breakpilot-compliance/backend-compliance/migrations/067_vvt_process_templates_seed.sql

-- Migration 067: VVT Process Templates Seed — 18 templates from vvt-baseline-catalog
-- All content self-authored, MIT-compatible.

BEGIN;

INSERT INTO vvt_process_templates (id, name, description, business_function, purpose_refs, legal_basis_refs, data_subject_refs, data_category_refs, recipient_refs, tom_refs, retention_rule_ref, typical_systems, protection_level, dpia_required, risk_score, tags, sort_order) VALUES

-- HR Templates
('hr-mitarbeiterverwaltung',
 'Mitarbeiterverwaltung',
 'Verwaltung des Beschaeftigungsverhaeltnisses inkl. Personalakte, Urlaub, Krankmeldungen',
 'hr',
 '["EMPLOYMENT_ADMIN", "PAYROLL"]',
 '["BDSG_26", "ART6_1B"]',
 '["EMPLOYEES"]',
 '["NAME", "DOB", "ADDRESS", "CONTACT", "SOCIAL_SECURITY", "BANK_ACCOUNT", "EMPLOYMENT_DATA", "HEALTH_DATA"]',
 '["INTERNAL_HR", "INTERNAL_FINANCE", "PROCESSOR_PAYROLL", "AUTHORITY_SOZIALVERSICHERUNG", "AUTHORITY_KRANKENKASSE"]',
 '["AC_RBAC", "AC_NEED_TO_KNOW", "CONF_ENCRYPTION_REST", "CONF_ENCRYPTION_TRANSIT", "INT_AUDIT_LOG", "SEP_TENANT_ISOLATION"]',
 'HGB_257_10Y',
 '["HR-Software", "Personalakte (digital)"]',
 'HIGH', TRUE, 3,
 '["personal", "pflicht"]',
 1),

('hr-gehaltsabrechnung',
 'Gehaltsabrechnung',
 'Monatliche Lohn- und Gehaltsabrechnung inkl. Steuer- und Sozialversicherungsmeldungen',
 'hr',
 '["PAYROLL"]',
 '["BDSG_26", "ART6_1C"]',
 '["EMPLOYEES"]',
 '["NAME", "ADDRESS", "SOCIAL_SECURITY", "TAX_ID", "BANK_ACCOUNT", "SALARY_DATA"]',
 '["INTERNAL_HR", "INTERNAL_FINANCE", "PROCESSOR_PAYROLL", "AUTHORITY_FINANZAMT", "AUTHORITY_SOZIALVERSICHERUNG"]',
 '["AC_RBAC", "AC_NEED_TO_KNOW", "CONF_ENCRYPTION_REST", "CONF_ENCRYPTION_TRANSIT", "INT_AUDIT_LOG", "INT_FOUR_EYES"]',
 'AO_147_10Y',
 '["Lohnabrechnungssoftware", "DATEV"]',
 'HIGH', FALSE, 3,
 '["personal", "finanzen", "pflicht"]',
 2),

('hr-bewerbermanagement',
 'Bewerbermanagement',
 'Durchfuehrung von Bewerbungsverfahren vom Eingang bis zur Zu-/Absage',
 'hr',
 '["RECRUITING"]',
 '["BDSG_26", "ART6_1B"]',
 '["APPLICANTS"]',
 '["NAME", "DOB", "ADDRESS", "CONTACT", "EDUCATION_DATA", "PHOTO_VIDEO"]',
 '["INTERNAL_HR", "INTERNAL_MANAGEMENT"]',
 '["AC_RBAC", "AC_NEED_TO_KNOW", "CONF_ENCRYPTION_REST", "CONF_NDA"]',
 'AGG_15_6M',
 '["Bewerbermanagement-Software", "E-Mail"]',
 'MEDIUM', FALSE, 2,
 '["personal", "recruiting"]',
 3),

