diff --git a/admin-compliance/app/sdk/_components/PresetSection.tsx b/admin-compliance/app/sdk/_components/PresetSection.tsx index 2c882dd..9b2a5bb 100644 --- a/admin-compliance/app/sdk/_components/PresetSection.tsx +++ b/admin-compliance/app/sdk/_components/PresetSection.tsx @@ -3,46 +3,7 @@ import { useState } from 'react' import Link from 'next/link' import { COMPANY_PROFILE_PRESETS, type CompanyProfilePreset } from '@/lib/sdk/company-profile-presets' - -const DOC_LABELS: Record = { - privacy_policy: { label: 'Datenschutzerklaerung', category: 'Website' }, - impressum: { label: 'Impressum', category: 'Website' }, - agb: { label: 'AGB', category: 'Vertraege' }, - cookie_policy: { label: 'Cookie-Richtlinie', category: 'Website' }, - cookie_banner: { label: 'Cookie-Banner-Texte', category: 'Website' }, - dpa: { label: 'AVV (Auftragsverarbeitung)', category: 'Vertraege' }, - nda: { label: 'Geheimhaltungsvereinbarung', category: 'Vertraege' }, - sla: { label: 'Service Level Agreement', category: 'Vertraege' }, - terms_of_use: { label: 'Nutzungsbedingungen', category: 'Vertraege' }, - community_guidelines: { label: 'Community Guidelines', category: 'Plattform' }, - acceptable_use: { label: 'Acceptable Use Policy', category: 'Plattform' }, - widerruf: { label: 'Widerrufsbelehrung', category: 'E-Commerce' }, - employee_dsi: { label: 'Mitarbeiter-DSI', category: 'HR' }, - applicant_dsi: { label: 'Bewerber-DSI', category: 'HR' }, - whistleblower_policy: { label: 'Whistleblower-Richtlinie', category: 'HR' }, - tom_documentation: { label: 'TOM-Dokumentation', category: 'Compliance' }, - vvt_register: { label: 'Verarbeitungsverzeichnis', category: 'Compliance' }, - loeschkonzept: { label: 'Loeschkonzept', category: 'Compliance' }, - dsfa: { label: 'Datenschutz-Folgenabschaetzung', category: 'Compliance' }, - pflichtenregister: { label: 'Pflichtenregister', category: 'Compliance' }, - isms_manual: { label: 'ISMS-Handbuch', category: 'Sicherheit' }, - social_media_dsi: { label: 'Social-Media-DSI', category: 'Marketing' }, - transfer_impact_assessment: { label: 'Transfer Impact Assessment', category: 'Drittland' }, - media_content_policy: { label: 'Medien-Richtlinie', category: 'Plattform' }, - cloud_service_agreement: { label: 'Cloud-Vertrag', category: 'Vertraege' }, -} - -const CATEGORY_COLORS: Record = { - Website: 'bg-blue-50 text-blue-700', - Vertraege: 'bg-purple-50 text-purple-700', - Plattform: 'bg-indigo-50 text-indigo-700', - 'E-Commerce': 'bg-green-50 text-green-700', - HR: 'bg-amber-50 text-amber-700', - Compliance: 'bg-red-50 text-red-700', - Sicherheit: 'bg-gray-100 text-gray-700', - Marketing: 'bg-pink-50 text-pink-700', - Drittland: 'bg-orange-50 text-orange-700', -} +import { DOC_LABELS, CATEGORY_COLORS } from './doc-labels' export function PresetSection({ projectId }: { projectId?: string }) { const [selectedPreset, setSelectedPreset] = useState(null) diff --git a/admin-compliance/app/sdk/_components/doc-labels.ts b/admin-compliance/app/sdk/_components/doc-labels.ts new file mode 100644 index 0000000..be1c3cb --- /dev/null +++ b/admin-compliance/app/sdk/_components/doc-labels.ts @@ -0,0 +1,127 @@ +/** + * Complete mapping of all document template types to display labels and categories. + * Used by PresetSection to show categorized document previews. + */ + +export const DOC_LABELS: Record = { + // ── Website ────────────────────────────────────────────────────── + privacy_policy: { label: 'Datenschutzerklaerung', category: 'Website' }, + impressum: { label: 'Impressum', category: 'Website' }, + cookie_policy: { label: 'Cookie-Richtlinie', category: 'Website' }, + cookie_banner: { label: 'Cookie-Banner-Texte', category: 'Website' }, + + // ── Vertraege ──────────────────────────────────────────────────── + agb: { label: 'AGB', category: 'Vertraege' }, + dpa: { label: 'AVV (Auftragsverarbeitung)', category: 'Vertraege' }, + nda: { label: 'Geheimhaltungsvereinbarung', category: 'Vertraege' }, + sla: { label: 'Service Level Agreement', category: 'Vertraege' }, + terms_of_use: { label: 'Nutzungsbedingungen', category: 'Vertraege' }, + cloud_service_agreement: { label: 'Cloud-Vertrag', category: 'Vertraege' }, + data_usage_clause: { label: 'Datennutzungsklausel', category: 'Vertraege' }, + + // ── Plattform ──────────────────────────────────────────────────── + community_guidelines: { label: 'Community Guidelines', category: 'Plattform' }, + acceptable_use: { label: 'Acceptable Use Policy', category: 'Plattform' }, + media_content_policy: { label: 'Medien-Richtlinie', category: 'Plattform' }, + copyright_policy: { label: 'Urheberrechtsrichtlinie', category: 'Plattform' }, + + // ── E-Commerce ─────────────────────────────────────────────────── + widerruf: { label: 'Widerrufsbelehrung', category: 'E-Commerce' }, + + // ── HR / Personal ──────────────────────────────────────────────── + employee_dsi: { label: 'Mitarbeiter-DSI', category: 'HR' }, + applicant_dsi: { label: 'Bewerber-DSI', category: 'HR' }, + whistleblower_policy: { label: 'Whistleblower-Richtlinie', category: 'HR' }, + employee_security_policy: { label: 'Mitarbeiter-Sicherheitsrichtlinie', category: 'HR' }, + security_awareness_policy: { label: 'Security-Awareness-Richtlinie', category: 'HR' }, + remote_work_policy: { label: 'Remote-Work-Richtlinie', category: 'HR' }, + offboarding_policy: { label: 'Offboarding-Richtlinie', category: 'HR' }, + + // ── Datenschutz (DSGVO) ────────────────────────────────────────── + tom_documentation: { label: 'TOM-Dokumentation', category: 'Datenschutz' }, + vvt_register: { label: 'Verarbeitungsverzeichnis', category: 'Datenschutz' }, + loeschkonzept: { label: 'Loeschkonzept', category: 'Datenschutz' }, + dsfa: { label: 'Datenschutz-Folgenabschaetzung', category: 'Datenschutz' }, + pflichtenregister: { label: 'Pflichtenregister', category: 'Datenschutz' }, + data_protection_concept: { label: 'Datenschutzkonzept', category: 'Datenschutz' }, + consent_texts: { label: 'Einwilligungstexte', category: 'Datenschutz' }, + informationspflichten: { label: 'Informationspflichten', category: 'Datenschutz' }, + verpflichtungserklaerung: { label: 'Verpflichtungserklaerung', category: 'Datenschutz' }, + social_media_dsi: { label: 'Social-Media-DSI', category: 'Datenschutz' }, + video_conference_dsi: { label: 'Videokonferenz-DSI', category: 'Datenschutz' }, + + // ── Daten-Policies ─────────────────────────────────────────────── + data_protection_policy: { label: 'Datenschutzrichtlinie', category: 'Daten-Governance' }, + data_classification_policy: { label: 'Datenklassifizierung', category: 'Daten-Governance' }, + data_retention_policy: { label: 'Aufbewahrungsrichtlinie', category: 'Daten-Governance' }, + data_transfer_policy: { label: 'Datentransfer-Richtlinie', category: 'Daten-Governance' }, + privacy_incident_policy: { label: 'Datenschutzvorfall-Richtlinie', category: 'Daten-Governance' }, + + // ── Betroffenenrechte ──────────────────────────────────────────── + dsr_process_art15: { label: 'Auskunftsrecht (Art. 15)', category: 'Betroffenenrechte' }, + dsr_process_art16: { label: 'Berichtigungsrecht (Art. 16)', category: 'Betroffenenrechte' }, + dsr_process_art17: { label: 'Loeschungsrecht (Art. 17)', category: 'Betroffenenrechte' }, + dsr_process_art18: { label: 'Einschraenkungsrecht (Art. 18)', category: 'Betroffenenrechte' }, + dsr_process_art19: { label: 'Mitteilungspflicht (Art. 19)', category: 'Betroffenenrechte' }, + dsr_process_art20: { label: 'Datenportabilitaet (Art. 20)', category: 'Betroffenenrechte' }, + dsr_process_art21: { label: 'Widerspruchsrecht (Art. 21)', category: 'Betroffenenrechte' }, + + // ── IT-Sicherheit (Konzepte) ───────────────────────────────────── + it_security_concept: { label: 'IT-Sicherheitskonzept', category: 'IT-Sicherheit' }, + backup_recovery_concept: { label: 'Backup- & Recovery-Konzept', category: 'IT-Sicherheit' }, + logging_concept: { label: 'Logging-Konzept', category: 'IT-Sicherheit' }, + incident_response_plan: { label: 'Incident-Response-Plan', category: 'IT-Sicherheit' }, + access_control_concept: { label: 'Zugriffskonzept', category: 'IT-Sicherheit' }, + risk_management_concept: { label: 'Risikomanagement-Konzept', category: 'IT-Sicherheit' }, + isms_manual: { label: 'ISMS-Handbuch', category: 'IT-Sicherheit' }, + + // ── IT-Sicherheit (Policies) ───────────────────────────────────── + information_security_policy: { label: 'Informationssicherheitsrichtlinie', category: 'IT-Policies' }, + access_control_policy: { label: 'Zugriffskontrollrichtlinie', category: 'IT-Policies' }, + password_policy: { label: 'Passwortrichtlinie', category: 'IT-Policies' }, + encryption_policy: { label: 'Verschluesselungsrichtlinie', category: 