Jingga/Organization-Guide
1
0
Fork 0
mirror of https://github.com/Karaka-Management/Organization-Guide.git synced 2026-01-11 04:48:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Dennis Eichhorn 2022-07-20 23:45:53 +02:00
parent abc787c696
commit 5a05e37605
18 changed files with 339 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Policies & Guidelines/Sales/Pricing Policy.md
View File

@ -33,9 +33,9 @@ Hourly rates must get invoiced in 15 minute increments.
| Competency requirement | Maintenance Contract | No Maintenance Contract |
| ---------------------- | -------------------- | ----------------------- |
| 1st level | 80 EUR/h* | 100 EUR/h |
| 2nd level | 120 EUR/h | 150 EUR/h |
| 3rd level | 200 EUR/h | 250 EUR/h |
| 1st level | 80 EUR/h* | 200 EUR/h |
| 2nd level | 120 EUR/h | 250 EUR/h |
| 3rd level | 200 EUR/h | 300 EUR/h |
> \* Free hours from the maintenance contract can be used if the customer has a maintenance contract available.
@ -44,7 +44,7 @@ Hourly rates must get invoiced in 15 minute increments.
| Available hours | Maintenance Contract | No Maintenance Contract |
| ----------------------- | -------------------- | ----------------------- |
| Free hours available | 0 EUR/h | N.A. |
| No free hours available | 80 EUR/h | 100 EUR/h |
| No free hours available | 80 EUR/h | 250 EUR/h |
> N.A. = Not available.
@ -52,6 +52,6 @@ Hourly rates must get invoiced in 15 minute increments.
| Type | Maintenance Contract | No Maintenance Contract |
| ------------------------------------- | -------------------- | ----------------------- |
| Theme design | 80 EUR/h | 100 EUR/h |
| Application development/customization | 120 EUR/h | 150 EUR/h |
| Module customization | 120 EUR/h | 150 EUR/h |
| Theme design | 80 EUR/h | 200 EUR/h |
| Application development/customization | 120 EUR/h | 250 EUR/h |
| Module customization | 120 EUR/h | 250 EUR/h |

14
Processes/02_Purchase_Flowchart.md
View File

@ -2,19 +2,19 @@
```mermaid
graph TD;
INQUIRY([Inquiry by employee])-->OFFER[Offer from supplier];
INQUIRY([Employee: Inquiry])-->OFFER[Supplier: Creates offer];
OFFER-->APPROVAL[[Approval]];
APPROVAL-->APPROVED{Is approved?};
APPROVED-- Yes -->ORDER[Order by purchase department];
ORDER-->INVOICE[Invoice from supplier];
APPROVED-- Yes -->ORDER[Order from Supplier];
ORDER-->INVOICE[Supplier: Creates invoice];
INVOICE-->CHECK_INVOICE{Is valid?};
CHECK_INVOICE--Yes-->FORWARD_TO_ACCOUNTING[Forward to accounting];
CHECK_INVOICE--No-->FORWARD_TO_RESPONSIBLE[Forward to head of purchase and responsible head of];
FORWARD_TO_RESPONSIBLE-->CHECK_INVOICE_2{Is valid?};
CHECK_INVOICE--No-->FORWARD_TO_RESPONSIBLE[Forward to HOP and responsible HOD];
FORWARD_TO_RESPONSIBLE-->CHECK_INVOICE_2{HOP/HOD: Is valid?};
CHECK_INVOICE_2--Yes-->FORWARD_TO_ACCOUNTING;
CHECK_INVOICE_2--No-->CLARIFY[Clarify with supplier];
FORWARD_TO_ACCOUNTING-->BOOKING[Booking invoice];
BOOKING-->PAYING([Pay invoice]);
FORWARD_TO_ACCOUNTING-->BOOKING[Accounting: Booking invoice];
BOOKING-->PAYING([Accounting: Pay invoice]);
```
## Approval Flowchart

