• Phase 1: Assessment & Preparation

    Determine the breadth and scope of the

    implementation and resource as required.

    broken image
  • Welcome to the CPIMS+ Rollout Guidelines, Phase 1! In this phase, we ensure that information management for case management (IM4CM) processes and data protection measures are in place before rolling out CPIMS+.


    Before you begin, please keep in mind that CPIMS+ is just one tool in the larger Case Management and Child Protection Information Management System and is not case management itself​​​​​​​. CPIMS+ requires a solid case management foundation. A tool that is recommended to assess whether case management works as a foundation is the Quality Assessment Framework (QAF). The QAF provides a framework to examine the existing information management strategy. It can help assess the available interest, willingness, and capacity. It can also be used to assess the approach to involving national authorities.


    CPIMS+ represents an opportunity to strengthen case management with the use of information management technology. This means that to deploy the CPIMS+, it is important to have a case management system in place or in development. Clear planning is required to ensure that child protection staff are well trained on case management before beginning to use the CPIMS+. The system reflects SOPs, workflows and paper forms that partners are utilizing. Therefore, ensuring these are coordinated and agreed upon is a key first step before the CPIMS+ rollout is initiated.


    In accordance with the CPWG, 2014, Interagency Guidelines for Case Management and Child Protection (pp. 44-47), core components of a typical inter-agency child protection IMS include:

    1. IA Child protection Case Management forms;
    2. Relevant sections of Case Management Standard Operating Procedures (SOPs);
    3. Data Protection Impact Assessments (DPIA) and Data Protection Protocols (DPPs);
    4. Information Sharing Protocol (ISP); and
    5. Databases such as the CPIMS+

    CPIMS+ requires the above 1 to 4 elements to exist and meet minimum standards prior to its deployment. Additionally, the Data Protection Framework and Terms of Use must be signed by each participating agency utilizing the CPIMS+ prior to deployment of the system.


    For guidance on rapid onset emergencies please refer to the following guidance. Note that in such cases the CPIMS+ deployment can happen in parallel to the set up of the case management response.


    Here is a package of key documents needed to deploy the CPIMS+ which are also outlined in the steps below.


    The workplan is an overall guide which includes all steps of the CPIMS+ implementation process. Below are key roles mentioned throughout the Rollout Guidelines:

    • CPIMS+ Steering Committee Coordinator
    • CPIMS+ Technical Team: case management and CPIMS Specialists seated in UNICEF, International Rescue Committee, Save the Children, Terre des Hommes Lausanne, and Plan International who operationally and technically support the deployment in-country and who are accountable to the CPIMS+ Steering Committee
    • Primero Team: technical platform and implementation support 
    • CPIMS+ In-Country Lead: A working group / AoR coordinator or UNICEF/NGO staff who acts as the focal point during the rollout process and is the acting liaison in-country and externally
    • System Administrator: authorized user for the CPIMS+ acting as the focal point to end-users, enhancing the system and adding/removing users as needed
    • In government rollouts, we ensure there is a technical team in place that include key stakeholders included in the decision-making process of the system. The Primero Team and System Administrator will also be included in the roles required for a CPIMS+ rollouts.

    STEP 1: Define your objectives and assemble your working group(s).

    This step is critical in ensuring there is clearly defined coordination. Gather your team to help in the implementation and oversight of CPIMS+. The in-country (inter-agency) Child Protection team is responsible for creating sub-working groups for additional support, supporting knowledge exchange of best practices and lessons learned.

    • Establish a coordination group or extend an existing coordination group (ie. CP AoR or Case Management Task Force) with agencies participating in the system implementation. Here are sample Terms of Reference to ensure accountability, collaboration, clarify partner expectations and mandate.
    • Assemble a team and sub-teams (as necessary) with the right skills and expertise to support the various stages of implementation. Each should have clear roles and responsibilities to ensure understanding of involvement and impact. 
    • Define the context of the implementation: Who are you trying to help? What do they need? Why do they need it? Consider the reasons why needs are not currently being met and how you might address these challenges. This is key to ensuring the following steps are fit for purpose.
    • Be sure to have dedicated focal points focused on capacity building. A capacity building plan which includes case management and IMS training should be designed based on the needs and capacities in country. The IMS training should be planned once the core case management training is delivered. 


    CPIMS+ objectives are defined and the team is assembled which support various aspects of the implementation of the system.

    This step is required to be completed to progress to the next step.


    Template for this step:

    Terms of Reference for CPIMS+

    STEP 2: Develop, adapt and finalize standard operating procedures for case management.

