Benjamin Admin
9b4be663f7
- Migration 111: 3 new tables (org_roles, document_reviews, document_role_mapping) with seed data mapping all 71 doc types to 7 compliance roles - org_role_routes.py: CRUD for roles, seed defaults, test email, mapping API - document_review_routes.py: Review lifecycle (create→send→approve/reject) with approval notification to all affected roles - Migration 112: SOP template (ISO 9001 structure, 21 placeholders) - Added standard_operating_procedure to TemplateType, doc-labels, presets [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
332 lines
15 KiB
TypeScript
332 lines
15 KiB
TypeScript
import type { CompanyProfilePreset } from './company-profile-presets'
|
|
|
|
export const COMPANY_PROFILE_PRESETS: CompanyProfilePreset[] = [
|
|
{
|
|
id: 'saas_startup',
|
|
label: 'SaaS Startup',
|
|
description: 'B2B Software-Startup, 1-5 Mitarbeiter, Cloud-basiert, remote-first',
|
|
icon: '\u{1F680}',
|
|
profile: {
|
|
legalForm: 'GmbH', industry: ['tech'], businessModel: 'b2b',
|
|
companySize: 'micro', employeeCount: '1-9', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: true,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '1-9', org_industry: 'tech', org_business_model: 'b2b',
|
|
proc_ai_usage: 'yes', tech_hosting_location: 'eu',
|
|
tech_encryption_transit: 'yes', tech_encryption_rest: 'yes',
|
|
comp_documentation_level: 'basic',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner',
|
|
'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept',
|
|
'employee_dsi', 'applicant_dsi',
|
|
],
|
|
},
|
|
{
|
|
id: 'consumer_app',
|
|
label: 'App Startup (Consumer)',
|
|
description: 'B2C Mobile App, 1-5 Mitarbeiter, App Store, Nutzerdaten',
|
|
icon: '\u{1F4F1}',
|
|
profile: {
|
|
legalForm: 'GmbH', industry: ['tech'], businessModel: 'b2c',
|
|
companySize: 'micro', employeeCount: '1-9', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: false,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '1-9', org_industry: 'tech', org_business_model: 'b2c',
|
|
data_volume: '1000-10000', proc_tracking: 'yes',
|
|
prod_consent_management: 'yes', tech_hosting_location: 'eu',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'terms_of_use', 'cookie_policy', 'cookie_banner',
|
|
'community_guidelines', 'acceptable_use', 'widerruf',
|
|
'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept',
|
|
'employee_dsi', 'applicant_dsi', 'social_media_dsi',
|
|
],
|
|
},
|
|
{
|
|
id: 'ecommerce',
|
|
label: 'E-Commerce / Online-Shop',
|
|
description: 'Online-Handel B2C, 5-20 Mitarbeiter, Webshop, Zahlungsabwicklung',
|
|
icon: '\u{1F6D2}',
|
|
profile: {
|
|
legalForm: 'GmbH', industry: ['retail'], businessModel: 'b2c',
|
|
companySize: 'small', employeeCount: '10-49', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: false,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '10-49', org_industry: 'retail', org_business_model: 'b2c',
|
|
prod_webshop: 'yes', data_volume: '10000-100000',
|
|
tech_hosting_location: 'eu', prod_consent_management: 'yes',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'agb', 'widerruf', 'cookie_policy', 'cookie_banner',
|
|
'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept',
|
|
'employee_dsi', 'applicant_dsi',
|
|
],
|
|
},
|
|
{
|
|
id: 'it_agency',
|
|
label: 'IT-Dienstleister / Agentur',
|
|
description: 'IT-Beratung oder Agentur, 10-50 Mitarbeiter, Kundenprojekte',
|
|
icon: '\u{1F4BB}',
|
|
profile: {
|
|
legalForm: 'GmbH', industry: ['tech'], businessModel: 'b2b',
|
|
companySize: 'small', employeeCount: '10-49', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: true,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '10-49', org_industry: 'tech', org_business_model: 'b2b',
|
|
