Our recent partnership with the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) offers a lens into the workings of an organisation that is taking proactive steps to strengthen their internal practices.
Based in Uganda, CIPESA focuses on decision-making that facilitates the use of ICT in support of good governance, human rights and livelihoods.
Within the framework of our 6-month Matchbox partnership, CIPESA had three main priorities:
- Strengthening their digital communications and documentation infrastructure through guidance on implementation of self-hosted tools that enable autonomy and ownership.
- Support in platform implementation through guidance on user testing, roll-out and maintenance plans design.
- Capacity building around responsible data management and organisational security.
What we discovered
Our assessment of CIPESA’s current landscape of tools revealed a diverse technological framework consisting in a mix of tools, from conventional email and word processing to collaborative platforms, incorporating a blend of cloud-based and localised storage.
We also looked at CIPESA’s security frameworks and practices, which encompass multifaceted strategies, realised through a mix of practices and tools.
CIPESA are cognisant of research ethics and data handling and were interested in strengthening their Responsible Data Management and data handling practices to further ensure protection of data subjects and sensitive data. They were also interested in strengthening the security of their websites, email, and social media platforms.
Introducing contextual risk assessments, self-hosted tools, and Responsible Data frameworks
Recognising the importance of keeping internal communications private, we suggested a shift to a self hosted video conferencing tool (Big Blue Button). This platform would also provide resilience against potential restrictions and avoid over-reliance on a third party platform.
To further streamline CIPESA’s communication with its networks, CIPESA also looked at the adoption of a tool that would foster tailored communications with its large network of stakeholders. One of the platforms we recommended was SuiteCRM, which is open source and can be self-hosted, which aligns with CIPESA values. It also has core features that the organisation is looking for, including creating groups of key stakeholders and setting up consistent targeted communications with them through the platform.
We also recommended a thorough contextual risk assessment, to offer clarity on pressing security concerns and ensure that a consistent internal policy is adopted to mitigate these risks. This would also aid in the implementation of tools and practices that will strengthen internal security – such as the adoption of 1password for password management.
Aligning data management with organisational values
CIPESA wanted to ensure alignment of data management practices with both organisational values and regional data protection regulations. Drawing from resources like The Engine Room’s Becoming RAD!guide, we provided guidance about data storage duration, disposal methods, and more.
CIPESA’s work environment relies on various tools and platforms, from cloud based tools to physical files. Amidst this diversity of platforms, the importance of data responsibility – the principle that information collected and generated should be handled responsibly with care and include ownership of organizational data on platforms. This value highlights the importance of self-hosted platforms and also choosing platforms aligned with this principle.
Our assessment helped identify areas and recommended steps to enhance both efficiency and security. CIPESA’s approach, which involves a mix of password protection, two-factor authentication, and data encryption, stands out as a model for organisations looking to navigate the digital space safely.
“The Engine Room’s Matchbox program has been instrumental in helping us identify and address various questions regarding how we handle and manage the data we collect. It has also reaffirmed the need to enhance internal practices especially in an evershifting digital terrain and in a growing community of practice when it comes to the work that we do in advancing digital rights and governance in Africa”
If you have question about integrating tech and data more efficiently and securely into your social justice work, get in touch!