70
Processes/04_Support & Service.md
View File

@ -1,43 +1,93 @@
# Support & Service
Support or any other software related services are only allowed if the customer has signed the [Customer Data Protection Policy]() and the [Customer Service Agreement](). This ensures that customer data access is legally and contractually covered. The customer Customer Service Agreement regulates the responsibilities and liabilities.
Support or any other software related services are only allowed if the customer has signed the [Customer Data Protection Policy](./Sales/Customer%20Data%20Protection%20Policy.md) (**R1**) and the [Customer Service Agreement](./Sales/Customer%20Service%20Agreement.md) (**R2**). This ensures that customer data access is legally and contractually covered. The customer Customer Service Agreement regulates the responsibilities and liabilities.
| Key Objective | Target | Achieved |
| --------------------------- | ------ | -------- |
| Great customer satisfaction | >= 4.0 | YES |
In general, only people authorized by the customer are allowed to make any support or service requests. Authorized persons are defined in the Customer Service Agreement and can only be adjusted by the respective persons int the Customer Service Agreement. (**R3**)
## Data migration
The customer and the support employee need to define the exact goals, data structure and migration strategy before it can be executed. These definitions must be put on the offer for the customer including a cost evaluation based on the time needed to perform the data migration and the complexity of the data migration.
The customer and the support employee need to define the exact goals, data structure and migration strategy before it can be executed. These definitions must be put on the offer for the customer including a cost evaluation based on the time needed to perform the data migration and the complexity of the data migration. The cost, time and complexity estimation must only be done/approved by a senior employee (employee with more than 3 years of experience in the Support & Service department), team leader in the Support & Service department or HOCS. (**R4a**) (**R4b**)
Only after the binding approval by the customer the order confirmation will be created (see sales process) and then the data migration can be performed.
Only after the binding approval in writing of the offer by the customer the order confirmation will be created (see sales process) and then the data migration can be performed. (**R5**)
## Setup & configuration
The software environment setup can be done by either the customer themselves or by an employee in the Support & Service department. The employee in the Support & Service department must be a senior employee in this department, team leader or the HOCS. (**R6**)
In case the customer requests a custom installation (not virtualized) or a custom configured virtualized environment the support & service employee must only do this together with the responsible person for IT on the customer side (e.g. Head of IT). (**R7**)
Under no circumstances is the employee allowed to alter any permissions, change software or hardware settings on the servers of the customer or provide IT support/consultation which is unrelated to the setup of the software environment or third party software and not approved in the [Approved Customer Software]() (**R8**). Only the CTO is allowed to approve new customer software after testing, the testing is documented with the [Third Party Software Testing Form](). (**R9**).
### Environment
The software envi
The easiest way is to provide the customer with the default virtualized environment image and the configuration details. Default images are available for VirtualBox, VMWare and Hyper-V. The recommended configuration options can be found in the [System Requirements](https://github.com/Karaka-Management/User-Guide/blob/develop/setup/install.md#server-recommendations). (**R10**)
### Software installation and configuration on virtual environment
The customer is required to provide the necessary permissions to install and prepare the environment or perform these tasks under the guidance of the support & service employee.
### Main application
**No data (incl. passwords) from the customer must be stored by the support & service employee.** (**R11**)
### Modules
### Software installation and configuration
Only the following software components can be installed and configured by the support & service employee:
* PHP incl. the required and recommended extensions
* Webserver (nginx or apache2)
* Databases (Postgresql, MariaDB, SQLSrv, Sqlite)
* Cache (Redis or Memcached)
* Third party software which is required by the core application or official modules
The software to be installed must be ordered by the customer, the support & service employee cannot install software which the customer didn't request previously.
> By default all offers for setup & configuration include PHP, Apache2 and MariaDB.
If the customer requests additional software to be installed and/or configured this is only possible for software related to the application and if the effort to install the software is reasonable compared to the previously accepted offer from the customer. In such a case the customer (must be a authorized person from the customer) can send a simple email requesting the additional software setup & configuration. (**R5**) Example:
> Dear Sir or Madam,
>
> I herewith request the additional setup and configuration of the software XXX during the installation and configuration.
>
> Best regards,
>
> YYY
### Main application & modules
During the application installation the support & service employee has to perform the tasks defined in the [Application Install Checklist](./Support/Application%20Install%20Checklist.md). (**R12**)
## Customization
The customer and the support employee need to define the exact goals before it can be implemented. These definitions must be put on the offer for the customer including a cost evaluation based on the time needed to perform the customization and the complexity of the customization. The cost, time and complexity estimation must only be done/approved by a senior employee (employee with more than 3 years of experience in the Support & Service department), team leader in the Support & Service department or HOCS. (**R4a**) (**R4b**)
Only after the binding approval in writing of the offer by the customer the order confirmation will be created (see sales process) and then the customization can be performed. (**R5**)
## Training
### Customer administrator / Key-User
The training depends on the needs of the trainee. The following training programs exist:
### End-User
* Customer administrator / Key-User
* End-User
* Third party developer
### Third party developer
The different training programs put focus on different aspects of the application. The general training program defined by the CTO can be found in the [Training Manuals](./Support/). (**R13**)
## Maintenance
Customer maintenance is performed once a year per customer with a maintenance contract. The Support & Service department schedules the maintenance with the customer. The maintenance tasks to be performed are defined by the CTO in the [Maintenance Checklist](./Support/Maintenance%20Checklist.md). (**R14**)
The customer receives a copy of the maintenance report after it is completed from the support & service employee.
Customers without a maintenance contract can also schedule a maintenance but have to pay higher fees according to the prices are defined in the [Pricing Polity]()
## Support
All customer support requests must be documented as customer tickets in the IT system. Customer requests are reviewed and categorized according to their content and priority. This task is performed by senior employees in the Support & Service department, team leaders in this department or the HOCS. (**R15**)
Every closed support ticked gets followed up with a automatic email which asks the customer to rate his satisfaction with the support. (**R16**)
2022-01-01 - Version 1.0

