Application Governance

We review PDA access contracts to ensure quality and trust. This application governance consists of 5 parts:

1. Permissions Request and Application Rating

To gain permission to use data stored in a customer's PDA, you need to create a contract and declare what data will be read and how. This data conduct (i.e. the way the app collects, stores, process, and shares data) is documented in a HAT Microserver Instruction (HMI) contracts and is reviewed by a team at Dataswift to ensure quality and trust. Once we receive a request, we perform the setup and maintenance of HMI contracts enabling apps to request access for reading or writing data into their app namespace/folders or to access other namespace/folders data in the PDA.

Once reviewed we implement the rating system to create a score helping users understand what is happening to their private data. We display the application’s rating on the platform store as well as on the PDA Dashboard app.

2. Review

The Dataswift Review Committee conducts the following reviews of the Application:

  • Design review – to ensure design consistency across all apps in the ecosystem in terms of usage of terms and design assets

  • Technical quality check – to ensure the API endpoints are called on correctly, error handling has been attended to and there are no other technical issues

  • Contractual review – to ensure that the contract is valid and set up correctly for the right set of data within the PDA for the stipulated usage, duration, and purpose

  • Compliance review – to ensure that standard platform rules are followed as well as ensuring compliance with data protection and privacy regulations

  • Data Conduct review – to ensure that data collection, storage, usage, and processing have been handled responsibly

As you get ready to go live, please review this checklist.

3. Contracts Maintenance

Once your app is live, HMI contracts will be logged on the Dataswift One platform when users login to the application and accept the contract. Dataswift will keep a log of contract details, manage versions, and updates on behalf of app owners and users. Dataswift will monitor compliance with the obligations under the contract agreement, including necessary audits, under the oversight of HAT Community Foundation.

4. Continued Monitoring and Audits

HMI contracts are checked by Dataswift’s Performance and Monitoring committee to ensure apps behave in accordance with the Policies (including any other governance protocols).  Such Policies may be regulatory (e.g. imposed by HCF), standard (e.g. for contracted or regulated PDAs) or non-standard (e.g. source constraints set by Data Providers). 

5. Certification

Post-approval, applications can apply to have an official Rating Assurance certificate by the HAT Community Foundation.

Dataswift reserves the right to refuse or reject any permission request by an application. We recommend all applications take their first MVP version live to ensure that their application is able to pass governance requirements. Dataswift governance is subject to oversight by the HAT Community Foundation (see diagram below for HCF’s role).