A consortium of NGOs engaged OMBU to design and build a web application for NGOs to standardize how they estimate the cost-efficiency of humanitarian programs. The tool allows the NGOs to compare their programs to benchmarks, identify improvements, and help demonstrate the efficient use of grant funds.
- Technology strategy
- User experience design
- Visual design
- Custom application development
- Enterprise single sign-on
- Serverless data pipelines
- AWS infrastructure
- Security testing
The vision for Dioptra was conceived by a consortium of non-governmental organizations – formed by the International Rescue Committee, Save the Children, Mercy Corps, Acción Contra el Hambre and CARE – who run global humanitarian aid and development programs with diverse funding sources. Donors and program managers review spending and program outcomes to ensure funds are used effectively.
The consortium developed an analysis methodology to estimate their programs’ cost efficiency, and the International Rescue Committee created a web application prototype to beta test the methodology. With a successful proof-of-concept in place, the consortium needed a software development partner who could transform the prototype to an enterprise web application, ready to be adopted by any NGO.
The consortium selected OMBU to build Dioptra because of our team’s capabilities in accessible user experience design, agile implementation of enterprise business applications, and AWS expertise.
Dioptra has a simple, task-optimized user experience. The core flow in Dioptra walks users through a series of tasks using a resumable step-by-step navigation, with clear complete/incomplete progress indicators, so a user can pick up where they left off if they leave an analysis in progress. In these steps, users create an analysis, import the relevant financial transactions from the transaction data store, and categorize the spending. After an analysis is complete, Dioptra calculates the program’s cost efficiency and presents insights and relevant benchmark programs for comparison, along with customized tips for improving the program’s cost efficiency.
A core goal of Dioptra is to be easy for NGOs to adopt. For example, it works with several currencies and languages, and supports multiple authentication mechanisms to align with solutions that are common among NGOs. Dioptra also integrates easily and securely with an NGO’s financial data store, using a serverless data import pipeline. NGOs can push data to Dioptra at processing rates of hundreds of thousands of records per minute.
To ensure data separation, each NGO that adopts Dioptra has their own application instance, in a dedicated AWS account. The instance launch and maintenance is centrally managed with modern AWS practices, such as serverless scripts and CloudFormation templates. The application uses end-to-end encryption for all data in rest and transit, and system-, analysis-, and country-based roles (RBAC) to ensure users have the exact access determined by their role in their organization.
The first Dioptra pilots were successfully conducted in field offices in Democratic Republic of Congo, Kenya, Mali, Somalia, Uganda and Yemen, and OMBU is continuing to collaborate with the consortium to support and improve the application.
Secure Integration with NGO Financial Backends
Dioptra implements a data pipeline allowing NGOs to upload data into the transaction data store easily and securely, by placing a CSV file in either an AWS S3 bucket or through an SFTP server. The creation of the CSV file is entirely in the hands of the NGO using Dioptra, giving maximum control over what data is shared into the application.
Once an NGO initiates a data push, Dioptra triggers a serverless process that validates the submitted data against a required schema. When the pushed data is valid, Dioptra saves it in its data store. If validation fails, Dioptra delivers a detailed report of the issues that need correction. The financial data can process hundreds of thousands of records per minute.
Cross-AWS Account Deployments
For data protection, Dioptra runs on individual AWS accounts for each NGO that adopts the application. Dioptra uses modern AWS DevOps, including serverless scripts and CloudFormation templates. In terms of deployment time, Dioptra can spawn new AWS accounts and application instances in minutes, error-free.
Additionally, continuous integration and continuous deployment (CI/CD) pipelines enable quick centralized management of all Dioptra instances, promoting code quality and enabling easy distribution of security updates and deployment of new versions.
Because the application stores financial data from each NGO, data security is a critical business requirement. OMBU designed Dioptra’s services and infrastructure to use end-to-end encryption for all data, with enterprise single-sign and two-factor authentication. OMBU validated Dioptra’s security using static code analysis and vulnerability testing, and conducted penetration testing with the Zed Attack Proxy (ZAP), a widely used web application security scanner, maintained by the Open Web Application Security Project (OWASP). Prior to launch, the application passed three third-party security audits from Qualys, NCC Group and Obscure Group.