has been developed together with the support of a Technical Advisory Group (TAG), comprising a wide variety of international experts in the domain of civil registration and vital statistics, which has the following responsibilities:
1. Provide strategic advice for the overall direction and positioning of the OpenCRVS product.
2. Help identify short, medium and long term priorities for OpenCRVS product development.
3. Share experiences and documentation of CRVS that can be used to inform the development of the product e.g. lessons learnt, requirements, and useful contacts.
4. Support OpenCRVS research and policy development activities through working group or individual contributions.
5. Support in the development of the sustainability model for OpenCRVS.
6. Conduct additional research that will support development of OpenCRVS.
7. Peer review technical, functional design standards and content to be used for the development of OpenCRVS.
8. Advise compliance with relevant existing standards, including introductions to other relevant network and standardization bodies.
Minutes of the TAG meetings can be found here:
https://www.opencrvs.org/about-us
The UN guidelines for civil registration and vital statistics systems provide a very comprehensive basis to support governments to build, operate and maintain effective civil registration systems that prevent doing harm. These UN guidelines should be used in conjunction with any OpenCRVS implementation and can be found here: https://www.un.org/development/desa/capacity-development/tools/tool/principles-and-recommendations-for-a-vital-statistics-system-revision-3/
We engage with the OpenCRVS community so that vulnerabilities and risks can be continuously monitored. We have hosted webinars with this community to capture feedback from across the civil registration community. See an example call on “OpenCRVS: Product capabilities and technical deployment” here: https://www.youtube.com/watch?v=i7gsr6LiToo
In order to understand and mitigate the risks (particularly for children) within a digital civil registration system, the project created “Identifying and addressing risks to children in digitised birth registration systems: a step-by-step guide”. (https://www.ohchr.org/Documents/Issues/Children/BirthRegistrationMarginalized/PlanInternationalGeneva_4.pdf) If not anticipated, digital civil registration systems can present a number of child protection threats:
- Identity theft or fraud
- Privacy violation
- Targeting based on personal characteristics
- Personal security violation or exploitation
- Exclusion from the benefits of birth registration
The risk assessment tool, which forms part of this guide, should be used in collaboration with any OpenCRVS implementation to ensure these and other risks are identified and mitigated against. OpenCRVS has been designed specifically for low resource settings and to overcome the barriers typically seen in countries where birth and death registration is low. See https://documentation.opencrvs.org/opencrvs-core/docs/system_overview/keyFeatures which shows features that facilitate inclusion and aim to mitigate the risk that individuals are disadvantaged because they are not registered in the civil registry.

9.a. Data Privacy & Security

Does this project collect or store personally identifiable information (PII) data?

Yes

If yes - please list the types of data collected and/or stored by the project:

  • As a civil registration system, OpenCRVS is designed to collect PII, as prescribed in the laws and regulations of the jurisdiction where the system is being implemented. The PII collected depends on the vital event being registered but typically the following is collected and processed by OpenCRVS:
    - Full name
    - Home address
    - Personal identification number
    - Telephone number
    Although not formally PII, the following data is also collected by OpenCRVS, however when linked with other data it could be used to to identify a specific person:
    - Date of birth
    - Gender

If yes - does this project share this data with third parties?

Yes

Please describe the circumstances with which this project shares data with third parties. Please add links as relevant.