proc_ai_usage: 'yes', tech_hosting_location: 'eu',
|
|
comp_vendor_management: 'yes', comp_training: 'yes',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner',
|
|
'dpa', 'nda', 'sla', 'tom_documentation', 'vvt_register', 'loeschkonzept',
|
|
'employee_dsi', 'applicant_dsi',
|
|
],
|
|
},
|
|
{
|
|
id: 'maschinenbau',
|
|
label: 'Maschinenbau KMU',
|
|
description: 'Maschinenbau B2B, 50-200 Mitarbeiter, Produktion, CE-Kennzeichnung',
|
|
icon: '\u{1F3ED}',
|
|
profile: {
|
|
legalForm: 'GmbH', industry: ['manufacturing'], businessModel: 'b2b',
|
|
companySize: 'medium', employeeCount: '50-249', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: false,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '50-249', org_industry: 'manufacturing', org_business_model: 'b2b',
|
|
proc_employee_monitoring: 'no', tech_hosting_location: 'eu',
|
|
comp_vendor_management: 'yes', comp_documentation_level: 'structured',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner',
|
|
'dpa', 'nda', 'tom_documentation', 'vvt_register', 'loeschkonzept',
|
|
'employee_dsi', 'applicant_dsi', 'whistleblower_policy',
|
|
'dsfa', 'pflichtenregister',
|
|
],
|
|
},
|
|
{
|
|
id: 'law_firm',
|
|
label: 'Rechtsanwaltskanzlei',
|
|
description: 'Kanzlei, 5-20 Mitarbeiter, Mandantendaten, besondere Vertraulichkeit',
|
|
icon: '\u2696\uFE0F',
|
|
profile: {
|
|
legalForm: 'PartG', industry: ['legal'], businessModel: 'b2b',
|
|
companySize: 'small', employeeCount: '1-9', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE'], isDataController: true, isDataProcessor: false,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '1-9', org_industry: 'legal', org_business_model: 'b2b',
|
|
data_art9: 'no', tech_encryption_transit: 'yes',
|
|
tech_encryption_rest: 'yes', comp_documentation_level: 'basic',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner',
|
|
'dpa', 'nda', 'tom_documentation', 'vvt_register', 'loeschkonzept',
|
|
'employee_dsi', 'applicant_dsi',
|
|
],
|
|
},
|
|
{
|
|
id: 'healthcare',
|
|
label: 'Arztpraxis / Gesundheit',
|
|
description: 'Gesundheitswesen, 5-50 Mitarbeiter, Patientendaten (Art. 9), hoher Schutzbedarf',
|
|
icon: '\u{1F3E5}',
|
|
profile: {
|
|
legalForm: 'GbR', industry: ['healthcare'], businessModel: 'b2c',
|
|
companySize: 'small', employeeCount: '1-9', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE'], isDataController: true, isDataProcessor: false,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '1-9', org_industry: 'healthcare', org_business_model: 'b2c',
|
|
data_art9: 'yes', tech_encryption_transit: 'yes',
|
|
tech_encryption_rest: 'yes', comp_documentation_level: 'basic',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner',
|
|
'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa',
|
|
'employee_dsi', 'applicant_dsi', 'pflichtenregister',
|
|
],
|
|
},
|
|
{
|
|
id: 'handwerk',
|
|
label: 'Handwerksbetrieb',
|
|
description: 'Handwerk, 5-20 Mitarbeiter, Kundendaten, einfache IT',
|
|
icon: '\u{1F527}',
|
|
profile: {
|
|
legalForm: 'GmbH', industry: ['crafts'], businessModel: 'b2c',
|
|
companySize: 'small', employeeCount: '1-9', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE'], isDataController: true, isDataProcessor: false,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '1-9', org_industry: 'other', org_business_model: 'b2c',
|
|
data_art9: 'no', tech_hosting_location: 'eu', comp_documentation_level: 'none',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner',
|
|
'tom_documentation', 'vvt_register', 'loeschkonzept', 'employee_dsi',
|
|
],
|
|
},
|
|
{
|
|
id: 'education',
|
|
label: 'Bildungseinrichtung',
|
|
description: 'Schule, Hochschule oder Weiterbildung, 20-100 Mitarbeiter, Schuelerdaten',
|
|
icon: '\u{1F393}',
