Overview
Background
Provide high-level context as to who would use this product / functionality and the underserved need that is intended to be addressed.
Objective
Provide additional context and explain how this product fits into UC’s strategic goals and initiatives and why we are building it.
Persona’s
Link to UC’s personas for the user, buyer, influencer. People share information via e-mail, text, chat, phone calls or other applications. Once trust is establishedbetween two people (whether given lackadaisically or with caution) information sharing can begin after exchanging phone numbers, addresses, or profiles. Theoretically, in this one-on-one communication between two people, you know who you are sending data to and they know who they are receiving data from. However, if trust is given too freely without validation, one or both actors may or not be who they say they are.
In a world where data is shared between systems, the systems are the ones doing the sharing, not people.
This trust factor is similar to people where if systems want to talk with each other and share information, they must first trust each other and prove who they say they. As is the case with people, if trust is too easily given, a “bad actor” could cause irreparable damage.
To help protect systems from “bad actors” or mistakes, the trust factor is built into each communication and must contain the following two aspects:
Some form of security handshake
A system-based identifier for “who is who”
Objective
To help fulfill Unified Compliance’s mission statement to be THE authoritative platform for regulatory content, control frameworks, and policy guidance, one of the initiatives is to build products and functionality that extend the usage beyond professional lexicographers and glossarists to include many additional users to allow them to contribute to UC’s content repository.
To facilitate information sharing while ensuring each contributors true identity, we will establish, publicize, share, and use a standardized account structure.
Persona’s
Note: personas are in process of being built. Once in place, the links will be provided to those personas.
UC Mapper (linguist, English major, attention to detail …)
UC Mapper Approver (linguist, subject matter experts, …)
Partner Contributor (expert in their software and processes, not a linguist, busy with other tasks …)
Customer Contributor (institutional organization knowledge, domain expert, not a linguist, likely minimal compliance knowledge …)
Success Metrics
List project goals and the metrics we’ll use to judge success
Goal | Metric |
|---|---|
Establish and document a standardized account schema and publish it in grcschema.org | Review and attain sign-off from the GRC schema governing body |
Establish a set of APIs that utilize the standardized account schema | A UC-written application can interact with the API Gateway to establish trust and then share information |
Build a frontend application that utilizes the standardized account via a set of APIs | Mapper / UCH 2.0 can establish trust and share PlantUML data which updates the federated database and / or Compliance Dictionary can establish trust and share term definitions that update the compliance dictionary database or federated dictionary database (TBD) |
Current Challenges / Limitations
Describe the challenges that users face using the current product, alternative solutions, or performing tasks manuallyThe “who is who” part is normally done in the form of an account structure. The challenge is, within the world of Compliance as Code, and all the various published schemas, there isn’t a standardized account structure.
Benefits
Highlight the main benefits the customer/user will gain by this product
...