'IT-Policies' }, + logging_policy: { label: 'Protokollierungsrichtlinie', category: 'IT-Policies' }, + backup_policy: { label: 'Datensicherungsrichtlinie', category: 'IT-Policies' }, + incident_response_policy: { label: 'Incident-Response-Richtlinie', category: 'IT-Policies' }, + change_management_policy: { label: 'Change-Management-Richtlinie', category: 'IT-Policies' }, + patch_management_policy: { label: 'Patch-Management-Richtlinie', category: 'IT-Policies' }, + asset_management_policy: { label: 'Asset-Management-Richtlinie', category: 'IT-Policies' }, + cloud_security_policy: { label: 'Cloud-Security-Richtlinie', category: 'IT-Policies' }, + devsecops_policy: { label: 'DevSecOps-Richtlinie', category: 'IT-Policies' }, + secrets_management_policy: { label: 'Secrets-Management-Richtlinie', category: 'IT-Policies' }, + vulnerability_management_policy: { label: 'Schwachstellenmanagement', category: 'IT-Policies' }, + + // ── Lieferanten / Drittanbieter ────────────────────────────────── + vendor_risk_management_policy: { label: 'Lieferanten-Risikomanagement', category: 'Lieferanten' }, + third_party_security_policy: { label: 'Drittanbieter-Sicherheit', category: 'Lieferanten' }, + supplier_security_policy: { label: 'Lieferanten-Anforderungen', category: 'Lieferanten' }, + transfer_impact_assessment: { label: 'Transfer Impact Assessment', category: 'Lieferanten' }, + scc_companion: { label: 'SCC-Begleitdokument', category: 'Lieferanten' }, + + // ── BCM / Notfall ──────────────────────────────────────────────── + business_continuity_policy: { label: 'Business-Continuity', category: 'BCM' }, + disaster_recovery_policy: { label: 'Disaster-Recovery', category: 'BCM' }, + crisis_management_policy: { label: 'Krisenmanagement', category: 'BCM' }, + + // ── KI / Cyber ─────────────────────────────────────────────────── + ai_usage_policy: { label: 'KI-Nutzungsrichtlinie', category: 'KI & Cyber' }, + cybersecurity_policy: { label: 'Cybersecurity-Richtlinie (CRA)', category: 'KI & Cyber' }, + byod_policy: { label: 'BYOD-Richtlinie', category: 'KI & Cyber' }, +} + +export const CATEGORY_COLORS: Record = { + Website: 'bg-blue-50 text-blue-700', + Vertraege: 'bg-purple-50 text-purple-700', + Plattform: 'bg-indigo-50 text-indigo-700', + 'E-Commerce': 'bg-green-50 text-green-700', + HR: 'bg-amber-50 text-amber-700', + Datenschutz: 'bg-red-50 text-red-700', + 'Daten-Governance': 'bg-rose-50 text-rose-700', + Betroffenenrechte: 'bg-fuchsia-50 text-fuchsia-700', + 'IT-Sicherheit': 'bg-gray-100 text-gray-700', + 'IT-Policies': 'bg-slate-100 text-slate-700', + Lieferanten: 'bg-orange-50 text-orange-700', + BCM: 'bg-yellow-50 text-yellow-700', + 'KI & Cyber': 'bg-cyan-50 text-cyan-700', + Marketing: 'bg-pink-50 text-pink-700', +} diff --git a/admin-compliance/lib/sdk/company-profile-preset-data.ts b/admin-compliance/lib/sdk/company-profile-preset-data.ts new file mode 100644 index 0000000..601c57a --- /dev/null +++ b/admin-compliance/lib/sdk/company-profile-preset-data.ts @@ -0,0 +1,329 @@ +import type { CompanyProfilePreset } from './company-profile-presets' + +export const COMPANY_PROFILE_PRESETS: CompanyProfilePreset[] = [ + { + id: 'saas_startup', + label: 'SaaS Startup', + description: 'B2B Software-Startup, 1-5 Mitarbeiter, Cloud-basiert, remote-first', + icon: '\u{1F680}', + profile: { + legalForm: 'GmbH', industry: ['tech'], businessModel: 'b2b', + companySize: 'micro', employeeCount: '1-9', headquartersCountry: 'DE', + targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: true, + }, + scopeHints: { + org_employee_count: '1-9', org_industry: 'tech', org_business_model: 'b2b', + proc_ai_usage: 'yes', tech_hosting_location: 'eu', + tech_encryption_transit: 'yes', tech_encryption_rest: 'yes', + comp_documentation_level: 'basic', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', + 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', + 'employee_dsi', 'applicant_dsi', + ], + }, + { + id: 'consumer_app', + label: 'App Startup (Consumer)', + description: 'B2C Mobile App, 1-5 Mitarbeiter, App Store, Nutzerdaten', + icon: '\u{1F4F1}', + profile: { + legalForm: 'GmbH', industry: ['tech'], businessModel: 'b2c', + companySize: 'micro', employeeCount: '1-9', headquartersCountry: 'DE', + targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: false, + }, + scopeHints: { + org_employee_count: '1-9', org_industry: 'tech', org_business_model: 'b2c', + data_volume: '1000-10000', proc_tracking: 'yes', + prod_consent_management: 'yes', tech_hosting_location: 'eu', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'terms_of_use', 'cookie_policy', 'cookie_banner', + 'community_guidelines', 'acceptable_use', 'widerruf', + 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', + 'employee_dsi', 'applicant_dsi', 'social_media_dsi', + ], + }, + { + id: 'ecommerce', + label: 'E-Commerce / Online-Shop', + description: 'Online-Handel B2C, 5-20 Mitarbeiter, Webshop, Zahlungsabwicklung', + icon: '\u{1F6D2}', + profile: { + legalForm: 'GmbH', industry: ['retail'], businessModel: 'b2c', + companySize: 'small', employeeCount: '10-49', headquartersCountry: 'DE', + targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: false, + }, + scopeHints: { + org_employee_count: '10-49', org_industry: 'retail', org_business_model: 'b2c', + prod_webshop: 'yes', data_volume: '10000-100000', + tech_hosting_location: 'eu', prod_consent_management: 'yes', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'agb', 'widerruf', 'cookie_policy', 'cookie_banner', + 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', + 'employee_dsi', 'applicant_dsi', + ], + }, + { + id: 'it_agency', + label: 'IT-Dienstleister / Agentur', + description: 'IT-Beratung oder Agentur, 10-50 Mitarbeiter, Kundenprojekte', + icon: '\u{1F4BB}', + profile: { + legalForm: 'GmbH', industry: ['tech'], businessModel: 'b2b', + companySize: 'small', employeeCount: '10-49', headquartersCountry: 'DE', + targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: true, + }, + scopeHints: { + org_employee_count: '10-49', org_industry: 'tech', org_business_model: 'b2b', + proc_ai_usage: 'yes', tech_hosting_location: 'eu', + comp_vendor_management: 'yes', comp_training: 'yes', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', + 'dpa', 'nda', 'sla', 'tom_documentation', 'vvt_register', 'loeschkonzept', + 'employee_dsi', 'applicant_dsi', + ], + }, + { + id: 'maschinenbau', + label: 'Maschinenbau KMU', + description: 'Maschinenbau B2B, 50-200 Mitarbeiter, Produktion, CE-Kennzeichnung', + icon: '\u{1F3ED}', + profile: { + legalForm: 'GmbH', industry: ['manufacturing'], businessModel: 'b2b', + companySize: 'medium', employeeCount: '50-249', headquartersCountry: 'DE', + targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: false, + }, + scopeHints: { + org_employee_count: '50-249', org_industry: 'manufacturing', org_business_model: 'b2b', + proc_employee_monitoring: 'no', tech_hosting_location: 'eu', + comp_vendor_management: 'yes', comp_documentation_level: 'structured', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', + 'dpa', 'nda', 'tom_documentation', 'vvt_register', 'loeschkonzept', + 'employee_dsi', 'applicant_dsi', 'whistleblower_policy', + 'dsfa', 'pflichtenregister', + ], + }, + { + id: 'law_firm', + label: 'Rechtsanwaltskanzlei', + description: 'Kanzlei, 5-20 Mitarbeiter, Mandantendaten, besondere Vertraulichkeit', + icon: '\u2696\uFE0F', + profile: { + legalForm: 'PartG', industry: ['legal'], businessModel: 'b2b', + companySize: 'small', employeeCount: '1-9', headquartersCountry: 'DE', + targetMarkets: ['DE'], isDataController: true, isDataProcessor: false, + }, + scopeHints: { + org_employee_count: '1-9', org_industry: 'legal', org_business_model: 'b2b', + data_art9: 'no', tech_encryption_transit: 'yes', + tech_encryption_rest: 'yes', comp_documentation_level: 'basic', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner', + 'dpa', 'nda', 'tom_documentation', 'vvt_register', 'loeschkonzept', + 'employee_dsi', 'applicant_dsi', + ], + }, + { + id: 'healthcare', + label: 'Arztpraxis / Gesundheit', + description: 'Gesundheitswesen, 5-50 Mitarbeiter, Patientendaten (Art. 9), hoher Schutzbedarf', + icon: '\u{1F3E5}', + profile: { + legalForm: 'GbR', industry: ['healthcare'], businessModel: 'b2c', + companySize: 'small', employeeCount: '1-9', headquartersCountry: 'DE', + targetMarkets: ['DE'], isDataController: true, isDataProcessor: false, + }, + scopeHints: { + org_employee_count: '1-9', org_industry: 'healthcare', org_business_model: 'b2c', + data_art9: 'yes', tech_encryption_transit: 'yes', + tech_encryption_rest: 'yes', comp_documentation_level: 'basic', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner', + 