As technology becomes a fundamental enabler for global-development digital health products—also known as global goods—are increasingly being adopted in the health sector. These tools, designed for broad use and reliable accessibility (particularly in remote locations), have the potential to transform lives and empower communities worldwide. However, with their growing adoption comes a heightened responsibility to ensure that these global goods are secure and resilient against evolving cybersecurity threats.

The goal of the Security Maturity Framework for Global Goods in Digital Health is to empower organizations and developers to prioritize security from the outset, ensuring that the transformative power of digital solutions is delivered safely and sustainably to all users, regardless of their location or technological infrastructure. The framework provides a structured approach to embedding robust security measures into the design, development, and deployment of these digital solutions. Given the diverse environments in which global goods are implemented—ranging from low-resource settings to highly connected urban areas, this framework addresses the unique challenges of securing systems that must be both accessible and safe for a wide array of users.

The Introduction to the Security Maturity Framework, which serves as a user guide for the framework, covers the following topics:

1. Regulatory Compliance and Standards Adherence

2. Data Security and Privacy Protection

3. Secure Software Development Practices

4. Incident Response and Disaster Recovery

5. Supplier and Third-Party Risk Management

6. User Education and Awareness

The Security Maturity Framework itself provides an Excel-based tool for evaluating software security maturity. For each of the six domain tabs, the user will:

• review the maturity definition and identify which level their software lands within the criteria; and

• review and complete the additional self-check questions provided in each domain to identify the status, impact level, and potential mitigation strategies.

The outputs of the self-assessment will inform the team and/or organization by highlighting the current maturity status and identifying areas for improvement to create action plans for further advancement to higher maturity levels. Utilizing this maturity model on a regular basis is recommended to help ensure continuous advancement in securing your software product.