Architecture & Design

Infopulse Standards Compliance Manager is designed to automate and simplify the activities associated with corporate governance, compliance, and risk management. As a cutting-edge solution based on client-server architecture (availability for Windows and Linux), it is developed using the latest industry practices for product development with the modern tech stack in its core (Angular 8, Java 11). The modular characteristic of SCM allows us to flexibly customize the system to your needs while ensuring “one system vision”.

Together with the traditional project management model, continuous integration approach and improved code testability, we combine agile methodology to ensure an efficient and qualitative development and implementation.

Our team consists not only of dedicated developers but also of security engineers on-staff. Each year we conduct third-party security audits:

  • Penetration testing;
  • Security audit according to the OWASP Software Assurance Maturity Model (SAMM) v1.5 framework.

Developing a modern GRC solution, we set top priority for product security. Our software engineers use SSDLC (Secure Software Development Lifecycle) methodology and practices in the development process to make the product secure. We also stringently follow the main requirements of the following standards and techniques: ISO 15408, BSIMM9, ISO 27002, ISF SoGP, ISF Security HealthCheck, OWASP Risk Rating Methodology, Microsoft STRIDE/DREAD.

The second aim, after quality and security, is to develop a convenient and user-friendly solution. Our UX and UI engineers for interaction and visual design conduct the heuristic evaluation after Jakob Nielsen to assess the usability of the product after any changes have been implemented.

System Architecture

Infopulse SCM System Architecture
Infopulse SCM System Architecture

Platform

Application is implemented as a Java EE application compatible with Servlet container 3.1 specifications. By default, it is delivered with the Tomcat application server.

Configuration

Application configuration is made in property files.

Persistence

Data persistence is addressed using a relational database and JPA Object Relational Mapping layer (Eclipse Link).

Internationalization

All string resources are externalized to assure smooth localization. By default, the solution is delivered with the support of German and English languages.

Logging

Logging is implemented based on the Logback framework. The solution supports several levels of logging.

Performance

The system is responsive under much data – requirements, controls, threats and the connections between them.

Scalability

The application is stateless in order to easily support horizontal scalability.

REST API

REST API is used for data interchange between client and server as well as for the integration with different systems (ServiceNow, SAP, etc.)

Security

Security is based on the JWT (JSON Web Token) flow. HTTPS certificates can be issued and then setup on the level of servlet container (Tomcat) so that traffic between client and server parts of the solution is properly secured.

Hardware and system requirements

The following system requirements are recommended to guarantee Standards Compliance Manager proper operation:

  • CPU: Core i5;
  • HDD: at least 64 GB of free hard disk space (SSD recommended);
  • RAM: at least 16 GB;
  • Operating system: Linux, Windows 10, Windows Server;
  • Java OpenJDK 14;
  • Database support: Oracle, Microsoft SQL, and MySQL;

Request more information about our solution and find out how our solution can address your specific security issue.

Request a trial

Try

Benefit of free usage of the Infopulse SCM for 3 months to find out how the solution can optimize and streamline your compliance management. Please fill out this form, choose the standards and features you are most interested in. Our consultants will be glad to deliver a personalized webinar for you explaining step by step all the benefits of the SCM adoption.





    Professional

    Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.