Product Documentation for Cybercom Compliance Portal


1. Description

This document describes CCP, CCP Maintenance, Service Desk and Support Assistance Hours. Licensor reserves the right to update and change this document as CCP develops.

2. About CCP

CCP is a GRC-tool, i.e. a tool for inventory of requirement fulfilment supporting work within the fields of Governance, Risk and Compliance.

CCP allows the Licensee to work with compliance in a structured manner towards different kinds of regulations and compliance areas. The tool supports risk analysis and may provide decision support in the form of action analysis.

CCP will support Licensee in its work with compliance in various subject areas, but since CCP is a support tool only, Licensee will remain solely responsible for how CCP is used in its business operations and that the compliance results generated by CCP are adequate and fit for Licensee's intended purposes and that Licensee will comply with regulation or law of the subject area(s) for which CCP is used.

3. Subject area

CCP may be licensed for various subject areas. Examples of subject areas are Information Security, Data Protection, Environmental Management, Social Responsibility and Occupational Health. A subject area may also be a specific quality standard, ISO or other standard, for example:

The Subject Area/-s for which the CCP is licensed is/are specified in the Agreement. In the event that Licensee would like to extend the use of CCP to other Subject Areas, such an extended use will be subject to additional terms and conditions and License Fees as specified by Licensor upon order.

4. Functionality in CCP

An overview of the functionalities in CCP is found in the table below.

Licensee's right to use CCP is limited by the number of Administrator User(s) and Respondent User(s) specified in the Agreement. Licensee may however create own user roles within CCP and name these roles to fit its needs. For the sake of clarity, every role that can do (at least) what an Administrator User is entitled to do as defined in the Agreement shall be classified as an Administrator User (regardless of what his/her role is named) and all other users shall be classified as Respondent Users.

The term User refers to all users in CCP (i.e. both Administrator User and Respondent User).

AREA FUNCTIONALITY DESCRIPTION

Home

Your declarations/risks/actions

Where Respondent Users can view their assigned declarations/risks/actions, and open and fill in the same.

 

Your assistance request

Where Users can view, open and fill their declarations/risks/actions forwarded to them from another User.

  Documents

Area where a User can find documents added to a group by an Administrator User. It can for example be User manuals.

 

Status Overview

Graphical presentation of a filled-out declaration.

 

Risk assessment/ Risk/action Manager

Perform a risk assessment for the Respondent Users declaration/risks/actions

 

Print declaration

Ability to print a declaration/risk/action.

Self service

Self service view

Area where Respondent Users can assign themselves declarations from public templates published by an Administrator User.

Templates

Declaration template

Area where Administrator User can edit and administrate declaration templates.

 

Risk template

Area where Administrator User can edit and administrate risk templates.

 

Action template

Area where Administrator User can edit and administrate action templates.

 

Export

Ability to export a template.

 

Import

Ability to import an exported template.

 

Create new template

Ability to create new templates.

 

Risk assessment/ Risk/action Manager

Settings for performing risk assessments, as well as the performing of risk assessments.

 

Uploaded files

View over the files that have been uploaded to declarations/risks/actions based on the template.

 

Status overview

Graphical presentation of the result of filled out declarations. A view where Administrator Users can see all declarations/risks/actions created based on the template.

 

Conditional questions

Ability to control conditional questions.

 

Add to history

Ability to create a snapshot over filled out declarations/risks/actions based on the template.

 

Edit

Ability to make changes to the administrative properties for a template, e.g. name, expiration date, Administrator Users for the template etc.

 

Notifications

Administrator User can decide when reminders to answer a declaration/risk/action should be sent to the Respondent Users.

 

Template configuration

Ability to adjust basic configurations of the template and translate it to another language.

 

Edit structure

Ability to edit the template's structure and content.

 

Standard risks/actions

Ability to create and set rules for standard risks and actions.

 

Delete

Ability to delete a template.

Waiting declarations

Waiting declarations

Area where declarations assigned to a Respondent User by email will end up until the Respondent User has logged into CCP.

Declarations/Risks/ Actions

Declarations/risks/actions

Area where all declarations/risks/actions sent to Respondent Users can be found and possible to administrate.

 

Group Declarations/Risks/actions

Area where all declarations/risks/actions sent to a group of Respondent Users can be found and possible to administrate.

 

Standard risks/actions based on risk/action templates

Area where all standard risks/actions can be found and possible to administrate (i.e. add default values).

 

Create new declaration/risk/action

Ability to create a new declaration/risk/action, i.e. assigning a Respondent User a new declaration.

 

Export all declarations/risks/actions details to Excel

Export all declarations details to Excel.

 

Risk Assessment

Ability to perform a risk assessment based on a filled-out declarations.

 

Risk assessment reports

Show all existing risk assessment reports performed based on the filled-out declaration.

 

Borrow

Ability to borrow a declaration/risk/action from another user to fill-out answers.

 

Generate report

Generate reports based on answers to declarations/risks/actions of a template.

 

Copy

Ability to copy a declaration/risk/action.

 

Print

Ability to print a declaration/risk/action.

 

Compare historical data

Ability to compare two snapshots of a declaration's/risk's/action's answers.

 

Add to history

Ability to create a snapshot of a declaration's/risk's/action's answers.

 

Edit

Ability to edit the administrative properties for a declaration/risk/action, e.g. name, expiration date etc.

 

Delete

Ability to delete a declaration/risk/action.

Score card

Scorecard

Ability to visually present results and filter information.

 

Declaration feedback

Create new declaration feedback

 

Management object

Create new management object

 

Numerical intersection

Add intersection

 

Graphical intersection

Add intersection

Admin

Users

Area to manage Users of the Service.