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', + 'employee_dsi', 'applicant_dsi', 'pflichtenregister', + ], + }, + { + id: 'handwerk', + label: 'Handwerksbetrieb', + description: 'Handwerk, 5-20 Mitarbeiter, Kundendaten, einfache IT', + icon: '\u{1F527}', + profile: { + legalForm: 'GmbH', industry: ['crafts'], businessModel: 'b2c', + companySize: 'small', employeeCount: '1-9', headquartersCountry: 'DE', + targetMarkets: ['DE'], isDataController: true, isDataProcessor: false, + }, + scopeHints: { + org_employee_count: '1-9', org_industry: 'other', org_business_model: 'b2c', + data_art9: 'no', tech_hosting_location: 'eu', comp_documentation_level: 'none', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', + 'tom_documentation', 'vvt_register', 'loeschkonzept', 'employee_dsi', + ], + }, + { + id: 'education', + label: 'Bildungseinrichtung', + description: 'Schule, Hochschule oder Weiterbildung, 20-100 Mitarbeiter, Schuelerdaten', + icon: '\u{1F393}', + profile: { + legalForm: 'gGmbH', industry: ['education'], businessModel: 'b2c', + companySize: 'medium', employeeCount: '10-49', headquartersCountry: 'DE', + targetMarkets: ['DE'], isDataController: true, isDataProcessor: false, + }, + scopeHints: { + org_employee_count: '10-49', org_industry: 'education', org_business_model: 'b2c', + data_minors: 'yes', tech_hosting_location: 'eu', comp_training: 'yes', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner', + 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', + 'employee_dsi', 'applicant_dsi', 'pflichtenregister', + ], + }, + { + id: 'enterprise', + label: 'Konzern / Enterprise', + description: 'Grossunternehmen, 500+ MA, international, reguliert, ISO 27001', + icon: '\u{1F3E2}', + profile: { + legalForm: 'AG', industry: ['finance'], businessModel: 'b2b', + companySize: 'enterprise', employeeCount: '1000+', headquartersCountry: 'DE', + targetMarkets: ['DE', 'EU', 'US'], isDataController: true, isDataProcessor: true, + }, + scopeHints: { + org_employee_count: '1000+', org_industry: 'finance', org_business_model: 'b2b', + org_cert_target: 'iso27001', data_art9: 'yes', data_volume: '>1000000', + proc_ai_usage: 'yes', tech_third_country: 'yes', + tech_hosting_location: 'eu_us_adequacy', comp_vendor_management: 'yes', + comp_training: 'yes', comp_documentation_level: 'comprehensive', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', + 'dpa', 'nda', 'sla', 'cloud_service_agreement', + 'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', 'pflichtenregister', + 'data_protection_concept', 'consent_texts', 'informationspflichten', 'verpflichtungserklaerung', + 'dsr_process_art15', 'dsr_process_art16', 'dsr_process_art17', + 'dsr_process_art18', 'dsr_process_art20', 'dsr_process_art21', + 'isms_manual', 'it_security_concept', 'risk_management_concept', + 'information_security_policy', 'access_control_policy', 'encryption_policy', + 'change_management_policy', 'asset_management_policy', + 'data_protection_policy', 'data_classification_policy', + 'data_retention_policy', 'data_transfer_policy', 'privacy_incident_policy', + 'employee_dsi', 'applicant_dsi', 'whistleblower_policy', 'social_media_dsi', + 'employee_security_policy', 'security_awareness_policy', 'offboarding_policy', + 'transfer_impact_assessment', 'scc_companion', + 'vendor_risk_management_policy', 'third_party_security_policy', + 'business_continuity_policy', 'disaster_recovery_policy', 'crisis_management_policy', + 'ai_usage_policy', + ], + }, + { + id: 'cloud_provider', + label: 'Cloud / SaaS-Anbieter', + description: 'Cloud-Infrastruktur oder SaaS, 20-100 MA, DevOps, ISO 27001 Ziel', + icon: '\u2601\uFE0F', + profile: { + legalForm: 'GmbH', industry: ['tech'], businessModel: 'b2b', + companySize: 'small', employeeCount: '10-49', headquartersCountry: 'DE', + targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: true, + }, + scopeHints: { + org_employee_count: '10-49', org_industry: 'tech', org_business_model: 'b2b', + org_cert_iso27001: 'yes', proc_ai_usage: 'yes', tech_hosting_location: 'eu', + tech_encryption_transit: 'yes', tech_encryption_rest: 'yes', + comp_vendor_management: 'yes', comp_documentation_level: 'structured', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', + 'dpa', 'nda', 'sla', 'cloud_service_agreement', + 'tom_documentation', 'vvt_register', 'loeschkonzept', 'pflichtenregister', + 