Digital System Assessment Toolkit (DSAT)
DSAT is both a framework for assessing digital health information systems as well as a set of re-usable templates that may be applied to the system assessment process. DSAT provides public health decision-makers with the quantitative information needed to make system-related decisions throughout the system lifecycle (solution comparative assessment; solution implementation prioritization; software development planning; and system operations improvement):
- A reusable set of requirements initially for electronic case-based (CBS), indicator-based (IBS) & event-based surveillance (EBS), and reporting activities; these requirements encompass Functional, Non-Functional, and Security requirements as seen in Section 1.6 EICSIS Requirements within the DSAT Framework document listed below. Future requirements sets will address Electronic Medical Record (EMR), National Data Repository (NDR), and Laboratory Information System (LIS) components as well.
- A reusable set of tools for digital health system assessments. This set of assessment tools addresses respectively each of the requirement sets defined above (Functional, Non-Functional, and Security). When using these assessment tools, there are specific nuances that should be recognized. These nuances are discussed throughout this document.
- A means to establish a set of best practices for the global digital health informatics community. This framework document should provide sufficient background, information, and recommendations to allow for adoption across a range of digital health assessment contexts.
It is expected that this framework will evolve over time as it is applied in other digital health assessment contexts. For that reason, this should be considered as a living document where notes, additions, clarifications, and so forth may be freely added over time so as to continually increase the utility and value of the assessment framework. While a governing body to manage this evolution has not yet been designated, such a governing body represents a logical next evolutionary step.
The DSAT Framework elements include:
- An overarching assessment strategy
- Determination of the type of assessment to be performed: there are four assessment use scenarios: a. Comparative analysis of one or more digital solutions versus requirements b. Focus on a specific subset of requirements for project planning & management purposes c. Identify development priorities versus requirements. d. Identify recommended operational system improvements versus requirements.
- As-is architecture baseline for assessment: the as-is architecture leverages the architecture domains defined in The Open Group Architecture Framework (TOGAF) Architecture Development Method (ADM)
- Requirements assessment: there are three separate assessment tools in the toolkit addressing the assessment of a digital solution versus functional, non-functional, and security requirements.
- Vulnerability assessment: for most assessments, the use of a static code vulnerability scan is sufficient, but for an operational system, an implementation assessment (e.g., web scan) or, for particularly critical systems, a penetration test may also be warranted.
- Preparation of the assessment report.
- Assessment resources: as shown in the figure below, the DSAT Toolkit includes reference framework documents (under the orange box), supporting document templates (under the gray box), and assessment process templates (under the three blue boxes) to support the analysis of other systems. This framework document references the applicable document(s) and/or template(s) for each step in the DSAT assessment methodology.