> For the complete documentation index, see [llms.txt](https://docs.digit.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.digit.org/platform/guides/security-and-privacy-guide/security-and-privacy-guidelines-for-solution-implementing-agencies.md). # Security & Privacy Guidelines For Solution Implementing Agencies 1. Secure Deployment * Follow Installation Guidelines: Adhere to the security best practices provided in the DIGIT installation scripts and documentation. * Environment Hardening: Ensure that the deployment environment is hardened against potential threats. * Key Management: Ensure encryption key lifecycle is managed properly. Appropriate key management tools provided by cloud providers or hardware key management solutions are deployed. 2. Compliance * Privacy Policy: Ensure the deployment complies with relevant data protection and privacy regulations. * PII Identification: Identify all personally identifiable information (PII) and ensure these are stored as part of User and Individual Service only. 3. Configuration * Role Configuration: Configure roles and access based on purpose—only roles that have a purpose should be able to access that data. * Minimal Access: Provide users/roles only the minimal access required to perform their activity. 4. Secure Operations * Follow a robust security operations framework e.g. NIST to identify, protect, detect, respond and recover. * Intrusion Detection System (IDS): Deploy IDS to monitor network traffic for suspicious activities. * User Notification: Have procedures in place to notify users in the event of a data breach or security incident. 5. Data Management: * Data Archiving: Archive and/or store data keeping in mind local laws, regulations, and domain requirements. Where possible, store aggregate or anonymized data rather than PII. 6. Notice and Consent * Update and include a privacy policy (based on the product privacy policies), which details what information is collected, which roles have access to it, and the purpose of such access/usage. * If you have integrated with third-party service providers, such that any PII is going to be shared with them (e.g. SMS providers, email providers; other public and private agencies), this should be explicitly included in the privacy policy. * Publish a notice, with a link to the privacy policy, on the login page. Users should indicate that they have read and accepted these terms before they can log in. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.digit.org/platform/guides/security-and-privacy-guide/security-and-privacy-guidelines-for-solution-implementing-agencies.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.