Sis Security White Paper: Managing Privacy And Security For The Service Information System

The Service Information System (SIS) is a monitoring and evaluation platform built on open source software and donated Microsoft services that is offered on a subscription basis to nonprofits providing any kind of service. It is developed and managed by LogicalOutcomes, a Canadian nonprofit, and launched in March 2018. The first implementation was created in partnership with the Ontario Coalition of Agencies Serving Immigrants, funded by the Ontario Ministry of Citizenship and Immigration. Features of SIS include surveys and other data collection tools, a data warehouse, a metadata registry of validated indicators, training videos, a community data portal containing public datasets, and customized evaluation sites with Power BI reports for each subscribing organization. One of the main reasons we developed SIS was to protect the privacy of vulnerable people who are served by nonprofits. The responsible and secure use of personal data requires a great deal of ongoing effort and expertise, which most nonprofits are not equipped to provide. At the same time, nonprofits are expected by their funders to evaluate their services by collecting personal information from vulnerable clients. Our goal was to develop an effective monitoring and evaluation service that took care of most of the technical and administrative procedures, including security and privacy protections, so that nonprofits could focus on evaluation design and results. This paper describes the security policies, principles and procedures that have been built into SIS to protect the privacy of personal information, emphasizing our planned compliance with the EU General Data Protection Regulation (GDPR).