Case Management Systems
Case management systems track individuals across multiple service encounters over time, maintaining longitudinal records of assessments, interventions, referrals, and outcomes. These platforms differ from data collection tools (which capture point-in-time information) and from CRM systems (which manage organisational relationships rather than individual care journeys). Case management platforms provide the workflow orchestration, documentation management, and inter-agency coordination capabilities required for structured service delivery programmes.
Assessment methodology
Tool assessments derive from official vendor documentation, published API references, release notes, and technical specifications as of January 2026. Feature availability varies by product tier, deployment model, and region. Verify current capabilities directly with vendors during procurement. Community-reported information is excluded; only documented features are assessed.
Requirements taxonomy
This taxonomy defines evaluation criteria for case management systems. Requirements are organised by functional area and weighted by typical priority for mission-driven organisations. Adjust weights based on your specific operational context.
Functional requirements
Core capabilities that define what a case management system must do.
Case intake and registration
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| F1.1 | Individual registration | Create records for individuals with demographic attributes, identifiers, and contact information | Full: configurable registration forms with custom fields, duplicate detection, photo capture. Partial: fixed registration fields. None: no individual registration. | Review registration documentation; test form configuration | Essential |
| F1.2 | Household and family modelling | Link individuals into household or family units with relationship types and role designations | Full: configurable relationship types, household head designation, graphical family tree view. Partial: basic parent-child relationships only. None: individuals only. | Review data model documentation; test relationship creation | Essential |
| F1.3 | Duplicate detection and merge | Identify potential duplicate records during registration and merge confirmed duplicates | Full: configurable matching rules, probabilistic matching, merge with audit trail. Partial: basic exact-match detection. None: manual identification only. | Review matching algorithm documentation; test duplicate scenarios | Important |
| F1.4 | Intake workflow configuration | Define multi-step intake processes with conditional routing based on responses | Full: workflow designer with branching logic, approval steps, automatic assignments. Partial: linear intake forms only. None: no workflow configuration. | Review workflow documentation; test conditional routing | Important |
| F1.5 | External referral intake | Accept case referrals from external systems or agencies with data mapping | Full: API intake endpoints, configurable data mapping, referral tracking. Partial: manual data entry from referrals. None: no structured referral intake. | Review API documentation; test integration endpoints | Desirable |
| F1.6 | Self-service registration | Enable individuals to initiate their own registration via web portal or mobile | Full: public registration forms with verification workflow, consent capture. Partial: organisation-initiated only. None: staff registration only. | Review portal documentation; test public access | Context-dependent |
Case workflow and status management
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| F2.1 | Case status lifecycle | Track cases through configurable status stages from intake to closure | Full: custom status definitions, required transitions, status history audit. Partial: fixed status options. None: no status tracking. | Review status configuration documentation | Essential |
| F2.2 | Case type definitions | Support multiple case types with distinct workflows, forms, and requirements | Full: unlimited case types with independent configurations. Partial: limited case type options. None: single case type. | Review case type documentation; count available configurations | Essential |
| F2.3 | Standard operating procedure integration | Embed SOP-defined activities and timelines into case workflows | Full: SOP templates with scheduled activities, deadline tracking, compliance indicators. Partial: manual SOP reference only. None: no SOP integration. | Review SOP documentation; test timeline creation | Important |
| F2.4 | Case assignment and routing | Assign cases to workers based on rules, capacity, or manual selection | Full: automatic assignment rules, workload balancing, geographic routing. Partial: manual assignment only. None: no assignment tracking. | Review assignment rule documentation; test routing logic | Essential |
| F2.5 | Case transfer between workers | Transfer case responsibility with history preservation and handover notes | Full: transfer workflow with approval, notification, complete history transfer. Partial: basic reassignment. None: no transfer capability. | Review transfer documentation; test handover process | Important |
| F2.6 | Supervisor review and approval | Enable supervisory review of case actions with approval workflows | Full: configurable approval workflows, escalation rules, review dashboards. Partial: basic review flags. None: no approval workflows. | Review approval documentation; test supervision features | Important |
Assessment and service planning
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| F3.1 | Assessment form configuration | Create custom assessment instruments with scoring and conditional logic | Full: form builder with calculations, skip logic, validation rules, scoring. Partial: fixed assessment forms. None: free-text notes only. | Review form builder documentation; test form creation | Essential |
| F3.2 | Risk assessment tools | Implement standardised risk assessment frameworks with automatic scoring | Full: configurable risk matrices, automatic score calculation, risk level alerts. Partial: manual risk recording. None: no risk framework. | Review risk assessment documentation | Important |
| F3.3 | Service plan creation | Develop individualised service plans with goals, activities, and timelines | Full: goal hierarchies, activity scheduling, progress tracking, outcome indicators. Partial: basic text-based plans. None: no service planning module. | Review service plan documentation; test plan creation | Essential |
| F3.4 | Service catalogue integration | Select services from a predefined catalogue with eligibility criteria | Full: searchable service catalogue with eligibility rules, availability status. Partial: static service list. None: free-text service entry. | Review catalogue documentation; test service selection | Important |
| F3.5 | Outcome measurement | Track progress against defined outcomes with measurement frameworks | Full: configurable outcome indicators, progress visualisation, longitudinal tracking. Partial: basic outcome recording. None: no outcome framework. | Review outcomes documentation; test measurement configuration | Important |
| F3.6 | Reassessment scheduling | Schedule and track periodic reassessments based on case type or risk level | Full: automatic reassessment scheduling, overdue alerts, comparative analysis. Partial: manual scheduling. None: no reassessment tracking. | Review scheduling documentation; test reminder configuration | Desirable |
Documentation and notes
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| F4.1 | Case notes and activity logging | Record narrative notes and activities against cases with timestamps and attribution | Full: rich text notes, activity types, duration tracking, attachments. Partial: basic text notes. None: no notes capability. | Review notes documentation; test note creation | Essential |
| F4.2 | Document attachment and management | Attach files to cases with versioning and access controls | Full: file versioning, access controls by document type, preview capability, virus scanning. Partial: basic file upload. None: no attachments. | Review document management documentation; test file handling | Essential |
| F4.3 | Template-based documentation | Generate documents from templates with case data auto-population | Full: configurable document templates, mail merge, PDF generation, electronic signature. Partial: fixed templates only. None: no document generation. | Review template documentation; test document creation | Important |
| F4.4 | Voice and multimedia notes | Record voice notes or multimedia content attached to cases | Full: voice recording, video upload, transcription integration. Partial: audio upload only. None: text notes only. | Review multimedia documentation; test recording features | Desirable |
| F4.5 | Audit trail and history | Maintain complete history of all case modifications with user attribution | Full: field-level change tracking, complete audit log, exportable history. Partial: record-level history only. None: no change tracking. | Review audit documentation; test history retrieval | Essential |
Referral management
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| F5.1 | Internal referral workflow | Refer cases between teams or programmes within the organisation | Full: configurable referral types, acceptance workflow, two-way communication. Partial: basic transfer notification. None: no internal referral tracking. | Review referral documentation; test internal referral process | Essential |
| F5.2 | External referral tracking | Track referrals to external service providers with outcome recording | Full: external provider directory, referral status tracking, outcome capture, feedback loop. Partial: basic external referral logging. None: no external referral tracking. | Review external referral documentation; test provider integration | Essential |
| F5.3 | Interagency information sharing | Share case information with external agencies with consent and access controls | Full: granular sharing permissions, consent tracking, audit logging, data minimisation controls. Partial: full record sharing only. None: no external sharing. | Review interoperability documentation; test sharing configuration | Important |
| F5.4 | Referral pathway management | Define and manage referral pathways with eligibility criteria and provider capacity | Full: pathway definition, eligibility rules, capacity tracking, wait time visibility. Partial: static pathway lists. None: no pathway management. | Review pathway documentation; test pathway configuration | Important |
| F5.5 | Bidirectional referral communication | Receive referral status updates and service records from external providers | Full: API-based status exchange, service record import, automated status updates. Partial: manual status updates. None: one-way referrals only. | Review integration documentation; test bidirectional exchange | Desirable |
Reporting and analytics
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| F6.1 | Caseload dashboards | Visualise caseload distribution, status, and workload metrics | Full: configurable dashboards, role-based views, real-time data, drill-down capability. Partial: fixed dashboard views. None: no dashboards. | Review dashboard documentation; test dashboard configuration | Essential |
| F6.2 | Standard report library | Pre-built reports for common case management metrics | Full: extensive report library, scheduled delivery, multiple export formats. Partial: limited pre-built reports. None: no pre-built reports. | Review report library documentation; count available reports | Important |
| F6.3 | Custom report builder | Create ad-hoc reports with user-defined criteria and output formats | Full: drag-and-drop report builder, cross-object reporting, calculated fields. Partial: parameter-based queries only. None: no custom reporting. | Review report builder documentation; test report creation | Important |
| F6.4 | Aggregate data generation | Generate aggregate statistics for external reporting requirements | Full: configurable aggregation rules, HMIS integration, donor reporting templates. Partial: basic aggregation. None: manual aggregation required. | Review aggregation documentation; test aggregate export | Important |
| F6.5 | Outcome and impact reporting | Report on programme outcomes with trend analysis and cohort tracking | Full: outcome frameworks, cohort analysis, longitudinal tracking, benchmark comparison. Partial: basic outcome counts. None: no outcome reporting. | Review outcome reporting documentation | Important |
| F6.6 | Geographic analysis | Analyse case distribution and service coverage geographically | Full: GIS integration, map visualisation, catchment analysis, heat maps. Partial: location-based filtering. None: no geographic analysis. | Review GIS documentation; test mapping features | Desirable |
Technical requirements
Infrastructure, architecture, and deployment considerations.