('hr-zeiterfassung',
 'Zeiterfassung',
 'Erfassung und Verwaltung von Arbeitszeiten gemaess ArbZG',
 'hr',
 '["TIME_TRACKING"]',
 '["ART6_1C", "BDSG_26"]',
 '["EMPLOYEES"]',
 '["NAME", "EMPLOYMENT_DATA"]',
 '["INTERNAL_HR", "INTERNAL_MANAGEMENT"]',
 '["AC_RBAC", "INT_AUDIT_LOG", "CONF_ENCRYPTION_TRANSIT"]',
 'ARBZG_16_2Y',
 '["Zeiterfassungssystem", "Stempeluhr"]',
 'LOW', FALSE, 1,
 '["personal", "pflicht"]',
 4),

-- Finance Templates
('finance-buchhaltung',
 'Buchhaltung',
 'Fuehrung der Handelsbuecher und steuerrechtliche Dokumentation',
 'finance',
 '["ACCOUNTING", "INVOICING"]',
 '["ART6_1C", "ART6_1B"]',
 '["CUSTOMERS", "SUPPLIERS", "EMPLOYEES"]',
 '["NAME", "ADDRESS", "CONTACT", "BANK_ACCOUNT", "PAYMENT_DATA", "CONTRACT_DATA", "TAX_ID"]',
 '["INTERNAL_FINANCE", "AUTHORITY_FINANZAMT", "PROCESSOR_HOSTING"]',
 '["AC_RBAC", "INT_AUDIT_LOG", "INT_FOUR_EYES", "CONF_ENCRYPTION_REST", "AVAIL_BACKUP"]',
 'HGB_257_10Y',
 '["Buchhaltungssoftware", "DATEV", "ERP-System"]',
 'HIGH', FALSE, 2,
 '["finanzen", "pflicht"]',
 5),

('finance-zahlungsverkehr',
 'Zahlungsverkehr',
 'Verarbeitung und Abwicklung von ein- und ausgehenden Zahlungen',
 'finance',
 '["PAYMENT_PROCESSING"]',
 '["ART6_1B", "ART6_1C"]',
 '["CUSTOMERS", "SUPPLIERS"]',
 '["NAME", "BANK_ACCOUNT", "PAYMENT_DATA", "CONTRACT_DATA"]',
 '["INTERNAL_FINANCE", "PROCESSOR_HOSTING"]',
 '["AC_RBAC", "AC_MFA", "CONF_ENCRYPTION_REST", "CONF_ENCRYPTION_TRANSIT", "INT_AUDIT_LOG"]',
 'HGB_257_10Y',
 '["Online-Banking", "Payment-Gateway"]',
 'HIGH', FALSE, 3,
 '["finanzen"]',
 6),

-- Sales/CRM Templates
('sales-kundenverwaltung',
 'Kundenverwaltung',
 'Verwaltung und Pflege der Kundenbeziehungen im CRM-System',
 'sales_crm',
 '["CRM"]',
 '["ART6_1B", "ART6_1F"]',
 '["CUSTOMERS", "PROSPECTIVE_CUSTOMERS"]',
 '["NAME", "ADDRESS", "CONTACT", "CONTRACT_DATA", "COMMUNICATION_DATA"]',
 '["INTERNAL_MARKETING", "INTERNAL_SUPPORT", "PROCESSOR_HOSTING"]',
 '["AC_RBAC", "CONF_ENCRYPTION_REST", "CONF_ENCRYPTION_TRANSIT", "INT_AUDIT_LOG", "SEP_TENANT_ISOLATION"]',
 'BGB_195_3Y',
 '["CRM-System", "E-Mail-Client"]',
 'MEDIUM', FALSE, 2,
 '["vertrieb", "kunden"]',
 7),

('sales-vertriebssteuerung',
 'Vertriebssteuerung',
 'Vertriebsanalysen, Forecasting und Berichterstattung',
 'sales_crm',
 '["SALES_REPORTING"]',
 '["ART6_1F"]',
 '["CUSTOMERS", "PROSPECTIVE_CUSTOMERS"]',
 '["NAME", "CONTACT", "CONTRACT_DATA"]',
 '["INTERNAL_MANAGEMENT", "INTERNAL_MARKETING"]',
 '["AC_RBAC", "AC_NEED_TO_KNOW", "CONF_PSEUDONYMIZATION"]',
 'BGB_195_3Y',
 '["CRM-System", "BI-Tool"]',
 'LOW', FALSE, 1,
 '["vertrieb", "reporting"]',
 8),