|
|
profile: {
|
|
legalForm: 'gGmbH', industry: ['education'], businessModel: 'b2c',
|
|
companySize: 'medium', employeeCount: '10-49', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE'], isDataController: true, isDataProcessor: false,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '10-49', org_industry: 'education', org_business_model: 'b2c',
|
|
data_minors: 'yes', tech_hosting_location: 'eu', comp_training: 'yes',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'cookie_policy', 'cookie_banner',
|
|
'dpa', 'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa',
|
|
'employee_dsi', 'applicant_dsi', 'pflichtenregister',
|
|
],
|
|
},
|
|
{
|
|
id: 'enterprise',
|
|
label: 'Konzern / Enterprise',
|
|
description: 'Grossunternehmen, 500+ MA, international, reguliert, ISO 27001',
|
|
icon: '\u{1F3E2}',
|
|
profile: {
|
|
legalForm: 'AG', industry: ['finance'], businessModel: 'b2b',
|
|
companySize: 'enterprise', employeeCount: '1000+', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE', 'EU', 'US'], isDataController: true, isDataProcessor: true,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '1000+', org_industry: 'finance', org_business_model: 'b2b',
|
|
org_cert_target: 'iso27001', data_art9: 'yes', data_volume: '>1000000',
|
|
proc_ai_usage: 'yes', tech_third_country: 'yes',
|
|
tech_hosting_location: 'eu_us_adequacy', comp_vendor_management: 'yes',
|
|
comp_training: 'yes', comp_documentation_level: 'comprehensive',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner',
|
|
'dpa', 'nda', 'sla', 'cloud_service_agreement',
|
|
'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', 'pflichtenregister',
|
|
'data_protection_concept', 'consent_texts', 'informationspflichten', 'verpflichtungserklaerung',
|
|
'dsr_process_art15', 'dsr_process_art16', 'dsr_process_art17',
|
|
'dsr_process_art18', 'dsr_process_art20', 'dsr_process_art21',
|
|
'isms_manual', 'it_security_concept', 'risk_management_concept',
|
|
'information_security_policy', 'access_control_policy', 'encryption_policy',
|
|
'change_management_policy', 'asset_management_policy',
|
|
'data_protection_policy', 'data_classification_policy',
|
|
'data_retention_policy', 'data_transfer_policy', 'privacy_incident_policy',
|
|
'employee_dsi', 'applicant_dsi', 'whistleblower_policy', 'social_media_dsi',
|
|
'employee_security_policy', 'security_awareness_policy', 'offboarding_policy',
|
|
'transfer_impact_assessment', 'scc_companion',
|
|
'vendor_risk_management_policy', 'third_party_security_policy',
|
|
'business_continuity_policy', 'disaster_recovery_policy', 'crisis_management_policy',
|
|
'ai_usage_policy', 'standard_operating_procedure',
|
|
],
|
|
},
|
|
{
|
|
id: 'cloud_provider',
|
|
label: 'Cloud / SaaS-Anbieter',
|
|
description: 'Cloud-Infrastruktur oder SaaS, 20-100 MA, DevOps, ISO 27001 Ziel',
|
|
icon: '\u2601\uFE0F',
|
|
profile: {
|
|
legalForm: 'GmbH', industry: ['tech'], businessModel: 'b2b',
|
|
companySize: 'small', employeeCount: '10-49', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: true,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '10-49', org_industry: 'tech', org_business_model: 'b2b',
|
|
org_cert_iso27001: 'yes', proc_ai_usage: 'yes', tech_hosting_location: 'eu',
|
|
tech_encryption_transit: 'yes', tech_encryption_rest: 'yes',
|
|
comp_vendor_management: 'yes', comp_documentation_level: 'structured',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner',
|
|
'dpa', 'nda', 'sla', 'cloud_service_agreement',
|
|
'tom_documentation', 'vvt_register', 'loeschkonzept', 'pflichtenregister',
|
|
'data_protection_concept', 'consent_texts',
|
|
'isms_manual', 'it_security_concept', 'backup_recovery_concept',
|
|
'logging_concept', 'incident_response_plan',