Deployment and hosting
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| T1.1 | Self-hosted deployment option | Deploy on organisation-controlled infrastructure for data sovereignty | Full: complete feature parity with hosted version, documented deployment process, container support. Partial: self-hosted available with feature limitations. None: SaaS only. | Review deployment documentation; compare feature matrix | Important |
| T1.2 | Cloud deployment options | Vendor-managed cloud deployment with regional data residency options | Full: multiple regions including EU, documented data residency, SOC 2 compliance. Partial: limited regions. None: single region or undisclosed. | Review infrastructure documentation; verify regional availability | Important |
| T1.3 | Container deployment | Support for containerised deployment via Docker or Kubernetes | Full: official container images, Helm charts, documented orchestration. Partial: community images only. None: no container support. | Check container registries; review deployment docs | Desirable |
| T1.4 | High availability architecture | Redundant deployment eliminating single points of failure | Full: documented HA architecture, automatic failover, geographic redundancy. Partial: manual failover procedures. None: single-instance only. | Review architecture documentation; verify clustering support | Context-dependent |
| T1.5 | Offline-capable operation | Function without continuous network connectivity | Full: complete offline operation with automatic sync, conflict resolution. Partial: read-only offline. None: requires constant connectivity. | Review offline documentation; test offline scenarios | Essential |
| T1.6 | Air-gapped deployment | Operate in environments without internet connectivity | Full: complete offline operation documented, local update mechanism. Partial: offline with limitations. None: requires internet. | Review air-gapped deployment documentation | Context-dependent |
Scalability and performance
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| T2.1 | Horizontal scaling | Add capacity by adding nodes rather than upgrading hardware | Full: documented horizontal scaling, load balancing, database sharding. Partial: limited horizontal scaling. None: vertical only. | Review scaling documentation; check architecture | Context-dependent |
| T2.2 | Performance benchmarks | Published performance data under defined conditions | Full: detailed benchmarks with methodology, concurrent user limits. Partial: general performance claims. None: no published data. | Review performance documentation; request vendor data | Desirable |
| T2.3 | Database size limits | Maximum supported database size and record counts | Full: documented limits with migration paths. Partial: soft limits only. None: undocumented. | Review capacity documentation; request vendor confirmation | Important |
| T2.4 | Resource requirements | Published requirements for CPU, memory, storage, bandwidth | Full: detailed sizing guides by user count and case volume. Partial: minimum requirements only. None: undocumented. | Review system requirements documentation | Important |
Integration architecture
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| T3.1 | REST API availability | Programmatic access via REST API for integration and automation | Full: comprehensive API covering all features, versioned, documented. Partial: limited API coverage. None: no API. | Review API documentation completeness; compare to UI features | Essential |
| T3.2 | API authentication methods | Supported methods for securing API access | Full: multiple methods (API keys, OAuth 2.0, OIDC, service accounts). Partial: single method. None: basic auth only. | Review API security documentation | Important |
| T3.3 | Webhook support | Push event notifications to external systems | Full: configurable webhooks for all events, retry logic, payload customisation. Partial: limited events. None: polling only. | Review webhook documentation; check event coverage | Important |
| T3.4 | Bulk data operations | Support for large-scale data import and export | Full: batch APIs, streaming, async operations, progress tracking. Partial: limited batch size. None: record-by-record only. | Review bulk operation documentation; check limits | Important |
| T3.5 | FHIR compliance | Support for HL7 FHIR healthcare interoperability standard | Full: native FHIR resources, R4 compliance, SMART on FHIR. Partial: FHIR export only. None: no FHIR support. | Review FHIR documentation; test compliance | Context-dependent |
| T3.6 | HMIS integration | Integration with health management information systems | Full: native DHIS2 integration, aggregate data push. Partial: manual data export. None: no HMIS integration. | Review HMIS integration documentation | Context-dependent |
Security requirements
Security controls and data protection capabilities.
Authentication and access control
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| S1.1 | Multi-factor authentication | MFA support on user accounts | Full: multiple MFA methods (TOTP, WebAuthn, push), enforced by policy. Partial: single MFA method. None: password only. | Review authentication documentation; test MFA configuration | Essential |
| S1.2 | Single sign-on integration | Federated identity via SSO | Full: SAML 2.0 and OIDC support, multiple IdP. Partial: single protocol or IdP. None: local auth only. | Review SSO documentation; check supported protocols | Essential |
| S1.3 | Role-based access control | Restrict access based on defined roles | Full: granular permissions, custom roles, object-level access. Partial: fixed roles only. None: all-or-nothing access. | Review RBAC documentation; test permission granularity | Essential |
| S1.4 | Field-level permissions | Control visibility and editability at the field level | Full: configurable field visibility and edit permissions by role. Partial: form-level only. None: record-level only. | Review field security documentation | Important |
| S1.5 | Geographic access restrictions | Limit access based on organisational unit or location | Full: hierarchical location-based access, data ownership by location. Partial: global access only. None: no geographic restrictions. | Review location-based access documentation | Important |
| S1.6 | Session management | Control session duration and concurrent login policies | Full: configurable timeouts, concurrent session limits, forced logout. Partial: fixed session settings. None: no session controls. | Review session documentation | Important |
Data protection
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| S2.1 | Encryption at rest | Encrypt stored data | Full: AES-256 encryption, customer-managed keys option. Partial: platform-managed keys only. None: unencrypted storage. | Review encryption documentation; verify key management | Essential |
| S2.2 | Encryption in transit | Encrypt data during transmission | Full: TLS 1.3, certificate pinning option, no fallback to unencrypted. Partial: TLS 1.2. None: unencrypted transmission possible. | Review transport security documentation; test configuration | Essential |
| S2.3 | Data anonymisation | Anonymise or pseudonymise data for secondary use | Full: configurable anonymisation rules, differential privacy options. Partial: basic data masking. None: no anonymisation tools. | Review anonymisation documentation | Important |
| S2.4 | Data retention policies | Enforce automated data retention and deletion | Full: configurable retention by data type, automated deletion, legal hold. Partial: manual deletion only. None: no retention automation. | Review retention documentation; test deletion workflows | Important |
| S2.5 | Consent management | Track and enforce data processing consent | Full: granular consent tracking, purpose limitation enforcement, withdrawal workflow. Partial: basic consent recording. None: no consent tracking. | Review consent documentation; test consent workflows | Essential |
Audit and compliance
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| S3.1 | Comprehensive audit logging | Log all data access and modifications | Full: field-level audit, query logging, export capability, tamper-proof. Partial: record-level only. None: limited logging. | Review audit documentation; test log retrieval | Essential |
| S3.2 | Security certifications | Third-party security certifications | Full: SOC 2 Type II, ISO 27001, penetration testing. Partial: SOC 2 Type I or self-assessment. None: no certifications. | Request certification documentation; verify currency | Important |
| S3.3 | GDPR compliance features | Tools supporting GDPR compliance requirements | Full: data subject access, portability, erasure automation. Partial: manual compliance processes. None: no GDPR-specific features. | Review GDPR documentation; test data subject requests | Important |
| S3.4 | Data residency controls | Control geographic location of data storage | Full: region selection with guarantees, no cross-border transfer without consent. Partial: primary region selection. None: undisclosed location. | Review data residency documentation; request DPA | Important |
Operational requirements
Administration, support, and ongoing management considerations.