-- Marketing Templates
('marketing-newsletter',
 'Newsletter-Versand',
 'Versand von Newslettern und Werbemails an Abonnenten',
 'marketing',
 '["DIRECT_MARKETING"]',
 '["ART6_1A", "UWG_7"]',
 '["NEWSLETTER_SUBSCRIBERS", "CUSTOMERS"]',
 '["NAME", "CONTACT", "USAGE_DATA"]',
 '["INTERNAL_MARKETING", "PROCESSOR_EMAIL"]',
 '["AC_RBAC", "CONF_ENCRYPTION_TRANSIT", "SEP_DATA_SEPARATION"]',
 'CONSENT_REVOKE',
 '["Newsletter-Tool", "E-Mail-Marketing-Plattform"]',
 'LOW', FALSE, 1,
 '["marketing", "einwilligung"]',
 9),

('marketing-website-analytics',
 'Website-Analyse',
 'Analyse des Nutzerverhaltens auf der Unternehmenswebsite',
 'marketing',
 '["WEBSITE_ANALYTICS"]',
 '["ART6_1A"]',
 '["WEBSITE_USERS"]',
 '["IP_ADDRESS", "DEVICE_ID", "USAGE_DATA"]',
 '["INTERNAL_MARKETING", "PROCESSOR_ANALYTICS"]',
 '["CONF_PSEUDONYMIZATION", "CONF_ENCRYPTION_TRANSIT", "SEP_DATA_SEPARATION"]',
 'CUSTOM_14M',
 '["Web-Analytics-Tool", "Tag-Manager"]',
 'LOW', FALSE, 1,
 '["marketing", "einwilligung", "tracking"]',
 10),

('marketing-social-media',
 'Social-Media-Marketing',
 'Betrieb und Verwaltung von Social-Media-Praesenzen',
 'marketing',
 '["SOCIAL_MEDIA"]',
 '["ART6_1A", "ART6_1F"]',
 '["WEBSITE_USERS", "CUSTOMERS"]',
 '["NAME", "CONTACT", "USAGE_DATA", "PHOTO_VIDEO"]',
 '["INTERNAL_MARKETING", "PROCESSOR_ANALYTICS"]',
 '["AC_RBAC", "CONF_ENCRYPTION_TRANSIT"]',
 'PURPOSE_END',
 '["Social-Media-Plattformen", "Social-Media-Management-Tool"]',
 'LOW', FALSE, 1,
 '["marketing", "social-media"]',
 11),

-- Support Templates
('support-ticketsystem',
 'Ticketsystem / Kundenservice',
 'Bearbeitung von Kundenanfragen ueber das Ticketsystem',
 'support',
 '["CUSTOMER_SUPPORT"]',
 '["ART6_1B"]',
 '["CUSTOMERS"]',
 '["NAME", "CONTACT", "COMMUNICATION_DATA", "CONTRACT_DATA"]',
 '["INTERNAL_SUPPORT", "PROCESSOR_HELPDESK"]',
 '["AC_RBAC", "CONF_ENCRYPTION_TRANSIT", "INT_AUDIT_LOG"]',
 'BGB_195_3Y',
 '["Ticketsystem", "Help-Desk-Software"]',
 'MEDIUM', FALSE, 1,
 '["support", "kunden"]',
 12),

-- IT Templates
('it-systemadministration',
 'IT-Systemadministration',
 'Verwaltung der IT-Infrastruktur, Benutzerkonten und Berechtigungen',
 'it_operations',
 '["IT_ADMIN"]',
 '["ART6_1F", "ART6_1B"]',
 '["EMPLOYEES"]',
 '["NAME", "LOGIN_DATA", "IP_ADDRESS", "DEVICE_ID"]',
 '["INTERNAL_IT", "PROCESSOR_HOSTING"]',
 '["AC_RBAC", "AC_MFA", "AC_PAM", "CONF_ENCRYPTION_REST", "CONF_ENCRYPTION_TRANSIT", "INT_AUDIT_LOG", "SEP_NETWORK_SEG", "SEP_ENV_SEPARATION"]',
 'CUSTOM_90D',
 '["Active Directory", "LDAP", "IT-Management-Tool"]',
 'HIGH', FALSE, 2,
 '["it", "infrastruktur"]',
 13),