24
Processes/04_Support & Service_Flowchart.md
View File

@ -2,15 +2,21 @@
```mermaid
graph TD;
REQUEST([Cusotmer request])-->CHECK_REQUEST{Support: Check request}
CHECK_REQUEST--Customization, Training, ...?-->DEFINE_SERVICE[Service: Define service with customer]
DEFINE_SERVICE-->OFFER[Sales: Offer]
OFFER-->ORDER[Customer: Order]
ORDER-->ORDER_COFIRMATION[Sales: Order confirmation]
ORDER_COFIRMATION-->PROVIDE_SERVICE[Service: Provide service]
PROVIDE_SERVICE-->INVOICE[Sales: Create invoice]
CHECK_REQUEST--Support?-->TICKET_ASSIGN[Support: Assign ticket]
TICKET_ASSIGN-->PROVIDE_SUPPORT[Support: Provide support]
REQUEST([Customer request])-->IS_AUTHORIZED{Support: Is authorized?}
IS_AUTHORIZED--Yes-->CHECK_REQUEST{Support: Categorize};
IS_AUTHORIZED--No-->DECLINE[Support: Decline request]
CHECK_REQUEST--Is customization, training, data migration, ...?-->DEFINE_SERVICE[Service: Define service with customer];
DEFINE_SERVICE-->OFFER[Sales: Offer];
OFFER-->ORDER[Customer: Order];
ORDER-->ORDER_COFIRMATION[Sales: Order confirmation];
ORDER_COFIRMATION-->PROVIDE_SERVICE[Service: Provide service];
PROVIDE_SERVICE-->INVOICE[Sales: Create invoice];
INVOICE-->ACCOUNTING[[Accounting]];
CHECK_REQUEST--Support?-->TICKET_ASSIGN[Support: Assign ticket];
TICKET_ASSIGN-->PROVIDE_SUPPORT[Support: Provide support];
PROVIDE_SUPPORT-->CHECK_INVOICING{Has free support minutes?};
CHECK_INVOICING--Yes-->NO_INVOICING([No Invoicing]);
CHECK_INVOICING--No-->INVOICE;
```
2022-01-01 - Version 1.0