Administration and configuration
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| O1.1 | Form builder interface | Configure forms without coding | Full: visual drag-and-drop builder, conditional logic, validation rules. Partial: template customisation only. None: developer-only configuration. | Review form builder documentation; test form creation | Essential |
| O1.2 | Workflow configuration interface | Configure workflows without coding | Full: visual workflow designer, branching, triggers, notifications. Partial: limited workflow options. None: code-based only. | Review workflow documentation; test configuration | Important |
| O1.3 | User management interface | Administer users, roles, and permissions | Full: bulk operations, role assignment, access review. Partial: individual user management. None: external admin only. | Review admin documentation; test user management | Essential |
| O1.4 | System configuration options | Configure system behaviour and settings | Full: extensive configuration options, feature toggles. Partial: basic settings. None: fixed configuration. | Review configuration documentation; count configurable options | Important |
| O1.5 | Multi-tenancy support | Support multiple independent organisations in single deployment | Full: complete data isolation, independent configuration per tenant. Partial: shared configuration. None: single tenant only. | Review multi-tenancy documentation | Context-dependent |
Monitoring and observability
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| O2.1 | System health monitoring | Monitor system performance and availability | Full: built-in monitoring, alerts, performance dashboards. Partial: basic status indicators. None: external monitoring required. | Review monitoring documentation | Important |
| O2.2 | User activity monitoring | Track user login and activity patterns | Full: login history, session tracking, activity reports. Partial: basic login logs. None: no user monitoring. | Review activity monitoring documentation | Important |
| O2.3 | Error tracking and alerting | Capture and alert on system errors | Full: error aggregation, alerting, stack traces. Partial: basic error logs. None: no error tracking. | Review error handling documentation | Important |
Backup and recovery
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| O3.1 | Automated backup | Regular automated data backup | Full: configurable schedule, multiple retention points, encrypted backups. Partial: daily backups only. None: manual backup required. | Review backup documentation; verify schedule | Essential |
| O3.2 | Point-in-time recovery | Restore to specific point in time | Full: continuous backup with granular recovery. Partial: daily recovery points. None: latest backup only. | Review recovery documentation; test restoration | Important |
| O3.3 | Disaster recovery | Recover from complete system failure | Full: documented DR procedures, tested recovery, RTO/RPO guarantees. Partial: basic recovery procedures. None: no DR plan. | Review DR documentation; request RTO/RPO | Important |
Support and maintenance
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| O4.1 | Documentation quality | Comprehensive user and administrator documentation | Full: complete documentation, regularly updated, searchable. Partial: basic documentation. None: minimal documentation. | Review documentation completeness and currency | Essential |
| O4.2 | Training resources | Training materials and programmes available | Full: self-paced courses, live training, certification. Partial: basic tutorials. None: documentation only. | Review training availability; check certification options | Important |
| O4.3 | Support channels | Available support channels and response times | Full: multiple channels, defined SLAs, 24x7 option. Partial: email support only. None: community support only. | Review support documentation; verify SLAs | Important |
| O4.4 | Release frequency | Regularity of updates and new features | Full: regular releases, published roadmap, long-term support versions. Partial: infrequent updates. None: no regular releases. | Review release history; check roadmap | Important |
| O4.5 | Community resources | Active user community and resources | Full: active forums, user groups, third-party integrations. Partial: vendor forums only. None: no community. | Review community activity; count third-party resources | Desirable |
Mobile and field access requirements
Capabilities for field-based case workers.
| ID | Requirement | Description | Assessment criteria | Verification method | Typical priority |
|---|---|---|---|---|---|
| M1.1 | Native mobile application | Dedicated mobile app for case management functions | Full: native iOS and Android apps with core functionality. Partial: mobile web only. None: desktop-only interface. | Review mobile app documentation; test app availability | Essential |
| M1.2 | Offline data capture | Capture case information without network connectivity | Full: complete case creation and editing offline, automatic sync. Partial: read-only offline. None: requires connectivity. | Review offline documentation; test offline scenarios | Essential |
| M1.3 | Mobile data synchronisation | Sync data between mobile devices and server | Full: automatic background sync, conflict resolution, selective sync. Partial: manual sync. None: real-time only. | Review sync documentation; test sync behaviour | Essential |
| M1.4 | GPS and location capture | Record geographic coordinates during case activities | Full: GPS capture, location history, map integration. Partial: manual location entry. None: no location capability. | Review GPS documentation; test location capture | Important |
| M1.5 | Mobile photo and media capture | Capture photos and media attached to cases | Full: camera integration, photo annotation, video capture. Partial: photo upload only. None: no media capture. | Review media documentation; test capture features | Important |
| M1.6 | Low-bandwidth optimisation | Function effectively on slow network connections | Full: data compression, incremental sync, progressive loading. Partial: basic compression. None: requires fast connection. | Review bandwidth documentation; test on slow connections | Important |
Comparison matrices
Rating scale
Assessments use a standardised rating scale:
| Symbol | Meaning |
|---|---|
| ● | Full support: capability fully meets requirement with no significant limitations |
| ◐ | Partial support: capability exists with notable limitations or requires workarounds |
| ○ | Minimal support: basic capability exists but substantially limited |
| ✗ | Not supported: capability is not available |
| - | Not applicable: requirement does not apply to this tool |
| ? | Not assessed: insufficient documentation to evaluate |
Modifiers:
| Modifier | Meaning |
|---|---|
| $ | Feature requires paid tier beyond base licence |
| β | Feature in beta or preview |
| E | Feature available in enterprise tier only |
| P | Feature requires plugin or extension |
| C | Feature provided by community contribution |
Solution overview
| Tool | Type | Licence | Current version | Primary deployment | Focus area |
|---|---|---|---|---|---|
| Primero | FOSS | AGPL-3.0 | 2.11 | Self-hosted / UNICEF Cloud | Child protection, GBV response |
| DHIS2 Tracker | FOSS | BSD-3-Clause | 2.41 | Self-hosted / Cloud | Health programme tracking |
| OpenMRS | FOSS | MPL-2.0 | 3.6 | Self-hosted | Clinical case management |
| OpenSRP | FOSS | Apache-2.0 | 2.x | Self-hosted / Cloud | Community health, FHIR-native |
| CiviCRM | FOSS | AGPL-3.0 | 5.78 | Self-hosted | Constituent services, workflows |
| CommCare | Commercial | Proprietary | 2025.x | SaaS / Self-hosted | Data collection with case tracking |
| Casebook | Commercial | Proprietary | Current | SaaS | Human services case management |
| Salesforce | Commercial | Proprietary | Current | SaaS | Enterprise service management |
Functional capability matrix
Case intake and registration
| Requirement | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| F1.1 Individual registration | ● | ● | ● | ● | ● | ● | ● | ● |
| F1.2 Household modelling | ● | ● | ◐ | ● | ◐ | ● | ● | ◐$ |
| F1.3 Duplicate detection | ● | ● | ● | ● | ◐P | ● | ◐ | ●$ |
| F1.4 Intake workflow | ● | ● | ◐ | ● | ● | ● | ● | ●$ |
| F1.5 External referral intake | ● | ◐ | ● | ● | ◐ | ● | ◐ | ● |
| F1.6 Self-service registration | ◐ | ✗ | ◐ | ✗ | ●P | ◐ | ● | ●$ |
Assessment notes:
Primero provides comprehensive registration with configurable forms, photo capture, and sophisticated duplicate matching using probabilistic algorithms. Household modelling includes genograms and extended family relationships specific to child protection contexts.