    • SOPs for case management are a minimum requirement for a successful implementation. Assess current case management procedures and refine as necessary to include working with the CPIMS+. 
    • SOPs should be reviewed by all stakeholders to ensure harmonization of tools and related capacity building. Standard CP CM SOP have been created by the global CMTF including guidance on how to further develop and implement SOPs.
    • Agreement on the SOPs is key as the CPIMS+ features and functionalities will be aligned to the SOPs (unless revisions are identified). 


    CPIMS+ team has consensus of all partners on use of harmonized SOPs.

    This step is required to begin the implementation.


    Template for this step:

    Standard CP CM SOP


    STEP 3: Review and agree on case management forms for CPIMS+.

    • All child protection actors must agree on the forms to be used in the case management process. The Global Case Management Task Force has revised the Case Management Inter Agency Forms, which are configured in CPIMS+ v2, but can be adapted as needed.
    • Identify a focal point to coordinate and get consensus across all partners and organizations who will be utilizing the CPIMS+ on the forms that are to be used. This focal point will also be the main point of contact in the Implementation Phase. This person will coordinate User Acceptance Testing (UAT), a process where partners review the CPIMS+ and verify that the system is configured correctly and working as intended. When changes are requested during UAT, the focal point will review/approve the requests and communicate the changes to all participating partners.


    CPIMS+ team has consensus of all partners on which paper forms are going to be configured into the CPIMS+.

    This step is required to begin the implementation.


    Template for this step:

    Case Management Forms


    STEP 4: Complete the assessment survey.

    • The leading agency coordinator will complete the assessment survey (which will be provided by the Primero/CPIMS+ teams) on behalf of the participating agencies and conduct bilateral meetings on readiness for us to better understand your team’s needs, caseload, and processes. 
    • We will review your team’s readiness and will contact you to schedule a call with us to discuss identifying what we need to ensure a successful implementation. We will provide you with an analysis, identifying recommendations of what is required to get underway. You will then complete an assessment report at the agency or inter-agency level (through coordination mechanisms) which will be shared. The report will include an action plan to address recommendations which will come from the Primero/CPIMS+ teams).


    Assessment survey is submitted, reviewed and consolidated in a report.

    This step is required to begin the implementation.


    Template for this step:

    Assessment Survey (which will be provided by the Primero/CPIMS+ team directly)

    Assessment Report



    STEP 5: Determine what resources you have.

    • Map out the resources needed to implement CPIMS+. The assessment may give you an idea of the type of resources you require. This should include: human resources, capacity building and costs associated with hosting and deploying the CPIMS+.
    • This budget includes both case management and CPIMS+ costs which can be contextualized according to your needs.
    • After estimating the costs, discuss if there are funds to cover the initial costs of the system implementation and to maintain funding for this project long-term. This budget should also include costs for migration from legacy systems, excel or other databases to CPIMS+.
    • Determine where the funding will come from (note it can be inter-agency funding through a coordination mechanism).
    • Agree on the support and operational costs and ensure there is a coordinated vision on sustainability.
    • Note: The System Administrator is a required role for the CPIMS+ and this authorized user will help maintain the CPIMS+ by troubleshooting system issues,  managing users, and managing the configuration as programming needs change. The System Administrator is hired by any CPIMS+ implementing agency. Sample TORs for System Administrators have been drafted if you need to recruit for this role.
    • Sample TORs have been drafted for CPIMS+ Specialists, Case Management or Information Management Managers if they require to be hired.



    Human resources and budget resources have been determined for the implementation.

    This step is required to begin the implementation.


    Templates for this step:

    Terms of Reference for CPIMS+ Staff and System Administrators

    Budget Template

  • How much will it cost?

    Using any software implies costs. If your organization has the skills and resources to deploy, host and manage the CPIMS+, you can access the source code, documentation and community free of charge.

    For organizations that need technical support, the Primero v2 Subscription Model offers different packages services including implementation support, hosting and production support and maintenance services.

    PLEASE NOTE: Primero is a not-for-profit digital public good. Support services are provided based on the most cost effective basis possible, and prioritized based on humanitarian need, available resources, and assessment outcomes.
    broken image

    Implementation Support

    Contact the

    Primero Team

    annual subscription

    • Deployment of a demo and production environment of CPIMS+
    • Hosting costs (if provided by UNICEF)
    broken image

    Additional Services


    Based on request

    • Support with analyzing, configuring, deploying & training 
    • In-country missions for technical support or training
    • Interoperability with partner systems
    • Data migration
    broken image

    Production Support & Maintenance

    Contact the

    Primero Team

    annual subscription

  • STEP 6: Complete the Data Protection Impact Assessment (DPIA).