'data_protection_concept', 'consent_texts', + 'isms_manual', 'it_security_concept', 'backup_recovery_concept', + 'logging_concept', 'incident_response_plan', + 'access_control_concept', 'risk_management_concept', + 'information_security_policy', 'access_control_policy', 'password_policy', + 'encryption_policy', 'logging_policy', 'backup_policy', + 'incident_response_policy', 'change_management_policy', + 'patch_management_policy', 'asset_management_policy', + 'cloud_security_policy', 'devsecops_policy', + 'secrets_management_policy', 'vulnerability_management_policy', + 'employee_dsi', 'applicant_dsi', 'employee_security_policy', + 'remote_work_policy', 'offboarding_policy', + 'vendor_risk_management_policy', 'third_party_security_policy', + 'business_continuity_policy', 'disaster_recovery_policy', + 'ai_usage_policy', 'cybersecurity_policy', 'byod_policy', + ], + }, + { + id: 'fintech', + label: 'Finanzdienstleister', + description: 'Finanz- oder Versicherungsbranche, 50-500 MA, reguliert', + icon: '\u{1F3E6}', + profile: { + legalForm: 'GmbH', industry: ['finance'], businessModel: 'b2b', + companySize: 'medium', employeeCount: '50-249', headquartersCountry: 'DE', + targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: true, + }, + scopeHints: { + org_employee_count: '50-249', org_industry: 'finance', org_business_model: 'b2b', + data_art9: 'no', data_volume: '100000-1000000', tech_hosting_location: 'eu', + tech_encryption_transit: 'yes', tech_encryption_rest: 'yes', + comp_vendor_management: 'yes', comp_training: 'yes', + comp_documentation_level: 'comprehensive', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', + 'dpa', 'nda', 'sla', + 'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', 'pflichtenregister', + 'data_protection_concept', 'verpflichtungserklaerung', 'informationspflichten', + 'dsr_process_art15', 'dsr_process_art17', 'dsr_process_art20', + 'data_protection_policy', 'data_classification_policy', + 'data_retention_policy', 'data_transfer_policy', 'privacy_incident_policy', + 'it_security_concept', 'risk_management_concept', + 'information_security_policy', 'access_control_policy', 'encryption_policy', + 'employee_dsi', 'applicant_dsi', 'whistleblower_policy', + 'employee_security_policy', 'security_awareness_policy', 'offboarding_policy', + 'transfer_impact_assessment', 'vendor_risk_management_policy', + 'supplier_security_policy', + 'business_continuity_policy', 'disaster_recovery_policy', 'crisis_management_policy', + ], + }, + { + id: 'platform', + label: 'Plattform / Marketplace', + description: 'Online-Plattform mit Nutzern, UGC, Community, 10-50 MA', + icon: '\u{1F310}', + profile: { + legalForm: 'GmbH', industry: ['tech'], businessModel: 'b2b2c', + companySize: 'small', employeeCount: '10-49', headquartersCountry: 'DE', + targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: false, + }, + scopeHints: { + org_employee_count: '10-49', org_industry: 'tech', org_business_model: 'b2b2c', + data_volume: '10000-100000', proc_tracking: 'yes', + prod_ugc_platform: 'yes', prod_consent_management: 'yes', + tech_hosting_location: 'eu', + }, + recommendedDocs: [ + 'privacy_policy', 'impressum', 'terms_of_use', 'agb', + 'cookie_policy', 'cookie_banner', 'dpa', + 'community_guidelines', 'acceptable_use', + 'media_content_policy', 'copyright_policy', 'data_usage_clause', + 'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', + 'consent_texts', 'social_media_dsi', 'video_conference_dsi', + 'dsr_process_art15', 'dsr_process_art17', 'dsr_process_art20', 'dsr_process_art21', + 'employee_dsi', 'applicant_dsi', + 'ai_usage_policy', + ], + }, +] diff --git a/admin-compliance/lib/sdk/company-profile-presets.ts b/admin-compliance/lib/sdk/company-profile-presets.ts index b81fec2..3d047f9 100644 --- a/admin-compliance/lib/sdk/company-profile-presets.ts +++ b/admin-compliance/lib/sdk/company-profile-presets.ts @@ -3,6 +3,8 @@ * * Jeder Preset enthaelt ein vorbefuelltes CompanyProfile + typische Scope-Antworten. * Der Kunde waehlt beim Onboarding ein Profil und passt es dann an. + * + * Data split: Interface here, preset data in ./company-profile-preset-data.ts */ export interface CompanyProfilePreset { @@ -28,323 +30,4 @@ export interface CompanyProfilePreset { recommendedDocs: string[] } -export const COMPANY_PROFILE_PRESETS: CompanyProfilePreset[] = [ - { - id: 