DHIS2 Tracker excels at tracked entity registration with configurable attributes and programme enrolment. Household modelling through relationships requires careful configuration. No native self-service portal.
OpenMRS registration is clinically focused with patient demographics. Household relationships exist but require module configuration. The FHIR API enables external intake integration.
OpenSRP provides FHIR-native patient registration with household enumeration for community health contexts. Mobile-first design optimises field registration workflows.
CiviCRM offers flexible contact management but requires the CiviCase extension for case management. Duplicate detection available through Dedupe Rules extension. Self-service via CiviCRM’s profile forms.
CommCare registration is highly configurable through XForms. Strong household modelling with case hierarchies. Limited self-service without custom application development.
Casebook provides intake workflows designed for human services with configurable forms. Duplicate detection is present but less sophisticated than specialised tools.
Salesforce requires Service Cloud for case management. Enterprise features require additional licensing (Health Cloud, Nonprofit Cloud). Robust duplicate management in paid tiers.
Case workflow and status management
| Requirement | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| F2.1 Case status lifecycle | ● | ● | ◐ | ● | ● | ● | ● | ● |
| F2.2 Case type definitions | ● | ● | ● | ● | ● | ● | ● | ● |
| F2.3 SOP integration | ● | ● | ◐ | ● | ● | ● | ◐ | ●$ |
| F2.4 Case assignment | ● | ● | ◐ | ● | ● | ● | ● | ● |
| F2.5 Case transfer | ● | ● | ◐ | ● | ● | ◐ | ● | ● |
| F2.6 Supervisor review | ● | ◐ | ◐ | ● | ◐P | ● | ● | ●$ |
Assessment notes:
Primero provides comprehensive case management with CPIMS+ (child protection) and GBVIMS+ (GBV) configurations. SOPs are embedded as case workflows with automatic activity scheduling. Supervisor approval workflows are configurable.
DHIS2 Tracker uses programme stages rather than traditional case status. SOPs are implemented through programme rules. Supervisor review available through user authorities but lacks dedicated approval workflows.
OpenMRS is clinically focused with visit/encounter paradigm rather than case status. Extension modules add case management capabilities. Limited workflow automation compared to dedicated case management systems.
OpenSRP implements care plans as case workflows with FHIR-native task management. Strong mobile supervision features for community health contexts.
CiviCRM’s CiviCase provides configurable case types with activity timelines. Supervisor approval requires custom configuration or extensions. Case transfer is straightforward with history preservation.
CommCare uses case properties to model status. Powerful application logic for SOPs but requires configuration effort. Case sharing and transfer require careful application design.
Casebook provides human services workflow with configurable status stages. Limited SOP automation compared to specialised humanitarian tools.
Salesforce offers extensive workflow automation through Flow. Advanced features require additional licensing. Enterprise approval processes available.
Assessment and service planning
| Requirement | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| F3.1 Assessment forms | ● | ● | ● | ● | ● | ● | ● | ● |
| F3.2 Risk assessment | ● | ◐ | ◐ | ● | ◐P | ● | ◐ | ●$ |
| F3.3 Service plan creation | ● | ◐ | ● | ● | ● | ● | ● | ●$ |
| F3.4 Service catalogue | ● | ◐ | ● | ◐ | ◐ | ◐ | ● | ● |
| F3.5 Outcome measurement | ● | ● | ◐ | ◐ | ◐ | ● | ● | ●$ |
| F3.6 Reassessment scheduling | ● | ● | ◐ | ● | ● | ● | ◐ | ●$ |
Assessment notes:
Primero includes standardised child protection and GBV assessment forms with built-in risk scoring. Service planning is core functionality with action plan tracking. Outcome measurement includes IRC-developed outcome scales for GBVIMS+.
DHIS2 Tracker provides flexible programme stage design for assessments. Risk scoring requires programme indicators configuration. Service planning is not a native concept but can be modelled through programme stages.
OpenMRS offers clinical form capabilities through Form Builder and O3 Form Engine. Care plans are supported for treatment planning. Outcome measurement through clinical indicators.
OpenSRP implements care plans with WHO Smart Guidelines integration. Task-based follow-up scheduling is well-developed for community health protocols.
CiviCRM case activities can model assessments but lack native scoring. Extensions available for specific assessment types. Service plans through activity timelines.
CommCare provides powerful form design with calculations for risk scoring. Service planning through case properties and scheduled forms. Outcome tracking through programme indicator configuration.
Casebook includes assessment tools designed for human services contexts. Service planning is core functionality. Built-in reports support outcome measurement.
Salesforce requires configuration for assessment scoring. Health Cloud and Nonprofit Cloud include care plan functionality at additional cost.
Referral management
| Requirement | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| F5.1 Internal referral | ● | ◐ | ● | ◐ | ● | ● | ● | ● |
| F5.2 External referral | ● | ◐ | ● | ◐ | ◐ | ◐ | ● | ●$ |
| F5.3 Interagency sharing | ● | ◐ | ● | ◐ | ◐ | ◐ | ◐ | ●E |
| F5.4 Referral pathways | ● | ◐ | ◐ | ◐ | ◐ | ◐ | ◐ | ◐$ |
| F5.5 Bidirectional communication | ● | ◐ | ● | ◐ | ◐ | ◐ | ◐ | ●E |
Assessment notes:
Primero excels at referral management with built-in interagency sharing capabilities designed for humanitarian coordination. Includes consent-based data sharing with configurable field-level permissions. Integrates with UNHCR proGres and other systems.
DHIS2 Tracker supports referrals through ownership transfer and sharing. True interagency sharing requires careful data sharing configuration or custom integration.
OpenMRS provides FHIR-based referral capabilities. ServiceRequest resources enable external referrals. Interoperability strength enables bidirectional communication with other FHIR systems.
OpenSRP supports referrals within care workflows. Limited external referral tracking compared to specialised systems.
CiviCRM case activities can track referrals. External provider management requires extension or custom configuration.
CommCare requires application configuration for referral workflows. Integration layer can enable external communication.
Casebook includes referral tracking for human services. Limited interagency sharing capabilities.
Salesforce provides sophisticated referral management with additional licensing. Health Cloud includes care coordination features.
