The Digital Trust Label stands for trust, simplicity and transparency and thus also for values shared by UNICEF and MD Systems. The United Nations Children's Fund is the first internationally active humanitarian organization to receive the label.
The comprehensive audit by the Swiss Digital Initiative examined the entire donor lifecycle, with the online donation process as the pivotal point. A prerequisite for a secure donation process at UNICEF is therefore also the security of the development and operating processes of MD Systems, to which we attach great importance.
For Unicef, trustworthiness is the highest asset, so we always want to offer the best and safest donation experience. MD Systems' precise advice and support guided us unerringly through the audit.
The versatile donation solution, which was developed by MD Systems, is also used by other non-profit organizations. It can be customized and is typically connected to a CRM such as SalesForce or ActiveCampaign.
How is security ensured at MD Systems?
The audit examined the following measures, among others:
- Development with code versioning and code reviews
Every change to code is reproducible and systematically controlled.
- Automated testing and release management
Our donation solution contains 396 test scenarios that are automatically checked for each code change.
- Vulnerability scanning and monitoring
Own code and all deployed software (dependencies) are systematically analyzed.
- Roll-outs over several stages with strict criteria for quality assurance
After various tests in development environments, the final stage is staging for release, which behaves as much as possible like production with active integrations.
- Automated visual regression testing
Comparison of screenshots before / after updates.
- Secure identification without passwords
With digital keys, certificates and two-factor authentication
- Monitoring during operation
Anomalies are proactively investigated and measures are initiated.
The audit was an instructive experience. While many processes were already clearly structured, measures were implemented immediately to record our processes and their execution in writing in a more comprehensible way. As a result, no significant deficiencies were identified in the audit. However, improving safety remains an ongoing task.
The timing is perfect: By deepening its know-how on data protection, MD Systems is optimally prepared for the introduction of the new Swiss data protection law in September 2023.
We congratulate UNICEF Switzerland and Liechtenstein for the "Digital Trust Label". If required, we would be happy to accompany other organizations through the process and help implement data protection as a differentiator for building trust.
Further information in the UNICEF media release.