    Data protection and confidentiality are central to the CPIMS+ mission. Together with the CPIMS+ technical team, your team will complete a Data Protection Impact Assessment:

    • The purpose is to identify, evaluate, and address the risks to children arising from managing sensitive case data at agency and inter-agency levels.
    • Identify focal points to conduct DPIA. In refugee contexts this will be UNHCR and the tools will be provided by them.
    • Contextualize and disseminate the DPIA Template, Risk Assessment & Checklist documents with relevant actors and agree on methodology. Organise a 1-day DPIA workshop with relevant agency focal points. The outcomes should be an action plan and relevant information should be included in the Data Protection and Information Sharing Protocol (DP ISP is outlined in the next step). Note: Both DPIA and DP ISP documentation are currently under revision by the Global Case Management Task Force – once finalized, new templates will be updated here.
    • Note: for government-only rollouts, a DPIA is not required.


    DPIA has been completed with partners.

    This step is required to begin the implementation. Note: for government-only rollouts, a DPIA is not required.


    Templates for this step:

    DPIA Template, Risk Assessment & Checklist



    STEP 7: Develop a Data Protection Protocol & Information Sharing Protocol (DPP-ISP) & define how Data Requests will be handled.

    • All data sharing requests should be clearly outlined in the Data Protection Information Sharing Protocol. The DPISP template shared has been developed by the Alliance for Child Protection in Humanitarian Action.
    • All child protection actors are required to agree and sign a DPISP defining what information about the children can be shared, when and with whom. This workshop template can support a DPISP workshop with relevant participating agencies and will stimulate discussions around data sharing.
    • The DPISP will also serve as a guide to establish and assess what information to collect; how the information will be used; and how the information will be stored. It is essential for all personal and case-related information to be protected for the safety and confidentiality of the children and families that Child Protection actors collect data from.


    CPIMS+ partners endorse and sign an agreed upon DPISP and determines who can audit the system and has defined how data requests are handled.

    This step is required to go-live.


    Templates for this step:

    Data Protection and Information Sharing Protocol

    ISP Workshop Template

    STEP 8: Review the Terms of Use.

    • Terms of Use is an agreement signed by the relevant authority in each user organization at programme level. The Terms of Use constitute the agreement between authorized users’ and access to and use of the CPIMS+. Rights and responsibilities which users must agree to use the system or software; it effectively forms a contract between the agency/agencies implementing Primero (ie. UNICEF, UNFPA, CSO partners, government partners etc.) and the user organization(s). The ToU makes reference to the implementation plan, information sharing protocol and governance structure. This includes definitions of key words, access to the information, user rights and responsibilities, managing users, limitation of liability, correct behavior and actions that may be taken against the user if terms are broken, user notifications if terms are modified.
    • In 2019, the Primero Board convened legal and data protection specialists from UNICEF, UNFPA, Save the Children, International Rescue Committee (IRC) and Terre des hommes (TdH), with different organizational statuses and jurisdictions. After a +1 year process, the inter-agency legal departments drafted a new Primero Terms of Use which prioritizes the data subject’s rights, data controllers’ duties and obligations, data processors’ duties and obligations, and limitations of liability. The first version of this Terms of Use is for UNICEF-hosted interagency CPIMS+ instances. This has been approved by the Primero Board and inter-agency partners. If the system is required to be locally-hosted or in a government data center, a Terms of Use will be drafted between the partners involved.
    • Review the Primero Data Protection & Privacy Framework.
    • Note: for government rollouts, the government partner will sign an agreement in lieu of the Terms of Use


    CPIMS+ partners review and sign the Terms of Use (or agreement for government partners). This step is required to go-live (not required for go-live for a rapid onset emergency deployment).


    Templates for this step:

    Terms of Use for CPIMS+ in inter-agency settings hosted by UNICEF

    Primero Data Protection & Privacy Framework

    STEP 9: Determine procedures for data breaches.

    • All CPIMS+ interactions are logged in an "Audit Log" which the System Administrator and support staff have access to. This allows for traceability of abuse or unusual activity and data requests. This report indicates the user name, record owner, time, date and activity conducted. Please refer to the Primero Data Breach SOP on how to notify of a breach and the escalation process.
    • In-country coordination mechanisms should decide 1) user and role will be assigned the permission to view this report and 2) the process to govern how and when the report is used.  


    CPIMS+ partners agree on Data Breach Procedure and include the decision in the DP-ISP.

    This step is required to go-live.


    Templates for this step:

    Primero Data Breach SOP

  • Congratulations!

    You have completed Phase 1: Assessment

    and can now proceed to Phase 2: Planning!

All Posts