|
|
'access_control_concept', 'risk_management_concept',
|
|
'information_security_policy', 'access_control_policy', 'password_policy',
|
|
'encryption_policy', 'logging_policy', 'backup_policy',
|
|
'incident_response_policy', 'change_management_policy',
|
|
'patch_management_policy', 'asset_management_policy',
|
|
'cloud_security_policy', 'devsecops_policy',
|
|
'secrets_management_policy', 'vulnerability_management_policy',
|
|
'employee_dsi', 'applicant_dsi', 'employee_security_policy',
|
|
'remote_work_policy', 'offboarding_policy',
|
|
'vendor_risk_management_policy', 'third_party_security_policy',
|
|
'business_continuity_policy', 'disaster_recovery_policy',
|
|
'ai_usage_policy', 'cybersecurity_policy', 'byod_policy',
|
|
'standard_operating_procedure',
|
|
],
|
|
},
|
|
{
|
|
id: 'fintech',
|
|
label: 'Finanzdienstleister',
|
|
description: 'Finanz- oder Versicherungsbranche, 50-500 MA, reguliert',
|
|
icon: '\u{1F3E6}',
|
|
profile: {
|
|
legalForm: 'GmbH', industry: ['finance'], businessModel: 'b2b',
|
|
companySize: 'medium', employeeCount: '50-249', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: true,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '50-249', org_industry: 'finance', org_business_model: 'b2b',
|
|
data_art9: 'no', data_volume: '100000-1000000', tech_hosting_location: 'eu',
|
|
tech_encryption_transit: 'yes', tech_encryption_rest: 'yes',
|
|
comp_vendor_management: 'yes', comp_training: 'yes',
|
|
comp_documentation_level: 'comprehensive',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'agb', 'cookie_policy', 'cookie_banner',
|
|
'dpa', 'nda', 'sla',
|
|
'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa', 'pflichtenregister',
|
|
'data_protection_concept', 'verpflichtungserklaerung', 'informationspflichten',
|
|
'dsr_process_art15', 'dsr_process_art17', 'dsr_process_art20',
|
|
'data_protection_policy', 'data_classification_policy',
|
|
'data_retention_policy', 'data_transfer_policy', 'privacy_incident_policy',
|
|
'it_security_concept', 'risk_management_concept',
|
|
'information_security_policy', 'access_control_policy', 'encryption_policy',
|
|
'employee_dsi', 'applicant_dsi', 'whistleblower_policy',
|
|
'employee_security_policy', 'security_awareness_policy', 'offboarding_policy',
|
|
'transfer_impact_assessment', 'vendor_risk_management_policy',
|
|
'supplier_security_policy',
|
|
'business_continuity_policy', 'disaster_recovery_policy', 'crisis_management_policy',
|
|
'standard_operating_procedure',
|
|
],
|
|
},
|
|
{
|
|
id: 'platform',
|
|
label: 'Plattform / Marketplace',
|
|
description: 'Online-Plattform mit Nutzern, UGC, Community, 10-50 MA',
|
|
icon: '\u{1F310}',
|
|
profile: {
|
|
legalForm: 'GmbH', industry: ['tech'], businessModel: 'b2b2c',
|
|
companySize: 'small', employeeCount: '10-49', headquartersCountry: 'DE',
|
|
targetMarkets: ['DE', 'EU'], isDataController: true, isDataProcessor: false,
|
|
},
|
|
scopeHints: {
|
|
org_employee_count: '10-49', org_industry: 'tech', org_business_model: 'b2b2c',
|
|
data_volume: '10000-100000', proc_tracking: 'yes',
|
|
prod_ugc_platform: 'yes', prod_consent_management: 'yes',
|
|
tech_hosting_location: 'eu',
|
|
},
|
|
recommendedDocs: [
|
|
'privacy_policy', 'impressum', 'terms_of_use', 'agb',
|
|
'cookie_policy', 'cookie_banner', 'dpa',
|
|
'community_guidelines', 'acceptable_use',
|
|
'media_content_policy', 'copyright_policy', 'data_usage_clause',
|
|
'tom_documentation', 'vvt_register', 'loeschkonzept', 'dsfa',
|
|
'consent_texts', 'social_media_dsi', 'video_conference_dsi',
|
|
'dsr_process_art15', 'dsr_process_art17', 'dsr_process_art20', 'dsr_process_art21',
|
|
'employee_dsi', 'applicant_dsi',
|
|
'ai_usage_policy',
|
|
],
|
|
},
|
|
]
|