diff --git a/admin-compliance/app/sdk/document-generator/_constants.ts b/admin-compliance/app/sdk/document-generator/_constants.ts index 6f4b973..1cac223 100644 --- a/admin-compliance/app/sdk/document-generator/_constants.ts +++ b/admin-compliance/app/sdk/document-generator/_constants.ts @@ -28,11 +28,10 @@ export const CATEGORIES: { key: string; label: string; types: string[] | null }[ { key: 'social_media', label: 'Social Media DSI', types: ['social_media_dsi'] }, { key: 'whistleblower', label: 'Whistleblower', types: ['whistleblower_policy'] }, { key: 'hr_dsi', label: 'HR-Datenschutz', types: ['applicant_dsi', 'employee_dsi'] }, - { key: 'ai_governance', label: 'KI-Governance', types: ['ai_usage_policy'] }, { key: 'isms', label: 'ISMS', types: ['isms_manual'] }, { key: 'consent_texts', label: 'Einwilligungen', types: ['consent_texts'] }, { key: 'special_dsi', label: 'Spezial-DSI', types: ['video_conference_dsi'] }, - { key: 'internal_policies', label: 'Interne Richtlinien', types: ['byod_policy'] }, + { key: 'internal_policies', label: 'Interne Richtlinien', types: ['byod_policy', 'ai_usage_policy'] }, { key: 'module_docs', label: 'Konzepte', types: ['vvt_register', 'loeschkonzept', 'pflichtenregister', 'it_security_concept', 'data_protection_concept', 'backup_recovery_concept', 'logging_concept', 'incident_response_plan', 'access_control_concept', 'risk_management_concept'] }, { key: 'security_policies', label: 'Sicherheitsrichtlinien', types: ['information_security_policy', 'access_control_policy', 'password_policy', 'encryption_policy', 'cybersecurity_policy'] }, { key: 'hr_policies', label: 'HR-Richtlinien', types: ['employee_security_policy', 'security_awareness_policy', 'remote_work_policy', 'offboarding_policy'] }, diff --git a/admin-compliance/app/sdk/document-generator/examples/dpa_de.json b/admin-compliance/app/sdk/document-generator/examples/dpa_de.json new file mode 100644 index 0000000..cc868aa --- /dev/null +++ b/admin-compliance/app/sdk/document-generator/examples/dpa_de.json @@ -0,0 +1,36 @@ +{ + "document_type": "dpa", + "language": "de", + "context": { + "DPA": { + "AG_NAME": "Muster GmbH", + "AG_STRASSE": "Musterstrasse 1", + "AG_PLZ_ORT": "10115 Berlin", + "AN_NAME": "BreakPilot GmbH", + "AN_STRASSE": "Hardtring 6", + "AN_PLZ_ORT": "78224 Singen", + "VERARBEITUNGSGEGENSTAND": "Bereitstellung und Betrieb einer SaaS-Compliance-Plattform", + "VERARBEITUNGSZWECK": "Compliance-Management, Dokumentengenerierung, Risikobewertung", + "VERARBEITUNGSARTEN": "Erheben, Speichern, Veraendern, Auslesen, Abfragen, Uebermitteln, Loeschen", + "DATENKATEGORIEN": "Stammdaten, Kontaktdaten, Vertragsdaten, Nutzungsdaten, Kommunikationsdaten", + "PERSONENKATEGORIEN": "Mitarbeitende des Auftraggebers, Kunden des Auftraggebers, Ansprechpartner", + "BREACH_NOTIFICATION_HOURS": 24, + "INSTRUCTION_RETENTION_YEARS": 3, + "SUB_PROCESSOR_NOTICE_WEEKS": 4, + "SUB_PROCESSOR_OBJECTION_WEEKS": 2, + "DATA_EXPORT_FORMAT": "CSV/JSON", + "RETURN_CHOICE_WEEKS": 4, + "DELETION_DAYS": 90, + "AN_DSB_NAME": "Max Mustermann", + "AN_DSB_EMAIL": "datenschutz@breakpilot.ai", + "VERTRAGSDATUM": "2026-05-01", + "AG_ORT": "Berlin", + "AN_ORT": "Singen", + "AG_UNTERZEICHNER_NAME": "Anna Beispiel", + "AG_UNTERZEICHNER_FUNKTION": "Geschaeftsfuehrerin", + "AN_UNTERZEICHNER_NAME": "Benjamin Boenisch", + "AN_UNTERZEICHNER_FUNKTION": "Geschaeftsfuehrer", + "GERICHTSSTAND": "Singen" + } + } +} diff --git a/admin-compliance/app/sdk/document-generator/examples/tom_de.json b/admin-compliance/app/sdk/document-generator/examples/tom_de.json new file mode 100644 index 0000000..09f5aee --- /dev/null +++ b/admin-compliance/app/sdk/document-generator/examples/tom_de.json @@ -0,0 +1,30 @@ +{ + "document_type": "tom_documentation", + "language": "de", + "context": { + "TOM": { + "ISB_NAME": "Thomas