Assessing Data Security in Namibia

One of our HRIS Advisors, after receiving an emergency email from a country asking for help restoring lost HRIS data, wrote, “Too often we see backup plans that are insufficient or exist only on paper, not actually in practice. We have also seen backup plans which are followed for a period of time and then abandoned due to busy staff or a false sense of security due to a period of time with no system catastrophes.”

Indeed, an HRIS contains valuable and confidential human resources information that if lost would be painstakingly difficult and time consuming to replace. Unfortunately, some historical health worker data could be lost forever, unable to be recaptured by a new data collection effort. Therefore, it is important to ensure a sustainable backup plan is in place.  One country, Namibia, recognizes the need for a reliable backup solution for their HR information management system (HRIMS), and recently took action to ensure they had a secure backup system in place.

The Namibia HIV Prevention, Care and Support Program, an IntraHealth-led Capacity Project Associate Award, is assisting the Ministry of Health and Social Services (MoHSS) with rolling out the central-level HRIMS to the 13 regions. The HRIMS tracks health professionals working in the public sector and captures data on their training, certification, licensing and deployment. All the HRIMS data lives on servers located in the Office of the Prime Minister (OPM); the MoHSS, and eventually all the regions, access the data via wide area networks. Therefore, the OPM is responsible for performing data backups.

To ensure a proper backup for the HRIMS data is in place, the Namibia HIV Prevention, Care and Support Program and MoHSS developed a Disaster Recovery Plan questionnaire to determine the level of HRIMS data security and whether additional steps and funds were required. The questionnaire was approved by Namibia’s Stakeholder Leadership Group and sent to the OPM to complete. It collected basic information on the system, including program language and the operating system; change management information, like recent changes, the number of people able to provide technical and user support, and the development timeline; backup information, such as frequency and medium; and the disaster recovery plan. After reviewing the completed questionnaire, the Program and MoHSS confirmed the OPM is doing a good job with the current backup solution and no additional steps need to be taken.

The questionnaire can be adapted and standardized and used by other countries/organizations to ensure their HRIS data is securely backed up. In addition, it is slated to be included in the next version of the HRIS Toolkit.