Technical capability matrix
Deployment options
| Capability | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| Self-hosted | ● | ● | ● | ● | ● | ●$ | ✗ | ✗ |
| Vendor cloud | ● | ● | ◐ | ● | ◐ | ● | ● | ● |
| Container support | ● | ● | ● | ● | ● | ● | - | - |
| High availability | ● | ● | ● | ● | ● | ● | ● | ● |
| Offline operation | ● | ● | ◐ | ● | ✗ | ● | ◐ | ◐ |
| Air-gapped | ● | ● | ● | ◐ | ● | ◐ | ✗ | ✗ |
Deployment details:
| Tool | Self-hosted requirements | Container options | Cloud regions |
|---|---|---|---|
| Primero | Docker Compose or Kubernetes, PostgreSQL, Redis | Official Docker images, Helm charts | UNICEF Azure (multiple regions) |
| DHIS2 Tracker | Tomcat, PostgreSQL, minimum 4GB RAM | Official Docker images, Helm charts | Multiple providers available |
| OpenMRS | Java 11+, MySQL/MariaDB 8+, minimum 4GB RAM | Official Docker images, Docker Compose | Community hosting available |
| OpenSRP | HAPI FHIR, Keycloak, minimum 8GB RAM | Docker Compose provided | Ona cloud, Google Cloud |
| CiviCRM | PHP 8.1+, MySQL/MariaDB, CMS host | Docker available via community | Hosting partners available |
| CommCare | - | - | Multi-region SaaS |
| Casebook | - | - | US-based cloud |
| Salesforce | - | - | Global data centres |
API capabilities
| Capability | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| REST API | ● | ● | ● | ● | ● | ●$ | ●$ | ● |
| API versioning | ● | ● | ● | ● | ● | ● | ◐ | ● |
| OAuth 2.0 | ◐ | ● | ● | ● | ◐ | ● | ● | ● |
| Webhooks | ◐ | ◐ | ◐ | ◐ | ◐P | ● | ● | ● |
| Bulk operations | ● | ● | ● | ● | ● | ● | ● | ● |
| GraphQL | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
API details:
| Tool | API documentation | Authentication methods | Rate limits |
|---|---|---|---|
| Primero | GitHub doc/api.md | JWT tokens, 60-minute expiry | Not published |
| DHIS2 Tracker | docs.dhis2.org | Basic, OAuth 2.0, API tokens | Configurable |
| OpenMRS | wiki.openmrs.org | Basic, Session, OAuth 2.0 | Not enforced |
| OpenSRP | docs.opensrp.io | Keycloak OAuth 2.0, JWT | Configurable |
| CiviCRM | docs.civicrm.org | Site key, API key | Not enforced |
| CommCare | commcare-hq.readthedocs.io | API key (email:key), OAuth 2.0 | Plan-dependent |
| Casebook | gohub.casebook.net | OAuth 2.0, 1-hour token expiry | Not published |
| Salesforce | developer.salesforce.com | OAuth 2.0, JWT, SOAP | Plan-dependent |
Standards compliance
| Standard | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| HL7 FHIR | ◐ | ◐ | ● | ● | ✗ | ◐ | ✗ | ●$ |
| OpenRosa XForms | ✗ | ✗ | ✗ | ✗ | ✗ | ● | ✗ | ✗ |
| DHIS2 ADX | ◐ | ● | ◐ | ◐ | ✗ | ● | ✗ | ✗ |
| IATI | ✗ | ✗ | ✗ | ✗ | ◐P | ✗ | ✗ | ◐$ |
| IMS Global | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ◐$ |
Security capability matrix
Authentication methods
| Method | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| Username/password | ● | ● | ● | ● | ● | ● | ● | ● |
| TOTP MFA | ● | ● | ● | ● | ◐P | ● | ● | ● |
| WebAuthn/FIDO2 | ◐ | ◐ | ◐ | ● | ✗ | ◐ | ◐ | ● |
| SAML 2.0 SSO | ● | ● | ● | ● | ◐P | ●$ | ● | ● |
| OIDC SSO | ● | ● | ● | ● | ◐P | ●$ | ● | ● |
| Smart card/PIV | ✗ | ✗ | ◐ | ✗ | ✗ | ✗ | ✗ | ●E |
Data protection
| Capability | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| Encryption at rest | ● | ● | ● | ● | ● | ● | ● | ● |
| Field-level encryption | ◐ | ◐ | ◐ | ◐ | ◐P | ◐ | ◐ | ●$ |
| Customer-managed keys | ◐ | ◐ | ● | ◐ | ● | ✗ | ✗ | ●E |
| Data masking | ● | ● | ● | ◐ | ◐ | ◐ | ◐ | ●$ |
| Consent management | ● | ◐ | ◐ | ◐ | ◐P | ◐ | ◐ | ●$ |
| Right to erasure | ● | ● | ● | ◐ | ● | ◐ | ● | ● |
Security certifications
| Certification | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| SOC 2 Type II | ◐ | ◐ | ✗ | ◐ | ✗ | ● | ● | ● |
| ISO 27001 | ◐ | ◐ | ✗ | ◐ | ✗ | ● | ◐ | ● |
| HIPAA attestation | ✗ | ✗ | ✗ | ◐ | ✗ | ●$ | ● | ● |
| FedRAMP | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ● |
| CSA STAR | ✗ | ✗ | ✗ | ✗ | ✗ | ◐ | ✗ | ● |
Notes: FOSS solutions’ certifications depend on hosting provider. UNICEF Azure hosting for Primero includes Azure certifications. Self-hosted deployments require organisation’s own security controls.
Mobile and offline capability matrix
| Capability | Primero | DHIS2 Tracker | OpenMRS | OpenSRP | CiviCRM | CommCare | Casebook | Salesforce |
|---|---|---|---|---|---|---|---|---|
| Native Android app | ● | ● | ◐ | ● | ✗ | ● | ◐ | ●$ |
| Native iOS app | ◐ | ◐ | ◐ | ✗ | ✗ | ● | ◐ | ●$ |
| Progressive web app | ● | ● | ● | ◐ | ◐ | ● | ● | ● |
| Full offline operation | ● | ● | ◐ | ● | ✗ | ● | ✗ | ◐$ |
| Offline data sync | ● | ● | ◐ | ● | ✗ | ● | ◐ | ◐$ |
| Conflict resolution | ● | ● | ◐ | ● | - | ● | - | ◐$ |
| GPS capture | ● | ● | ◐ | ● | ◐P | ● | ◐ | ● |
| Photo capture | ● | ● | ● | ● | ◐P | ● | ● | ● |
Assessment notes:
Primero’s RapidReg mobile app provides full offline child protection case management with sophisticated sync. PWA also supports offline with service workers.
DHIS2 Android Capture app supports offline tracker data entry with automatic sync when connectivity returns. Good conflict resolution.
OpenMRS mobile capabilities vary by implementation. O3 includes PWA with offline capabilities. Dedicated mobile apps exist for specific use cases.
OpenSRP’s Android app is designed for offline-first community health work. No iOS app currently available. FHIR-based sync handles conflicts well.
CiviCRM lacks native mobile apps. Responsive design works on mobile browsers but no offline capability.
CommCare provides the strongest mobile platform with full offline operation, sophisticated sync with conflict resolution, and extensive media capture.
Casebook provides mobile web access but limited offline functionality.
Salesforce mobile apps require Field Service or additional licensing for full offline capability.
Pricing comparison
| Tool | Licence model | Base cost | Per-user cost | Enterprise tier |
|---|---|---|---|---|
| Primero | AGPL-3.0 | Free (self-hosted) | N/A | UNICEF hosting available |
| DHIS2 Tracker | BSD-3-Clause | Free (self-hosted) | N/A | Partner support available |
| OpenMRS | MPL-2.0 | Free (self-hosted) | N/A | Implementation partners |
| OpenSRP | Apache-2.0 | Free (self-hosted) | N/A | Ona implementation services |
| CiviCRM | AGPL-3.0 | Free (self-hosted) | N/A | Hosting partners |
| CommCare | Proprietary | Free (limited) | $250-500/month plan-based | $1000+/month |
| Casebook | Proprietary | Contact vendor | Per-user pricing | Contact vendor |
| Salesforce | Proprietary | $25/user/month minimum | $100-300/user/month typical | $400+/user/month |
Cost notes:
FOSS solutions have zero licensing cost but require infrastructure, implementation, and ongoing support investment. Total cost of ownership depends heavily on internal technical capacity.
CommCare offers a Community tier with limited features. Standard Plan required for API access. Nonprofit pricing available.
Casebook uses per-user pricing model with transparent rates. Specific pricing requires vendor consultation.
Salesforce provides Power of Us programme offering 10 free Enterprise Edition licences to eligible nonprofits. Additional licences at discounted rates. Service Cloud and additional products require separate licensing.