('it-backup',
 'Datensicherung und Recovery',
 'Regelmaessige Backups und Wiederherstellungsverfahren',
 'it_operations',
 '["BACKUP_RECOVERY"]',
 '["ART6_1F"]',
 '["EMPLOYEES", "CUSTOMERS"]',
 '["NAME", "ADDRESS", "CONTACT", "CONTRACT_DATA", "LOGIN_DATA"]',
 '["INTERNAL_IT", "PROCESSOR_HOSTING"]',
 '["AVAIL_BACKUP", "AVAIL_321_RULE", "AVAIL_REDUNDANCY", "CONF_ENCRYPTION_REST", "INT_CHECKSUMS"]',
 'CUSTOM_90D',
 '["Backup-Software", "Cloud-Backup", "NAS"]',
 'HIGH', FALSE, 2,
 '["it", "verfuegbarkeit"]',
 14),

('it-logging',
 'Logging und Sicherheitsueberwachung',
 'Protokollierung von System- und Sicherheitsereignissen',
 'it_operations',
 '["SECURITY_MONITORING"]',
 '["ART6_1F"]',
 '["EMPLOYEES", "CUSTOMERS", "WEBSITE_USERS"]',
 '["IP_ADDRESS", "LOGIN_DATA", "USAGE_DATA", "DEVICE_ID"]',
 '["INTERNAL_IT"]',
 '["CONF_ENCRYPTION_REST", "INT_AUDIT_LOG", "INT_CHECKSUMS", "AVAIL_MONITORING", "SEP_DATA_SEPARATION"]',
 'CUSTOM_90D',
 '["SIEM-System", "Log-Management", "Monitoring-Tool"]',
 'MEDIUM', FALSE, 2,
 '["it", "sicherheit"]',
 15),

('it-iam',
 'Identitaets- und Zugriffsmanagement',
 'Verwaltung von Benutzeridentitaeten, Rollen und Berechtigungen',
 'it_operations',
 '["IAM"]',
 '["ART6_1F", "BDSG_26"]',
 '["EMPLOYEES"]',
 '["NAME", "LOGIN_DATA", "EMPLOYMENT_DATA"]',
 '["INTERNAL_IT", "INTERNAL_HR"]',
 '["AC_RBAC", "AC_MFA", "AC_PAM", "AC_NEED_TO_KNOW", "INT_AUDIT_LOG", "CONF_ENCRYPTION_REST"]',
 'AGG_15_6M',
 '["IAM-System", "SSO-Provider", "Active Directory"]',
 'HIGH', FALSE, 2,
 '["it", "sicherheit", "zugriffskontrolle"]',
 16),

-- Other Templates
('other-videokonferenz',
 'Videokonferenz',
 'Durchfuehrung von Online-Meetings und Videokonferenzen',
 'other',
 '["VIDEO_CONFERENCING"]',
 '["ART6_1B", "ART6_1F"]',
 '["EMPLOYEES", "CUSTOMERS", "BUSINESS_PARTNERS"]',
 '["NAME", "CONTACT", "PHOTO_VIDEO", "IP_ADDRESS"]',
 '["INTERNAL_IT", "PROCESSOR_HOSTING"]',
 '["CONF_ENCRYPTION_TRANSIT", "AC_RBAC"]',
 'PURPOSE_END',
 '["Videokonferenz-Tool", "Webinar-Plattform"]',
 'LOW', FALSE, 1,
 '["kommunikation"]',
 17),

('other-besuchermanagement',
 'Besuchermanagement',
 'Erfassung und Verwaltung von Betriebsbesuchern',
 'other',
 '["VISITOR_MANAGEMENT"]',
 '["ART6_1F"]',
 '["VISITORS"]',
 '["NAME", "CONTACT", "PHOTO_VIDEO"]',
 '["INTERNAL_MANAGEMENT"]',
 '["AC_RBAC", "CONF_ENCRYPTION_REST"]',
 'CUSTOM_30D',
 '["Besuchermanagement-System", "Empfangsterminal"]',
 'LOW', FALSE, 1,
 '["sonstiges", "besucher"]',
 18)

ON CONFLICT (id) DO NOTHING;

COMMIT;