'saas_startup', - label: 'SaaS Startup', - description: 'B2B Software-Startup, 1-5 Mitarbeiter, Cloud-basiert, remote-first', - icon: '🚀', - profile: { - legalForm: 'GmbH', - industry: ['tech'], - businessModel: 'b2b', - companySize: 'micro', - employeeCount: '1-9', - headquartersCountry: 'DE', - targetMarkets: ['DE', 'EU'], - isDataController: true, - isDataProcessor: true, - }, - scopeHints: { - org_employee_count: '1-9', - org_industry: 'tech', - org_business_model: 'b2b', - proc_ai_usage: 'yes', - tech_hosting_location: 'eu', - tech_encryption_transit: 'yes', - tech_encryption_rest: 'yes', - comp_documentation_level: 'basic', - }, - recommendedDocs: [ - 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', - 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', - 'employee_dsi', 'applicant_dsi', - ], - }, - { - id: 'consumer_app', - label: 'App Startup (Consumer)', - description: 'B2C Mobile App, 1-5 Mitarbeiter, App Store, Nutzerdaten', - icon: '📱', - profile: { - legalForm: 'GmbH', - industry: ['tech'], - businessModel: 'b2c', - companySize: 'micro', - employeeCount: '1-9', - headquartersCountry: 'DE', - targetMarkets: ['DE', 'EU'], - isDataController: true, - isDataProcessor: false, - }, - scopeHints: { - org_employee_count: '1-9', - org_industry: 'tech', - org_business_model: 'b2c', - data_volume: '1000-10000', - proc_tracking: 'yes', - prod_consent_management: 'yes', - tech_hosting_location: 'eu', - }, - recommendedDocs: [ - 'privacy_policy', 'impressum', 'terms_of_use', 'cookie_policy', 'cookie_banner', - 'community_guidelines', 'acceptable_use', 'widerruf', - 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', - 'employee_dsi', 'applicant_dsi', 'social_media_dsi', - ], - }, - { - id: 'ecommerce', - label: 'E-Commerce / Online-Shop', - description: 'Online-Handel B2C, 5-20 Mitarbeiter, Webshop, Zahlungsabwicklung', - icon: '🛒', - profile: { - legalForm: 'GmbH', - industry: ['retail'], - businessModel: 'b2c', - companySize: 'small', - employeeCount: '10-49', - headquartersCountry: 'DE', - targetMarkets: ['DE', 'EU'], - isDataController: true, - isDataProcessor: false, - }, - scopeHints: { - org_employee_count: '10-49', - org_industry: 'retail', - org_business_model: 'b2c', - prod_webshop: 'yes', - data_volume: '10000-100000', - tech_hosting_location: 'eu', - prod_consent_management: 'yes', - }, - recommendedDocs: [ - 'privacy_policy', 'impressum', 'agb', 'widerruf', 'cookie_policy', 'cookie_banner', - 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', - 'employee_dsi', 'applicant_dsi', - ], - }, - { - id: 'it_agency', - label: 'IT-Dienstleister / Agentur', - description: 'IT-Beratung oder Agentur, 10-50 Mitarbeiter, Kundenprojekte', - icon: '💻', - profile: { - legalForm: 'GmbH', - industry: ['tech'], - businessModel: 'b2b', - companySize: 'small', - employeeCount: '10-49', - headquartersCountry: 'DE', - targetMarkets: ['DE', 'EU'], - isDataController: true, - isDataProcessor: true, - }, - scopeHints: { - org_employee_count: '10-49', - org_industry: 'tech', - org_business_model: 'b2b', - proc_ai_usage: 'yes', - tech_hosting_location: 'eu', - comp_vendor_management: 'yes', - comp_training: 'yes', - }, - recommendedDocs: [ - 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', - 'dpa', 'nda', 'sla', 'tom_documentation', 'vvt_register', 'loeschkonzept', - 'employee_dsi', 'applicant_dsi', - ], - }, - { - id: 'maschinenbau', - label: 'Maschinenbau KMU', - description: 'Maschinenbau B2B, 50-200 Mitarbeiter, Produktion, CE-Kennzeichnung', - icon: '🏭', - profile: { - legalForm: 'GmbH', - industry: ['manufacturing'], - businessModel: 'b2b', - companySize: 'medium', - employeeCount: '50-249', - headquartersCountry: 'DE', - targetMarkets: ['DE', 'EU'], - isDataController: true, - isDataProcessor: false, - }, - scopeHints: { - org_employee_count: '50-249', - org_industry: 'manufacturing', - org_business_model: 'b2b', - proc_employee_monitoring: 'no', - tech_hosting_location: 'eu', - comp_vendor_management: 'yes', - comp_documentation_level: 'structured', - }, - recommendedDocs: [ - 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', - 'dpa', 'nda', 'tom_documentation', 'vvt_register', 'loeschkonzept', - 'employee_dsi', 'applicant_dsi', 'whistleblower_policy', - 'dsfa', 'pflichtenregister', - ], - }, - { - id: 'law_firm', - label: 'Rechtsanwaltskanzlei', - description: 'Kanzlei, 