Information Security Description Request

I am writing to ask for support on an issue of research compliance and information security. In planning a field study using CommCare, my information security officer has asked that a research compliance review of CommCare be done before CommCare is used as part of the research project. To conduct this compliance review, the officer would need one of the following:

  1. SOC2 report of the company – not AWS/Google, etc
  2. HiTrust Certificate for the company
  3. Completed HECVAT survey
  4. Contact information for a person at Dimagi, likely InfoSec, who can answer my university's information security officer's standard security questions.

Any support on this front is greatly appreciated. Many thanks!

Hi Mahesh,

This forum is mostly for the Community of Practice of CommCare's users and software developers, and not a channel for any specific hosted instance of CommCare.

Dimagi's production SaaS offering of CommCare does include security and compliance guarantees. You can reach out to the support or sales teams, for instance, to request the SOC-2 compliance report.