Links

Application Governance

We review PDA access contracts to ensure quality and trust. This application governance consists of 5 parts:

1. Transaction Requests and Application Rating

To gain permission to store, process and use a PDA or to retrieve data from other PDAs, "transactions" must be enabled. Dataswift Transactions are data flows on the platform that have to be enabled by Dataswift upon the server owner's permission and instruction. An application owner needs to request for contracts to be created so that server owners can agree to them and Dataswift can then enable the transactions.
Such contracts declare the application's activity, purpose and duration of use i.e. the application's data conduct. They would be encapsulated within a HAT Microserver Instruction (HMI) contract, reviewed by Dataswift's governance team, then set up to be issued on demand when individuals are onboarded onto the app. This enables the app to freely use PDAs according to the contract's terms. Dataswift maintains the HMI contracts and supervises the data conduct so that transactions are always compliant with platform and data regulations.
Dataswift implements a rating system to help server owners understand the data conduct of applications. We display the application’s rating when the HMI contracts are presented to server owners for acceptance.

2. Review

The Dataswift Review Committee conducts the following reviews of the Application:
  • Design review – ensuring design consistency across all apps in the ecosystem, i.e. use of terms and design assets
  • Technical quality check – ensuring the API endpoints are called on correctly, error handling has been attended to and there are no other technical issues
  • Contractual review – ensuring the contract is valid and set up correctly for the right set of data within the PDA for the stipulated usage, duration, and purpose
  • Compliance review – ensuring standard platform rules are followed as well as ensuring compliance with data protection and privacy regulations
  • Data Conduct review – ensuring that data collection, storage, usage, and processing have been handled responsibly
As you get ready to go live, please review this checklist.

3. Contracts Maintenance

Once your app is live, HMI contracts will be logged on the Dataswift One platform when users login to the application and accept the contract. Dataswift will keep a log of contract details, manage versions and updates on behalf of app owners and users. Dataswift will monitor compliance with the contract agreement obligations, including necessary audits, under the HAT Community Foundation's oversight.

4. Continued Monitoring and Audits

HMI contracts are checked by Dataswift’s Performance and Monitoring committee to ensure apps behave in accordance with the policies (including any other governance protocols). Such policies may be regulatory (e.g. imposed by the HAT Community Foundation), standard (e.g. for contracted or regulated PDAs) or non-standard (e.g. source constraints set by Data Providers).

5. Certification

Post-approval, applications can apply for an official Rating Assurance certificate from the HAT Community Foundation.
Dataswift reserves the right to refuse or reject any permission request by an application. We recommend all applications take their first MVP version live to ensure they are able to pass governance requirements.