 

Create new user

Create new User manually.

 

Edit

Ability to edit a User's properties, e.g. name, access right, group belongings etc.

 

Delete

Ability to delete a User.

 

Groups

Area to manage groups in the Service.

 

Create new group

Create new group manually.

 

Edit

Ability to edit a group, e.g. name, group members, administrators of the group etc.

 

Delete

Ability to delete a group.

 

Parameters

Manage which views that will be shown for each User category. E.g. the Template view shall only be shown to Administrator Users.

 

Settings

Settings, e.g. name and address for emails sent from the Service, log level, information in footer, logotype to show etc.

 

Logs view

Logs view.

 

System message

Ability for Administrator User to select a message to be displayed at the top of each page.

 

Report scripts

Area where to handle reports that can be created based on filled-out declarations/risks/actions.

 

Report templates

Area where to handle reports that can be created based on filled-out declarations/risks/actions.

 

5. Server environment

Licensee is responsible for the server environment in which CCP is installed. The server environment shall fulfill the following software, hardware and other requirements for CCP to be able to function properly.

Software requirements

  • Operating system: Ubuntu version 14.04 LTS, Debian version 7, Red Hat version 7 or CentOs version 7.x
  • Web server: Apache version 2.2 or 2.4
  • Script/code: PHP version 5,4 or 5,5 with mysql connector package (php-mysql)
  • Database: MySQL Database version 5.5 / MariaDb version 5.5
  • Python version 3.5 or higher with the following libraries:
    - bokeh
    - pandas
    - openpyxl
    - python-pptx
    - plotly
    - ipython
    - python-docx
    - html2text
    - numpy
    - scipy
    - datetime

Hardware requirements

The below is a minimum requirement but should be adjusted to the amount of Licensee data.

The following specifications is required for 5 simultaneous users:

  • Minimum CPU approx. 2,8GHz single-Core (approx. ~5000 MIPS)
  • Minimum 2 GB Memory exclusive operative system
  • Minimum 20 GB Disk exclusive operative system
  • The above numbers are based on a virtual instance with VMware

Other

The Licensee is responsible for web browsers being installed and configured in a way that does not interfere with the ability to work with CCP. CCP supports browser types Internet Explorer version 11 and newer and Chrome version 35 and newer.

6. Access to CCP

Licensee may not access functions or code of the CCP other than through the designated API or GUI of CCP.

7. Third Party Software

CCP includes or is bun­dled with the Third Party Software (open source software) listed under the link “Copy right notices” in the footer of the CCP. Specific license term will apply to such Third Party Software.

Find the license terms and conditions for the Third Party software in the footer of the CCP.

In case Licensor would include or bundle CCP with additional or new Third Party Software this will be communicated to the Licensee in the release notes for each new release of CCP.

8. Delivery

Licensor provides an installation package of CCP for installation in Licensee’s own server environment. The installation package will be put on a Cybercom FTP Server. Licensee will be given a user account and password to download and install the installation package from the FTP Server.

9. Maintenance and support

Licensor will provide CCP Maintenance and make Service Desk available during the Term specified in the Agreement. In addition and upon specific order Licensor may also provide Support Assistance Hours.

9.1 CCP Maintenance

CCP Maintenance includes new releases, error corrections, and patches and updates that Licensor makes generally available under its maintenance program for CCP.

CCP Maintenance components shall be downloaded and installed by Licensee without delay in accordance with instructions from Licensor. The installation package will be put on a Cybercom FTP Server. Licensee will be given a user account and password to download and install the maintenance package. Release notes and relevant instructions are made available as necessary by Licensor.

9.2  Service Desk

Service Desk is the point of contact at Licensor to which Licensee can report errors and improvement suggestions for CCP. Service Desk can be reached via email to servicedesk@cybercomgroup.com. For sake of clarity, Service Desk cannot be contacted via telephone.

Licensee can, unless otherwise has been agreed, appoint maximum three (3) contact persons that are authorized to contact Service Desk. These contact persons shall be authorized to act on behalf of Licensee in all matters relating to CCP and the services herein. The Licensee shall notify Licensor via Service Desk of any change of contact person.

Service Desk is available during Licensor’s normal business days, 8:00 AM through 5:00 PM CET, excluding Saturday and Sunday and Swedish national holidays.

Service Desk operates and responds to queries upon a best effort basis and does not undertake to review, answer or solve reported errors or improvement suggestions within any specific response or resolution time.

Upon the first contact with Service Desk Licensee shall provide a notice of error. The notice of error shall contain sufficient information and be clarified and complemented by Licensee upon request, on computer-readable media for Licensor to be able to reproduce the problem or error.

In the event that Licensee requests to include additional contact persons or where Licensee requests more extensive support services than specified in the Agreement, Licensor reserves the right to charge additional fees and to request that Licensee enters into an additional services agreement for such services.

9.3 Support Assistance Hours

Support Assistance Hours are support services specifically tailored to support the Licensee’s specific needs relating to CCP, e.g. initial set-up, questionnaire support or installation services. Support Assistance Hours are (if any are ordered) limited to the number of hours specified in the Agreement and are made available to Licensee upon request and within reasonable time from such a request.

A request for Support Assistance Hours shall, if the parties have specified in the Agreement that such hours are included in Licensee Fee, be emailed by Licensee to Service Desk via email to servicedesk@cybercomgroup.com

If agreed in writing (email is accepted) a request for Support Assistance Hours may also be emailed to a specific contact person at Licensor whose name has been provided to Licensee.