  • As a foundational registry, OpenCRVS is designed to share PII with other government systems, as prescribed in the laws and regulations of the jurisdiction where the system is being implemented. Typically this is with foundational ID systems (e.g. National ID) and health systems (e.g. DHIS2). This feature of interoperability is very important as the universal data set of birth and deaths can help ensure government services are inclusive.
    National ID: OpenCRVS can integrate with any National ID system in order to reliably validate the existence of NID numbers provided during civil registration applications as well as reduce the time spent on the application form itself by pulling data from the NID system and auto-populate form fields.
    Use Cases: OpenCRVS can be integrated with a National ID system in a number of ways, depending on system capabilities. Current use cases include:
    - To validate the existence of a NID number
    - To auto-populate the form with data from the NID field to minimise required effort from registration staff
    - To create a National ID for a new registration when the event occurs.
    Health: Births and deaths often occur in health facilities and those that occur in the community can be dealt with by health staff at the community level. These actors already use digital health systems to conduct their work and much of the data required for birth/death notifications is already gathered. We know that health staff are busy and need to focus on life-saving activities rather than administrative ones. To address the opportunity that this data has for civil registration, OpenCRVS can integrate with existing health systems via a FHIR mediator (leveraging existing health standards) and can receive data from health systems for follow up within the OpenCRVS system.
    Use Cases: OpenCRVS can integrate with an existing health system via its OpenHIE compliant and FHIR standard interoperability layer, OpenHIM. Current use cases include:
    - To receive birth/death notification information from a health system
    - To allow Registration Agents and Registrars to view this data as an 'in-progress' application and complete it in OpenCRVS
    - To see disaggregated data related to the notifications received from health systems https://documentation.opencrvs.org/opencrvs-core/docs/system_overview/interoperability Interoperability standards were not available at the start of the project, so the OpenCRVS project has taken existing open standards (HL7/FHIR) and extended them for the purposes of integration with civil registration systems. Although not currently a recognised standard, we hope that these extensions become de-facto standards over time as their implementation becomes more widespread.

If yes - does the project ensure the privacy and security of this data and has it taken steps to prevent adverse impacts resulting from its collection, storage and distribution.

Yes

If yes - please describe the steps, and include a link to the privacy policy and/or terms of service:

Our mobile application and microservices are secure, protected by 2-Factor Authentication utilising OAuth JWT best practices. Our privacy policy can be found here: https://www.plan.org.au/privacy-policy/
In order to understand and mitigate the risks (particularly for children) within a digital civil registration system, the project created “Identifying and addressing risks to children in digitised birth registration systems: a step-by-step guide”. (https://www.ohchr.org/Documents/Issues/Children/BirthRegistrationMarginalized/PlanInternationalGeneva_4.pdf) If not anticipated, digital civil registration systems can present a number of child protection threats:
- Identity theft or fraud
- Privacy violation
- Targeting based on personal characteristics
- Personal security violation or exploitation
- Exclusion from the benefits of birth registration
The risk assessment tool, which forms part of this guide, should be used in collaboration with any OpenCRVS implementation to ensure these and other risks are identified and mitigated against. OpenCRVS has been designed specifically for low resource settings and to overcome the barriers typically seen in countries where birth and death registration is low. See https://documentation.opencrvs.org/opencrvs-core/docs/system_overview/keyFeatures which shows features that facilitate inclusion and aim to mitigate the risk that individuals are disadvantaged because they are not registered in the civil registry.

9.b. Inappropriate & Illegal Content

Does this project collect, store or distribute content?

No

If yes - what kinds of content does this project, collect, store or distribute? (i.e. childrens books)

Not Applicable

If yes - does this project have policies that describe what is considered innappropriate content? (i.e. child sexual abuse materials)

Not Applicable

If yes - please link to the relevant policy/guidelines/documentation.

Not Applicable

If yes - does this project have mechanisms for detecting and moderating innappropriate/illegal content?

Not Applicable

If yes - please describe the mechanism for detecting, reporting and removing innapropriate/illegal content (Please include the average response time for assessment and/or action. Link to any policies or descriptions of how inappropriate content is handled):

Not Applicable

9.c. Protection from harassment

Does this project facilitate interactions with or between users or contributors?

No

If yes - does the project take steps to address the safety and security of underage users?

Not Applicable

If yes - please describe the steps this project takes to address risk or prevent access by underage users:

Not Applicable

If yes - does the project help users and contributors protect themselves against grief, abuse, and harassment?

Not Applicable

If yes - please describe the steps taken to help users protect themselves.

Not Applicable

Development & deployment countries

List of countries this project was developed in.

  • United Kingdom
  • South Africa
  • Bangladesh

List of countries this project is actively deployed in.

  • Bangladesh