Releasenotes 1.20.1 Wagner¶
Released on: 08.02.21 22:00:00
1. additional values for the modules DP, TOM and ADT¶
For the modules with user data, there were already implicit additional values such as uploads (attachments), linked documents and keywords. User data or documents (processing, TOM questionnaire, etc.) can thus be flexibly enriched with additional data. This was implicitly already created in Privacysoft for a long time, but was partially hidden in different masks or was not available in the same way in all modules. Especially on the level of questions of a document, only uploads and selective links (e.g. VV question linked to TOM) were possible until now.
With the current release a unification as well as a broadening of all existing as well as new additional values finds its way into the software. The functionality has been extended in particular by the new additional value 'Comment'.
The aim of the feature is to merge the different documentations in the respective modules and to work out the holistic nature of the documentation. The additional value feature is only available for the 'modern' interface. Already existing additional values from the 'classic' interface are synchronous, but there are significantly fewer options or only the already existing (eg upload). An extension of the 'classic' interface has deliberately not taken place here and will also no longer take place.
The entry point for all additional values is the dark gray button field with the symbols for 'Upload', 'Link' and 'Comment' and the already known symbol for 'Keyword'. On the document level, a list of keywords is displayed below the button field as before; on the question level, the same button field is used, but without the list of keywords.
For the moment, additional values are only released for the Processing (DP), Techn. org. measures (TOM), Data privacy impact assessment (DSFA) and Audit (ADT) modules. An enhancement for the Contract Processing (AV) module will be included in the upcoming release. Also, three more additional value types will be added in the upcoming release.
In the following, all additional value types are listed briefly for themselves.
Since 2018, Privacysoft offers the possibility to mark documents with a 'keyword'. This allows a user to flexibly structure the documentation status in the software according to her own considerations (e.g. keyword 'Bochum branch') or to weight it (e.g. keyword 'High risk').
Keywords (tags) can now be assigned for the first time even for individual questions in documents. In addition, keywords can be color-coded or highlighted. Finally, the possibility to navigate through the database by keywords has also been added. Cf. '#3. Keywords as navigation aid' below.
1.2 Uploads / Attachments¶
'Uploads'' have always been possible for documents (DP, TOM, ADT, etc.) as well as partially for questions. With the additional value feature, these have been made equal: the same control or unified operation now applies to all document types and questions.
The upload step allows uploading by drag-and-drop or as before by file selection. In the display it is possible to switch between active and archived files. In addition, attached files can also be deleted again here, provided that the user is authorized to do so.
1.3 Links to existing documents¶
'Links' allow linking a document to another document. This was previously only possible at document level, but now it also works for questions in a document. For example, it is now possible to link the corresponding TOM questionnaire(s) directly from question 12 of a processing '12. data security / additional technical and org. measures'.
Completely new in the current version is the feature to provide documents as well as questions with 'comments'. This allows the DPO, for example, to add a comment clarifying a question that has been answered in an unclear manner, or to request the answerer to answer the question again. In the case of a complete document, it is possible, for example, to show why it was not released or, optionally, to implement a history of the edits.
Any user who is allowed to modify the document is also allowed to add comments. However, comments are ephemeral in nature and are intended as an object-centric means of communication within the software. Comments are deliberately not listed in reports.
2. Overview page of all additional values per document¶
Since the possibilities of the additional values, as described above, are significantly expanded, a new Document overview page has been created for this purpose. This is currently available for the modules 'DP' and 'TOM'. The functionality will find its way into other modules in future versions.
Users reach the Overview page via the button list at the top right, at the right margin with the symbol 'Directory / Folder'. In addition to a short version of the header data, the view offers an 'Overview of the entire document' and - if available - an 'Overview of the individual questions' below it.
Additional values are counted, can be edited centrally here and can be used in an overall view for the document. Especially when using the comment function, this view is very efficient for dealing with comments for individual questions ideally suited.
3. Keywords as navigation aid¶
Via the menu item 'Keywords' in the people menu, it was previously possible to view a list of the existing / used keywords. However, navigation via the keywords was not yet possible.
This navigation function has now been added to the existing list. Clicking on a keyword opens - grouped by modules - a list of documents that have been 'tagged' with the keyword and for which the user is authorized. The tagged target document is 'clickable' and is displayed with its name, the company as well as the department and the responsible contact. The list of keywords thus links to the corresponding documents over several levels and thus enables the viewing of all documents per linked keyword.
4. Excel import in the TOM module¶
All modules now offer the possibility to export user data / content via Excel (.xlsx). In particular for the Module TOM the possibility was additionally created to be able to re-import contents again. In addition to the previously known four formats of Excel data, the new (generic) export format ('Matrix') is now also supported. This means that, for example, data can be exported from one company in the same client, edited in the structural framework of the Excel file if necessary (no structural changes allowed!), and then re-imported into another company in the same client. The procedure has the same effect as a copy of a TOM between two companies.
This is not a new functionality per se; however, the existing one has been adapted to the new Export format. The existing Import formats have not changed and are also covered in the new wizard. To import a TOM, please select the 'Import Excel' button right at the beginning of the wizard on the 1st page. The file is first structurally checked and errors are reported if necessary. If no errors are detected, the familiar 'Create new wizard' is run through.
5. New functionality 'Forgot login name¶
In addition to the well-known function 'Forgot password', the function 'Forgot login name' is now also offered on the login page.
In practice, it sometimes happens that a user has also forgotten her login name. The 'Access Wizard', which starts after clicking on the link below the login window, therefore first asks for the client number and the email address of the user. The button 'Send email' causes the system to send an email to this address, if there is an account for the combination of client number and email address. The email contains, besides client number and login name, also a link, with the help of which a new password can be set immediately.
The same functionality can also be found in the training module (optional), because especially here training users often forget the login information.
6. Fast switchability of the interface per user¶
Until now, when changing the 'User configuration | Interface' it was always necessary to re-read the user settings by logging out and then logging back in. This has now been made easier in that a change to the interface in the 'User Configuration' wizard takes effect at the same time, i.e. the interface changes as soon as the user returns to the start page - without logging off and logging back in.
7. Login 'brute-force' protection¶
For quite some time, there was already the function that the system logs or, if a number of failed attempts is exceeded, sends an email to the operator of the servers as soon as a user tries to log in more than 10 times unsuccessfully.
This function has now been tightened in that after 3 incorrect logins the respective user account will be locked** for 15 minutes for any further login. After the 15 minutes have expired, a login can be attempted again. Attacks' are thus much more complex or run more slowly. The protection serves the security of the documentation data deposited in Privacsoft and is not to annoy anybody!
Valid users who have simply forgotten their password are advised to select the 'Forgot password' link. This will allow you to immediately unlock a locked account with a new password.
1. Ticket, multiple shipping¶
In the Ticket (TICK) module, under very specific circumstances, the same login link could be sent multiple times to all guest users. No security problem arose, but the first guest user 'burned' the link, i.e. the other guest users could no longer access the link. The problem was fixed by giving each potential guest user a different / own login link.
2. Multiple selection in DP, no change stamp¶
Under certain circumstances it could happen that a change in multiple selection in the Processings (DP) module was saved but the user who made the change was not logged correctly. This has now been fixed.
3. Extend ticket through DPO¶
Under special conditions it could happen that the extension of a ticket was not possible even for a DPO. This has been rectified.
4. Comments in the audit report¶
Comments on ad-hoc audits were not printed in the respective report until now. This has now been corrected.