TCO considerations:
| Cost category | FOSS self-hosted | FOSS managed | Commercial SaaS |
|---|---|---|---|
| Licensing | None | None-Low | High |
| Infrastructure | Medium-High | Low | None |
| Implementation | High | Medium | Medium |
| Training | Medium | Medium | Low-Medium |
| Ongoing support | Medium-High | Low-Medium | Low |
| Customisation | Medium | Medium-High | Medium-High |
Individual tool assessments
Primero
Type: FOSS
Licence: AGPL-3.0
Current version: 2.11 (December 2025)
Source: https://github.com/primeroIMS/primero
Documentation: https://support.primero.org / GitHub docs
Primero is an open source case management platform developed by UNICEF for child protection and gender-based violence response. The system implements CPIMS+ (Child Protection Information Management System) and GBVIMS+ (Gender-Based Violence Information Management System) standards used across humanitarian response contexts. Primero serves as a certified digital public good with implementations in over 80 countries.
The platform architecture uses Ruby on Rails backend with React frontend, PostgreSQL database, and optional Solr for search indexing. Deployment options include Docker Compose for single-server installations and Kubernetes for scaled deployments. UNICEF provides cloud hosting through Azure for implementations requiring managed infrastructure.
Capability assessment for case management:
Primero provides comprehensive case management functionality specifically designed for protection contexts. Case workflows implement Inter-Agency CP and GBV Standard Operating Procedures with configurable timelines, activities, and approval gates. The referral system supports both internal transfers and interagency sharing with granular consent-based access controls.
Assessment tools include standardised child protection and GBV instruments with automatic risk scoring. The GBVIMS+ configuration includes IRC’s GBV Case Management Outcome Scales for outcome measurement. Service planning functionality tracks action plans with scheduled activities and deadline monitoring.
Offline capability through the RapidReg mobile application enables full case management in disconnected environments. Data synchronisation handles conflict resolution for cases edited offline by multiple users. The PWA implementation provides browser-based offline access as an alternative to the native app.
Strengths:
- Purpose-built for humanitarian protection contexts with CP and GBV expertise embedded
- Strong interagency sharing capabilities designed for coordination contexts
- Mature offline functionality with sophisticated sync and conflict resolution
- No licensing costs with UNICEF-backed long-term sustainability
- Compliance with humanitarian data protection standards
- Active development with regular releases and roadmap transparency
Limitations:
- Steep learning curve for configuration and administration
- Limited applicability outside protection/humanitarian contexts
- Requires significant implementation expertise for deployment
- Documentation quality varies; some features poorly documented
- Self-hosted deployment requires substantial technical capacity
- No native iOS application (Android and PWA only)
Deployment requirements (self-hosted):
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 2 cores | 4+ cores |
| RAM | 4GB | 8GB+ |
| Storage | 20GB | 100GB+ |
| Database | PostgreSQL 13+ | PostgreSQL 15+ |
| Container runtime | Docker 20.10+ | Kubernetes 1.25+ |
Organisational fit:
Best suited for: Humanitarian organisations implementing child protection or GBV programmes, government social welfare agencies in development contexts, organisations requiring interagency data sharing with protection-specific consent management.
Less suitable for: Non-protection case management, organisations without technical implementation capacity, contexts requiring iOS mobile app, small organisations without dedicated IT support.
DHIS2 Tracker
Type: FOSS
Licence: BSD-3-Clause
Current version: 2.41 (2025)
Source: https://github.com/dhis2
Documentation: https://docs.dhis2.org
DHIS2 Tracker extends the DHIS2 health information management platform with individual-level data capture and longitudinal tracking capabilities. While DHIS2 Core handles aggregate data, Tracker enables case-based surveillance, patient tracking, and programme monitoring at individual level. The platform is deployed as the national health information system in over 80 countries.
The architecture is Java-based with PostgreSQL backend. Tracker functionality integrates with DHIS2’s organisation unit hierarchy, user management, and analytics infrastructure. The Android Capture app provides mobile data entry with offline support.
Capability assessment for case management:
DHIS2 Tracker implements case management through the tracked entity and programme model. Tracked entities represent individuals (or other tracked items) with configurable attributes. Programmes define the service delivery workflow through programme stages, which represent encounters or service events.
Programme rules provide decision support and workflow automation, triggering actions based on data values. This enables risk flagging, automatic calculations, and conditional data entry. Working lists filter tracked entities by criteria, functioning as case worklists for case managers.
The platform excels at health programme tracking with strong analytical capabilities. Programme indicators aggregate individual data for reporting. Integration with DHIS2’s visualisation tools enables dashboards combining aggregate and individual data views.
Strengths:
- Deep integration with national HMIS infrastructure in 80+ countries
- Strong analytical capabilities bridging individual and aggregate data
- Mature offline mobile application with good sync reliability
- Programme rules provide flexible decision support
- Large implementer community and extensive documentation
- No licensing costs with established long-term sustainability
Limitations:
- Designed for health data, requiring adaptation for non-health case management
- Limited workflow orchestration compared to dedicated case management tools
- Referral management is basic compared to social services tools
- Service planning not a native concept; requires programme design workarounds
- Supervision and approval workflows require custom configuration
- Learning curve for programme design and configuration
Deployment requirements:
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 4 cores | 8+ cores |
| RAM | 8GB | 16GB+ |
| Storage | 50GB | 500GB+ |
| Database | PostgreSQL 13+ | PostgreSQL 15+ |
| Java | OpenJDK 11+ | OpenJDK 17+ |
Organisational fit:
Best suited for: Health programmes requiring individual tracking integrated with HMIS, ministries of health implementing case-based surveillance, organisations already using DHIS2 for aggregate reporting.
Less suitable for: Non-health social services case management, organisations requiring sophisticated workflow automation, contexts without existing DHIS2 implementation or expertise.
OpenMRS
Type: FOSS
Licence: MPL-2.0
Current version: 3.6 (November 2025)
Source: https://github.com/openmrs
Documentation: https://wiki.openmrs.org
OpenMRS is an open source electronic medical record system designed for resource-constrained healthcare environments. The platform uses a concept dictionary architecture enabling flexible clinical data modelling without schema changes. OpenMRS 3 (O3) introduces a modern React frontend with improved user experience.
Capability assessment for case management:
OpenMRS approaches case management from a clinical perspective. Patients serve as the tracked entity with configurable person attributes. Clinical encounters record service delivery events with observations capturing clinical data points. Care plans provide service planning functionality for treatment protocols.
The FHIR module enables standards-based integration, supporting Patient, Encounter, Observation, CarePlan, and ServiceRequest resources. This positions OpenMRS as an interoperable component in health information exchange architectures.
Case management workflows rely on visit types and encounter types to model service delivery. Form Builder and Form Engine enable custom form creation. Clinical decision support is available through module extensions.
Strengths:
- Mature clinical data model with 20+ years of refinement
- Strong FHIR compliance enabling health information exchange
- Large implementation community with country-specific distributions
- Flexible concept dictionary avoids schema lock-in
- No licensing costs with established sustainability model
- Modern O3 frontend improving usability
Limitations:
- Designed for clinical contexts; adaptation needed for social services
- Case management workflows less developed than dedicated tools
- Referral management basic compared to social services platforms
- Offline capability varies by implementation
- Complex architecture requires significant technical expertise
- Configuration through modules can be fragmented
Deployment requirements:
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 2 cores | 4+ cores |
| RAM | 4GB | 8GB+ |
| Storage | 50GB | 200GB+ |
| Database | MySQL 8.0+ | MySQL 8.0+ |
| Java | OpenJDK 11+ | OpenJDK 17+ |
Organisational fit:
Best suited for: Healthcare facilities requiring EMR with case tracking, HIV/TB programmes with longitudinal patient management, health programmes requiring FHIR interoperability.
Less suitable for: Non-clinical case management, organisations without clinical workflow requirements, contexts requiring sophisticated social services workflow automation.
