Software Vulnerability Assessment

1. Introduction and Background Information

1.1. Humanity and Inclusion

Humanity and Inclusion (HI) – previously known as Handicap International – is an independent and impartial aid organisation working in situations of poverty and exclusion, conflict and disaster. We work alongside people with disabilities and vulnerable populations, taking action and bearing witness in order to respond to their essential needs, improve their living conditions and promote respect for their dignity and fundamental rights. HI is working in more than 60 countries over the World.

1.2. Physical and functional rehabilitation

For 40 years, HI has been providing rehabilitation services to help people with disabilities, injuries, trauma or other health conditions reach and maintain a maximum level of functioning. Our rehabilitation experts implement and promote an inclusive and comprehensive approach, ensuring the entire rehabilitation process is adapted to each person’s needs and specific context. Our activities take into account the personal and contextual resources and barriers to accessing and benefiting from rehabilitation and related services, paying specific attention to the role of caregivers and communities in the rehabilitation process.

Since 2016, HI has been researching and testing the use of emerging technologies in remote service provision particularly for low- and middle income countries and complex situations. Based on our findings, we are working on improving access to rehabilitation services through an innovative service delivery model that combines the existing delivery setup in a given context with the use of digital technologies. As a result, HI has developed an open source, multidisciplinary telerehabilitation software.

1.3. Telerehabilitation

Telerehabilitation can be defined as the use of information and communication technologies (ICT) to provide rehabilitation or assistive technologies services to people remotely in their home or other environments. Telerehabilitation can improve access to rehabilitation services, reduce health care costs and facilitate continuity of care. HI is running several telerehabilitation projects involving use of software and side exchange, storage, use and acquisition of patients’ personal data with and between service providers.

1.4. OpenTeleRehab

OpenTeleRehab is an open source multidisciplinary telerehabilitation software – connecting rehabilitation professionals with service users to improve access to rehabilitation services and contribute to universal health coverage by facilitating discharge, transition of care and follow-up. The software that allows its users to access tailormade rehabilitation treatment plans adapted to a variety of conditions. It enables rehabilitation professionals to provide continued support and follow-up via chat or video communication, including plan adherence and goal achievement tracking. OpenTeleRehab is made of 4 different platforms: 1 admin web portal, 1 therapist web portal, 1 patient mobile app (iOS and Android), 1 open access library web portal.

1.5. Software security

In the framework of software’s deployment and as part of a continued effort to ensure best level of security, HI is looking for a consultant to undertake a vulnerability assessment of the software.

2. Assignment

2.1. Assignment Objectives:

The consultant(s) will run a vulnerability assessment of the software following international standards. For each system vulnerability identified, the consultant will provide practical recommendation(s) to increase security at software level under cost-effective and open source model.

2.2. Deliverables

– Vulnerability assessment for 3 web apps and 1 mobile app following international standards – Detailed Vulnerability report, including practical recommendations – Technical debriefing with HI and external service provider

2.3. Consultant and HI’s Responsibilities

The consultant (group):

– Identifies and proposes methodologies to provide aforementioned deliverables – Provides aforementioned deliverables and presents them to HI technical team and external service provider

HI:

– Validates deliverables – Provides necessary documents or information

2.4. Additional information

– Expected duration: flexible duration with deliverables to be submitted no later than 15th October 2022.

– Expected budget: flexible budget based on methodology and quality of proposal.

– Capacity to provide external or embedded support in the implementation of the recommendations to software development team considered as an asset.