Architecture & Design
Infopulse Standards Compliance Manager is designed to automate and simplify the activities associated with corporate governance, compliance, and risk management. As a cutting-edge solution based on client-server architecture (availability for Windows and Linux), it is developed using the latest industry practices for product development with the modern tech stack in its core (Angular 8, Java 11). The modular characteristic of SCM allows us to flexibly customize the system to your needs while ensuring “one system vision”.
Together with the traditional project management model, continuous integration approach and improved code testability, we combine agile methodology to ensure an efficient and qualitative development and implementation.
Our team consists not only of dedicated developers but also of security engineers on-staff. Each year we conduct third-party security audits:
- Penetration testing;
- Security audit according to the OWASP Software Assurance Maturity Model (SAMM) v1.5 framework.
Developing a modern GRC solution, we set top priority for product security. Our software engineers use SSDLC (Secure Software Development Lifecycle) methodology and practices in the development process to make the product secure. We also stringently follow the main requirements of the following standards and techniques: ISO 15408, BSIMM9, ISO 27002, ISF SoGP, ISF Security HealthCheck, OWASP Risk Rating Methodology, Microsoft STRIDE/DREAD.
The second aim, after quality and security, is to develop a convenient and user-friendly solution. Our UX and UI engineers for interaction and visual design conduct the heuristic evaluation after Jakob Nielsen to assess the usability of the product after any changes have been implemented.
System Architecture
Platform
Application is implemented as a Java EE application compatible with Servlet container 3.1 specifications. By default, it is delivered with the Tomcat application server.
Configuration
Application configuration is made in property files.
Persistence
Data persistence is addressed using a relational database and JPA Object Relational Mapping layer (Eclipse Link).
Internationalization
All string resources are externalized to assure smooth localization. By default, the solution is delivered with the support of German and English languages.
Logging
Logging is implemented based on the Logback framework. The solution supports several levels of logging.
Performance
The system is responsive under much data – requirements, controls, threats and the connections between them.
Scalability
The application is stateless in order to easily support horizontal scalability.
REST API
REST API is used for data interchange between client and server as well as for the integration with different systems (ServiceNow, SAP, etc.)
Security
Security is based on the JWT (JSON Web Token) flow. HTTPS certificates can be issued and then setup on the level of servlet container (Tomcat) so that traffic between client and server parts of the solution is properly secured.
Hardware and system requirements
The following system requirements are recommended to guarantee Standards Compliance Manager proper operation:
- CPU: Core i5;
- HDD: at least 64 GB of free hard disk space (SSD recommended);
- RAM: at least 16 GB;
- Operating system: Linux, Windows 10, Windows Server;
- Java OpenJDK 14;
- Database support: Oracle, Microsoft SQL, and MySQL;
Request more information about our solution and find out how our solution can address your specific security issue.
Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.