OpenSRP
Type: FOSS
Licence: Apache-2.0
Current version: 2.x (FHIR Core)
Source: https://github.com/opensrp
Documentation: https://docs.opensrp.io
OpenSRP (Open Smart Register Platform) is a FHIR-native mobile health platform designed for community health programmes. OpenSRP 2 (FHIR Core) builds on the Android FHIR SDK and HAPI FHIR server, providing offline-first mobile case management aligned with WHO Smart Guidelines.
The architecture uses HAPI FHIR as the data store, Keycloak for identity management, and a Kotlin-based Android application. Configuration is FHIR-native, using Questionnaires for forms and PlanDefinitions for workflows.
Capability assessment for case management:
OpenSRP implements case management through FHIR resources. Patients and Groups (households) serve as tracked entities. CarePlans define service protocols with Tasks representing individual service actions. This FHIR-native approach enables standards-based interoperability.
The Android application provides full offline operation with sophisticated sync handling. Task management drives worker activity lists, showing overdue services and scheduled visits. In-app reports aggregate data for community health worker performance monitoring.
WHO Smart Guidelines integration enables standardised clinical protocols. CQL (Clinical Quality Language) provides decision support logic. The platform supports maternal and child health, immunisation, family planning, and community case management use cases.
Strengths:
- FHIR-native architecture enabling standards-based interoperability
- Strong offline-first mobile design for community health
- WHO Smart Guidelines integration for standardised protocols
- Modern Kotlin/Android development with active maintenance
- Open source with no licensing costs
- Designed specifically for community health contexts
Limitations:
- No iOS application currently available
- Requires FHIR expertise for configuration
- Smaller implementation community than alternatives
- Limited applicability outside health contexts
- Self-hosted deployment requires significant infrastructure
- Documentation still maturing for newer features
Deployment requirements:
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 4 cores | 8+ cores |
| RAM | 8GB | 16GB+ |
| Storage | 100GB | 500GB+ |
| Components | HAPI FHIR, Keycloak, PostgreSQL | Add OpenSearch, Redis |
Organisational fit:
Best suited for: Community health programmes requiring mobile-first case management, organisations implementing WHO Smart Guidelines, health systems building FHIR-based infrastructure.
Less suitable for: Non-health case management, organisations requiring iOS support, implementations without FHIR expertise, small-scale deployments where simpler tools suffice.
CiviCRM
Type: FOSS
Licence: AGPL-3.0
Current version: 5.78 (2025)
Source: https://github.com/civicrm/civicrm-core
Documentation: https://docs.civicrm.org
CiviCRM is an open source constituent relationship management system designed for nonprofits. CiviCase, the case management component, tracks sequences of interactions and activities related to individuals. The platform integrates with WordPress, Drupal, Joomla, and Backdrop CMS.
Capability assessment for case management:
CiviCase provides activity-based case management within CiviCRM’s contact management infrastructure. Cases aggregate activities (interactions, tasks, communications) with configurable timelines defining expected activity sequences. Case types enable different workflow configurations for different service types.
The strength of CiviCase lies in its integration with CiviCRM’s broader functionality: contact management, communications, events, contributions, and memberships. This makes it suitable for organisations managing constituent relationships alongside case management needs.
Case roles define relationships between contacts and cases, identifying case managers, clients, and involved parties. The case dashboard provides worker-centric views of caseloads and pending activities.
Strengths:
- Integrated with comprehensive constituent management functionality
- Flexible activity-based case model
- Strong contact relationship management
- Established large user community
- No licensing costs
- Extensive extension ecosystem
Limitations:
- Limited case management depth compared to specialised tools
- No native mobile application
- No offline capability
- Requires CMS hosting (WordPress, Drupal, etc.)
- Extension dependency for some features
- Less suitable for complex case workflows
Deployment requirements:
| Component | Minimum | Recommended |
|---|---|---|
| PHP | 8.1+ | 8.2+ |
| Database | MySQL 5.7+ / MariaDB 10.4+ | MySQL 8.0+ / MariaDB 10.6+ |
| CMS | WordPress 6.0+ / Drupal 9.4+ | Current versions |
| RAM | 256MB PHP memory | 512MB+ PHP memory |
Organisational fit:
Best suited for: Nonprofits needing case management integrated with donor/member management, constituent services organisations, advocacy organisations tracking constituent interactions.
Less suitable for: Complex case management workflows, field-based mobile case work, health or protection programmes requiring specialised tools, organisations needing offline operation.
CommCare
Type: Commercial (open source codebase)
Licence: Proprietary SaaS (BSD-3-Clause codebase)
Current version: 2025.x
Documentation: https://commcare-hq.readthedocs.io
CommCare is a mobile data collection and case management platform developed by Dimagi. While the codebase is open source, most deployments use CommCare HQ SaaS. The platform is widely deployed in global health and development contexts with over one million frontline workers.
Capability assessment for case management:
CommCare’s case management builds on its XForms-based data collection engine. Cases track entities over time with properties capturing their state. Case lists and details provide worker views of their caseload. Case sharing enables team-based case management.
Application Builder enables no-code configuration of forms, case properties, and workflow logic. The expression engine provides sophisticated calculations and decision support. Scheduled forms, reminders, and automated case updates support proactive case management.
CommCare’s mobile application provides robust offline operation with sophisticated sync handling. The platform excels in challenging connectivity environments with proven performance in remote health programmes worldwide.
Strengths:
- Proven at scale in global health and development contexts
- Strong offline mobile platform with reliable sync
- Powerful application builder for no-code configuration
- Extensive integration options including DHIS2
- Comprehensive documentation and training resources
- Active development with regular releases
Limitations:
- API access requires paid plan (Standard or above)
- Case management is secondary to data collection focus
- Limited case workflow orchestration compared to dedicated tools
- Self-hosting requires significant effort
- Commercial pricing for full functionality
- Learning curve for application design
Pricing:
| Plan | Monthly cost | Users | Key features |
|---|---|---|---|
| Community | Free | Unlimited | Basic features, no API |
| Standard | ~$250 | Varies | API access, integrations |
| Pro | ~$500 | Varies | Advanced features |
| Enterprise | Custom | Unlimited | Full features, SLA |
Organisational fit:
Best suited for: Health and development programmes requiring robust mobile data collection with case tracking, organisations needing proven offline-first mobile platform, programmes at scale requiring reliable infrastructure.
Less suitable for: Organisations needing sophisticated case workflow orchestration, contexts where API access is essential but budget is limited, organisations preferring purely open source solutions.
Casebook
Type: Commercial
Licence: Proprietary
Current version: Current SaaS
Documentation: https://gohub.casebook.net
Casebook is a cloud-based case management platform designed for human services organisations. The platform provides intake, case management, service tracking, and reporting functionality tailored for social work contexts including foster care, adoption, workforce development, and community services.
Capability assessment for case management:
Casebook provides comprehensive human services case management with person-centric data modelling. Intake workflows capture initial referrals and assessments. Case records track service plans, activities, and outcomes over time. Provider networks manage external service provider relationships.
The platform includes configurable forms, workflow automation, and reporting capabilities. Integration options through REST API enable connection with external systems. Zapier integration provides no-code connections to common applications.
Mobile access through responsive web design enables field-based case work, though with limited offline capability compared to mobile-native platforms.
Strengths:
- Purpose-built for human services case management
- Modern, intuitive user interface
- Configurable without technical expertise
- Good customer support reputation
- HIPAA compliance available
- Competitive pricing for nonprofits
Limitations:
- SaaS-only deployment (no self-hosting option)
- Limited offline capability
- US-based data hosting
- Less suitable for international humanitarian contexts
- API documentation less comprehensive than alternatives
- Smaller ecosystem than larger platforms
Pricing:
Contact vendor for specific pricing. Per-user pricing model with nonprofit-appropriate rates. No free tier available.
Organisational fit:
Best suited for: US-based human services nonprofits, child welfare and adoption agencies, workforce development programmes, community service organisations needing accessible case management.
Less suitable for: International humanitarian organisations, organisations requiring data sovereignty outside US, field-heavy programmes needing robust offline operation, organisations preferring open source solutions.