Sicher", + "GF_NAME": "Benjamin Boenisch", + "DOCUMENT_VERSION": "2.0.0", + "NEXT_REVIEW_DATE": "2027-05-01", + "HAS_MFA": true, + "HAS_USB_LOCKED": false, + "HAS_MOBILE_MEDIA": false, + "HAS_FOUR_EYES_DELETE": true, + "HAS_EXTERNAL_DESTRUCTION": true, + "HAS_PHYSICAL_TRANSPORT": false, + "HAS_THIRD_COUNTRY_TRANSFER": false, + "HAS_CLOUD_SERVICES": true, + "HAS_REDUNDANCY": true, + "HAS_GEO_REDUNDANCY": false, + "HAS_USV": true, + "HAS_OWN_SERVER_ROOM": true, + "HAS_MULTI_TENANT": true, + "HAS_TEST_DATA_ANONYMIZED": true, + "LOG_RETENTION_MONTHS": 12, + "DIN_66399_LEVEL": "4", + "AVAILABILITY_TARGET": "99.9", + "SEPARATION_TYPE": "logisch" + } + } +} diff --git a/admin-compliance/app/sdk/document-generator/examples/whistleblower_de.json b/admin-compliance/app/sdk/document-generator/examples/whistleblower_de.json new file mode 100644 index 0000000..dc8cb89 --- /dev/null +++ b/admin-compliance/app/sdk/document-generator/examples/whistleblower_de.json @@ -0,0 +1,18 @@ +{ + "document_type": "whistleblower_policy", + "language": "de", + "context": { + "PROVIDER": { + "LEGAL_NAME": "Muster GmbH" + }, + "FEATURES": { + "WHISTLEBLOWER_CONTACT_NAME": "Dr. Maria Compliance", + "WHISTLEBLOWER_CONTACT_ROLE": "Compliance-Beauftragte / Meldestellenbeauftragte", + "WHISTLEBLOWER_EMAIL": "meldestelle@muster.de", + "WHISTLEBLOWER_PHONE": "+49 123 456789", + "WHISTLEBLOWER_URL": "https://muster.de/meldestelle", + "HAS_ANONYMOUS_REPORTING": true, + "HAS_EXTERNAL_REPORTING": true + } + } +} diff --git a/admin-compliance/app/sdk/document-generator/scopeDefaults.ts b/admin-compliance/app/sdk/document-generator/scopeDefaults.ts index b67aba1..f6d1fda 100644 --- a/admin-compliance/app/sdk/document-generator/scopeDefaults.ts +++ b/admin-compliance/app/sdk/document-generator/scopeDefaults.ts @@ -268,3 +268,53 @@ export function getProfileLabel(level: ComplianceDepthLevel): string { } return labels[level] } + +/** + * Empfiehlt relevante Dokumenttypen basierend auf dem Compliance-Level. + * Hilft dem Kunden zu verstehen, welche Dokumente er braucht. + */ +export function getRecommendedDocuments(level: ComplianceDepthLevel): { + required: string[] + recommended: string[] + optional: string[] +} { + const always = [ + 'privacy_policy', 'impressum', 'agb', 'cookie_banner', 'cookie_policy', + ] + const l2plus = [ + 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', + 'community_guidelines', 'terms_of_use', + ] + const l3plus = [ + 'it_security_concept', 'data_protection_concept', 'incident_response_plan', + 'access_control_concept', 'backup_recovery_concept', 'logging_concept', + 'risk_management_concept', 'pflichtenregister', + 'password_policy', 'encryption_policy', 'information_security_policy', + 'access_control_policy', 'whistleblower_policy', + 'employee_dsi', 'applicant_dsi', 'ai_usage_policy', + ] + const l4only = [ + 'isms_manual', 'cybersecurity_policy', 'byod_policy', + 'dsfa', 'social_media_dsi', 'media_content_policy', + 'video_conference_dsi', 'consent_texts', + 'data_protection_policy', 'data_classification_policy', + 'data_retention_policy', 'data_transfer_policy', + 'privacy_incident_policy', 'employee_security_policy', + 'security_awareness_policy', 'remote_work_policy', + 'offboarding_policy', 'vendor_risk_management_policy', + 'third_party_security_policy', 'supplier_security_policy', + 'business_continuity_policy', 'disaster_recovery_policy', + 'crisis_management_policy', + ] + + switch (level) { + case 'L1': + return { required: always, recommended: [], optional: l2plus } + case 'L2': + return { required: always, recommended: l2plus, optional: l3plus } + case 'L3': + return { required: [...always, ...l2plus], recommended: l3plus, optional: l4only } + case 'L4': + return { required: [...always, ...l2plus, ...l3plus], recommended: l4only, optional: [] } + } +}