In February, 2011, Dimagi launched a cloud-based, enterprise level platform to deploy CommCare globally (www.commcarehq.org). The platform is designed to support data collection across large numbers of users within an organization and provide reporting and analytics for that data. The system includes two-way synchronization of data with mobile devices and the ability to restore a user's data in case of phone damage or loss, and promotes links between beneficiaries, mobile users, and facilities. The platform supports authoring tools to allow organizations to adapt or create their own forms and modules.

Our Software as a Service (SaaS) approach is optimal for the use case defined in that it allows stakeholders and users to all access a toolset and to store, upload, and report on data. Due to CommCareHQ's scalability, this SaaS model provides a lower Total Cost of Ownership (TCO) than maintaining a solution in-house.

CommCare includes a mobile data collection capability through the CommCare Mobile Client, and reporting through the CommCareHQ Cloud. CommCare leverages XForms, a W3C international standard with a significant footprint across data collection platforms that are used in low-resource settings including OpenXData, EpiSurveyor, JavaRosa, and OpenDataKit. This enables users to create additional forms over time, or modify the existing form library as needed. It also ensures that programs can interoperate with other technologies that are XForms compliant.

CommCare enables mobile data collection via J2ME features phones, Android phones, and Android tablets, ensuring compatibility with many existing and future devices. All mobile versions allow data to be collected offline and sent when wireless (GRPS) or internet (WI-FI) connectivity is available.  The mobile platforms are open source and are commercially supported by Dimagi. The Android-based application is based on top of Open Data Kit, a University of Washington developed open source form and data collection tool used in a number of applications and sectors. The J2ME version is based on JavaRosa, the open source XForms engine whose development is led by Dimagi and which is used in Open Data Kit, Episurveyor, and other Xforms-based solutions.  Multiple modules and forms can be deployed to devices to enable a single CommCare application to serve various data collection needs.

Please refer here for more technical details. 

Data Security

Data on CommCare mobile is stored encrypted-at-rest (symmetric AES256) by keys that are secured by the mobile user’s password. User data is never written to disk unencrypted, and the keys are only ever held in memory, so if a device is turned off or logged out the data is locally irretrievable without the user’s password.

Data is transmitted from the phone to the server (and vis-a-versa) over a secure and encrypted HTTPS channel.

On the server side for projects using the https://www.commcarehq.org server: Data is hosted in a HIPAA compliant cloud at an enterprise-grade ISO 27001 compliant data center. Data is secured with at-rest AES256 encryption, regular offsite backups, intrusion monitoring, biometric physical access security, etc.

Currently data for projects using https:/www.commcarehq.org is stored inside within the United States.

Note: Dimagi makes every effort to ensure the security, consistency, reliability, and availability of data using our cloud services. The specifics provided here are examples of Dimagi’s approach and mechanisms to comply with that level of service, not a conveyance of specific contractual obligations. We reserve the right to change the specific mechanisms used to secure data and communications for customers to improve security and compliance with evolving best practices (IE: We may move to a stronger cipher than AES256 in the future and reserve the right to make such a decision)

For more details on our security practices read here

  • No labels