Salesforce
Type: Commercial
Licence: Proprietary
Current version: Current multi-tenant SaaS
Documentation: https://developer.salesforce.com
Salesforce provides case management through Service Cloud and specialised offerings including Nonprofit Cloud and Health Cloud. The platform offers extensive customisation, integration, and automation capabilities within a large enterprise software ecosystem.
Capability assessment for case management:
Salesforce case management centres on the Case object representing customer issues or service requests. For human services contexts, Nonprofit Cloud Case Management extends this with participant management, goal tracking, and service delivery functionality using FHIR-aligned data models.
Flow Builder provides no-code workflow automation. Process automation handles case routing, escalation, and assignment. The AppExchange marketplace offers hundreds of extensions for specialised needs.
Salesforce’s strength lies in its platform capabilities: extensive customisation, powerful automation, robust API, and large ecosystem. Integration options are essentially unlimited given the platform’s prevalence.
Strengths:
- Extensive customisation and platform capabilities
- Powerful automation through Flow
- Large ecosystem with AppExchange extensions
- Strong API and integration options
- Enterprise security and compliance certifications
- Power of Us programme providing free licences to nonprofits
Limitations:
- Complexity requiring certified administrators
- Significant cost beyond free Power of Us licences
- Platform lock-in concerns
- Case management requires additional products (Service Cloud, Nonprofit Cloud)
- US-headquartered with CLOUD Act implications
- Learning curve for effective utilisation
Pricing:
| Product | Per user/month | Notes |
|---|---|---|
| Essentials | $25 | Basic CRM |
| Professional | $80 | Standard features |
| Enterprise | $165 | Advanced automation |
| Nonprofit Cloud | Varies | Case management features |
| Service Cloud | $25-300+ | Case management foundation |
Power of Us provides 10 free Enterprise licences to eligible nonprofits. Additional licences available at discounted rates.
Organisational fit:
Best suited for: Larger nonprofits with Salesforce expertise, organisations already invested in Salesforce ecosystem, programmes requiring enterprise integration capabilities.
Less suitable for: Small organisations without Salesforce expertise, field-heavy programmes needing offline operation, organisations with data sovereignty concerns about US platforms, organisations preferring open source solutions.
Selection guidance
Decision framework
+------------------+ | What is the | | primary context? | +--------+---------+ | +-------------------------+-------------------------+ | | | v v v+-------------------+ +-------------------+ +-------------------+| Humanitarian | | Health | | Social services || protection | | programmes | | general |+--------+----------+ +--------+----------+ +--------+----------+ | | | v v v+-------------------+ +-------------------+ +-------------------+| Primero | | OpenSRP or | | CommCare or || (CP/GBV standard) | | DHIS2 Tracker or | | CiviCRM or || | | OpenMRS | | Casebook |+--------+----------+ +--------+----------+ +--------+----------+ | | | v v v+-------------------+ +-------------------+ +-------------------+| Offline | | FHIR integration | | Existing || essential? | | required? | | CRM needs? |+-------------------+ +-------------------+ +-------------------+ | | | Yes: Primero Yes: OpenSRP, Yes: CiviCRM, RapidReg OpenMRS FHIR Salesforce | | | No: Primero No: DHIS2 Tracker No: CommCare, PWA sufficient if aggregate Casebook reporting priorityRecommendations by organisational context
For organisations with minimal IT capacity
Primary recommendation: Casebook or CommCare (SaaS)
These platforms minimise operational burden through managed hosting while providing accessible configuration interfaces. Casebook offers intuitive human services workflows. CommCare provides proven mobile data collection with case tracking.
Alternative: DHIS2 Tracker with hosted instance
Where health programme context and DHIS2 expertise exist through ministry partnerships, leveraging existing DHIS2 infrastructure reduces implementation complexity.
Avoid: Self-hosted FOSS solutions without implementation partner support. The operational burden of Primero, OpenMRS, or OpenSRP self-hosting exceeds typical capacity.
For organisations with established IT capacity
Primary recommendation: Context-dependent selection from full range
Evaluate based on functional fit rather than operational constraints:
- Protection programmes: Primero provides the most complete CP/GBV case management
- Health programmes: OpenSRP for FHIR-native community health, OpenMRS for clinical EMR, DHIS2 Tracker for HMIS-integrated tracking
- General social services: CiviCRM for constituent-integrated case management, CommCare for mobile-first programmes
Self-hosting considerations: With adequate technical capacity, FOSS self-hosting eliminates licensing costs and provides data sovereignty control. Budget 0.5-1 FTE for ongoing maintenance of self-hosted deployments.
For organisations with data sovereignty requirements
Primary recommendation: Self-hosted FOSS solutions (Primero, DHIS2, OpenMRS, OpenSRP, CiviCRM)
Self-hosting on organisation-controlled infrastructure (own data centre or selected cloud region) provides complete data residency control. All FOSS solutions support containerised deployment enabling flexible infrastructure choices.
Alternative: Salesforce with Shield and data residency options (at significant additional cost)
Avoid: US-headquartered SaaS without data residency controls where CLOUD Act exposure is a concern for the data types involved.
For organisations with field-heavy mobile requirements
Primary recommendation: CommCare or OpenSRP
CommCare provides the most mature offline-first mobile platform with proven reliability in challenging connectivity environments. OpenSRP offers FHIR-native health case management with strong offline operation.
Alternative: Primero with RapidReg for protection contexts
Primero’s mobile application handles offline case management for child protection and GBV programmes effectively.
Avoid: CiviCRM (no offline), Casebook (limited offline), Salesforce without Field Service (limited offline)
Migration paths
| From | To | Complexity | Approach | Timeline |
|---|---|---|---|---|
| Paper/spreadsheet | Any platform | Medium | Data cleansing, import, process redesign | 3-6 months |
| CommCare | Primero | Medium | Export cases via API, transform to Primero format | 2-4 months |
| DHIS2 Tracker | OpenSRP | Medium | FHIR-based data exchange where possible | 3-6 months |
| CiviCRM | Salesforce | High | Contact and case migration, workflow rebuild | 6-12 months |
| Salesforce | FOSS options | High | Full data export, extensive reconfiguration | 6-12 months |
| Primero | Other | Low | API-based export, good interoperability | 2-4 months |
Resources and references
Official documentation
Open source solutions
Commercial solutions
| Tool | Documentation | API reference | Nonprofit programme |
|---|---|---|---|
| CommCare | https://commcare-hq.readthedocs.io | https://commcare-hq.readthedocs.io/api/ | Contact Dimagi |
| Casebook | https://gohub.casebook.net | https://gohub.casebook.net/knowledge/api-swagger-documentation | Available |
| Salesforce | https://help.salesforce.com | https://developer.salesforce.com | https://www.salesforce.org/power-of-us/ |
Relevant standards
| Standard | Description | URL |
|---|---|---|
| HL7 FHIR R4 | Healthcare interoperability standard | https://hl7.org/fhir/R4/ |
| OpenRosa XForms | Mobile form standard | https://docs.getodk.org/openrosa/ |
| CPIMS+ | Child protection information management standards | https://www.cpims.org |
| GBVIMS+ | GBV information management standards | https://www.gbvims.com |
| Inter-Agency Guidelines | Case management and child protection guidelines | https://alliancecpha.org |
Related procurement resources
| Resource | Publisher | Description | URL |
|---|---|---|---|
| Digital Public Goods Registry | DPGA | Registry of certified digital public goods | https://digitalpublicgoods.net |
| Global Goods Guidebook | Digital Square | Guide to global health software | https://digitalsquare.org/global-goods-guidebook |
| DIAL Catalogue | Digital Impact Alliance | Open source solutions catalogue | https://solutions.dial.community |
See also
- Case Management Systems - Concept page explaining case management requirements
- Beneficiary Registration and Identity - Related registration systems
- Protection Data Principles - Security requirements for protection data
- Data Collection Tools - Related benchmark for data collection
- M&E Platforms - Related benchmark for monitoring systems