5-20 Mitarbeiter, Mandantendaten, besondere Vertraulichkeit', - icon: '⚖️', - profile: { - legalForm: 'PartG', - industry: ['legal'], - businessModel: 'b2b', - companySize: 'small', - employeeCount: '1-9', - headquartersCountry: 'DE', - targetMarkets: ['DE'], - isDataController: true, - isDataProcessor: false, - }, - scopeHints: { - org_employee_count: '1-9', - org_industry: 'legal', - org_business_model: 'b2b', - data_art9: 'no', - tech_encryption_transit: 'yes', - tech_encryption_rest: 'yes', - comp_documentation_level: 'basic', - }, - recommendedDocs: [ - 'privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner', - 'dpa', 'nda', 'tom_documentation', 'vvt_register', 'loeschkonzept', - 'employee_dsi', 'applicant_dsi', - ], - }, - { - id: 'healthcare', - label: 'Arztpraxis / Gesundheit', - description: 'Gesundheitswesen, 5-50 Mitarbeiter, Patientendaten (Art. 9), hoher Schutzbedarf', - icon: '🏥', - profile: { - legalForm: 'GbR', - industry: ['healthcare'], - businessModel: 'b2c', - companySize: 'small', - employeeCount: '1-9', - headquartersCountry: 'DE', - targetMarkets: ['DE'], - isDataController: true, - isDataProcessor: false, - }, - scopeHints: { - org_employee_count: '1-9', - org_industry: 'healthcare', - org_business_model: 'b2c', - data_art9: 'yes', - tech_encryption_transit: 'yes', - tech_encryption_rest: 'yes', - comp_documentation_level: 'basic', - }, - recommendedDocs: [ - 'privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner', - 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', - 'employee_dsi', 'applicant_dsi', 'pflichtenregister', - ], - }, - { - id: 'handwerk', - label: 'Handwerksbetrieb', - description: 'Handwerk, 5-20 Mitarbeiter, Kundendaten, einfache IT', - icon: '🔧', - profile: { - legalForm: 'GmbH', - industry: ['crafts'], - businessModel: 'b2c', - companySize: 'small', - employeeCount: '1-9', - headquartersCountry: 'DE', - targetMarkets: ['DE'], - isDataController: true, - isDataProcessor: false, - }, - scopeHints: { - org_employee_count: '1-9', - org_industry: 'other', - org_business_model: 'b2c', - data_art9: 'no', - tech_hosting_location: 'eu', - comp_documentation_level: 'none', - }, - recommendedDocs: [ - 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', - 'tom_documentation', 'vvt_register', 'loeschkonzept', - 'employee_dsi', - ], - }, - { - id: 'education', - label: 'Bildungseinrichtung', - description: 'Schule, Hochschule oder Weiterbildung, 20-100 Mitarbeiter, Schuelerdaten', - icon: '🎓', - profile: { - legalForm: 'gGmbH', - industry: ['education'], - businessModel: 'b2c', - companySize: 'medium', - employeeCount: '10-49', - headquartersCountry: 'DE', - targetMarkets: ['DE'], - isDataController: true, - isDataProcessor: false, - }, - scopeHints: { - org_employee_count: '10-49', - org_industry: 'education', - org_business_model: 'b2c', - data_minors: 'yes', - tech_hosting_location: 'eu', - comp_training: 'yes', - }, - recommendedDocs: [ - 'privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner', - 'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', - 'employee_dsi', 'applicant_dsi', 'pflichtenregister', - ], - }, - { - id: 'enterprise', - label: 'Konzern / Enterprise', - description: 'Grossunternehmen, 500+ Mitarbeiter, international, reguliert, ISO 27001', - icon: '🏢', - profile: { - legalForm: 'AG', - industry: ['finance'], - businessModel: 'b2b', - companySize: 'enterprise', - employeeCount: '1000+', - headquartersCountry: 'DE', - targetMarkets: ['DE', 'EU', 'US'], - isDataController: true, - isDataProcessor: true, - }, - scopeHints: { - org_employee_count: '1000+', - org_industry: 'finance', - org_business_model: 'b2b', - org_cert_target: 'iso27001', - data_art9: 'yes', - data_volume: '>1000000', - proc_ai_usage: 'yes', - tech_third_country: 'yes', - tech_hosting_location: 'eu_us_adequacy', - comp_vendor_management: 'yes', - comp_training: 'yes', - comp_documentation_level: 'comprehensive', - }, - recommendedDocs: [ - 'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner', - 'dpa', 'nda', 'sla', 'cloud_service_agreement', - 'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', 'pflichtenregister', - 'isms_manual', 'transfer_impact_assessment', - 'employee_dsi', 'applicant_dsi', 'whistleblower_policy', 'social_media_dsi', - ], - }, -] +export { COMPANY_PROFILE_PRESETS } from './company-profile-preset-data'