23
Processes/04_Support & Service_Risk Control Matrix.md
View File

@ -1,8 +1,24 @@
# Support & Service Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY |
| ---- | ---- | -------- | ---------- | ---- | ---- | ---- | ----- | --------------- | ------------------- | ---- | ---- | ------- | -------- | ---- | ---- |
| 1 | | | | | | | | | | | | | | | |
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY |
| ---- | ---- | ------------------------------------ | ------------------------------------------------------------ | ---- | ---- | ---------------- | ----- | ------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- |
| 1 | CTO | Operational Risk (Support & Service) | No legal basis for accessing customer data during customer support & service. | 1 | 1 | Daily | | Preventing (Manual) | Every customer must sign the Customer Data Protection Policy before they can receive support & service | 1 | 1 | | | yes | yes |
| 2 | CTO | Operational Risk (Support & Service) | No legal protection regarding liabilities and responsibilities during customer support & service. | 1 | 1 | Daily | | Preventing (Manual) | Every customer must sign the Customer Service Agreement before they can receive support & service | 1 | 1 | | | yes | yes |
| 3 | CTO | Operational Risk (Support & Service) | Unauthorized people make support & service requests. | 1 | 1 | Many times a day | | Preventing (Manual) | Only authorized are allowed to do support & service requests | 1 | 1 | | | yes | yes |
| 4a | CTO | Operational Risk (Support & Service) | Not well defined goals and tasks resulting in miscommunication, high costs and unmet expectations. | 1 | 1 | Many times a day | | Preventing (Manual) | Define goals, tasks, specifications and costs in writing in an offer. | 1 | 1 | | | yes | yes |
| 4b | CTO | Operational Risk (Support & Service) | The goals, tasks, specifications and costs are estimated with significant deviations. | 1 | 1 | Many times a day | | Preventing (Manual) | Only personnel with sufficient experience is allowed to make these estimations | 1 | 1 | | | yes | yes |
| 5 | CTO | Operational Risk (Support & Service) | The customer disputes the provided service. | 1 | 1 | Many times a day | | Preventing (Manual) | The customer must approve the offer in writing. | 1 | 1 | | | yes | yes |
| 6 | CTO | Operational Risk (Support & Service) | Environment setup & configuration by inexperienced employees | 1 | 1 | Daily | | Preventing (Manual) | Only employees with sufficient experience are allowed to perform the environment setup & configuration. | 1 | 1 | | | yes | yes |
| 7 | CTO | Operational Risk (Support & Service) | The customer disputes the provided service. | 1 | 1 | Many times a day | | Preventing (Manual) | Software setup & configuration is only allowed together with the customer. | 1 | 1 | | | yes | yes |
| 8 | CTO | Operational Risk (Support & Service) | Installation of unapproved software on the customer server causing issues. | 1 | 1 | Many times a day | | Preventing (Manual) | Only approved software is allowed to get installed on the customer servers | 1 | 1 | | | yes | yes |
| 9 | CTO | Operational Risk (Support & Service) | Bad, risky or faulty software gets approved for the installation at customers. | 1 | 1 | Quarterly | | Preventing (Manual) | Only the CTO is allowed to approve software to be installed on customer hardware after testing. | 1 | 1 | | | yes | yes |
| 10 | CTO | Operational Risk (Support & Service) | Insufficient hardware resources for the application | 1 | 1 | Daily | | Preventing (Manual) | Tested system requirements are provided for the customers. | 1 | 1 | | | yes | yes |
| 11 | CTO | Operational Risk (Support & Service) | Leaking customer data incl. server login names and passwords. | 1 | 1 | Daily | | Preventing (Manual) | No customer data incl. server login names or passwords are stored on the organization side. | 1 | 1 | | | yes | yes |
| 12 | CTO | Operational Risk (Support & Service) | Not all necessary steps are executed during the application setup or faulty. | 1 | 1 | Daily | | Preventing (Manual) | A Application Install Checklist is provided which has to be used during the install process. | 1 | 1 | | | yes | yes |
| 13 | CTO | Operational Risk (Support & Service) | The trainings don't cover important aspects. | 1 | 1 | Daily | | Preventing (Manual) | Trainings must be held according to the Training Manuals defined by the CTO. | 1 | 1 | | | yes | yes |
| 14 | CTO | Operational Risk (Support & Service) | The maintenance doesn't cover important aspects. | 1 | 1 | Daily | | Preventing (Manual) | Maintenance must be performed according to the Maintenance Checklist defined by the CTO. | 1 | 1 | | | yes | yes |
| 15 | HOCS | Operational Risk (Support & Service) | Support requests from customers are handled by people who don't have the necessary skills or experiences. | 1 | 1 | | | Preventing (Manual) | Support requests are assigned according to experiences and skillsets by team leaders, senior employees or the HOCS. | 1 | 1 | | | yes | yes |
| 16 | CTO | Operational Risk (Support & Service) | The provided support is not satisfactory for the customers. | 1 | 1 | | | Revealing (Manual) | Customers have the option to provide feedback after every closed support request. | 1 | 1 | | | yes | yes |
## Abbreviations
@ -23,3 +39,4 @@
2022-01-01 - Version 1.0

66
Processes/05_HR.md
View File

@ -15,7 +15,7 @@
#### Identify & Approval
Before searching for a new employee the current HR situation must be evaluated and the need for a hiring must be identified. The identification can happen during the budgeting process, regular department meetings, executive meetings or even during the ongoing business operations. The search must be approved by the head of HR, an executive staff member who is legally allowed to hire employees or the CEO (**R1**). Generally, employees may only get hired in case of (**R2**):
Before searching for a new employee the current HR situation must be evaluated and the need for a hiring must be identified. The identification can happen during the budgeting process, regular department meetings, executive meetings or even during the ongoing business operations. The search must be approved by the head of HR, an executive staff member who is legally allowed to hire employees or the CEO (**R1**). Generally, employees may only get hired in case of:
* Replacement
* Budgeted new position
@ -25,29 +25,29 @@ The approval for the employee search must be in writing and can be done the IT s
#### Employment ad
Every employment ad must be posted on the own website, internally through the Intranet, on the black board in the company location(s) and the agency for labor (Agentur für Arbeit) (**R3**). Additionally, employment ads may be placed on online job portals. The job portals can be chosen by the HR department, important criteria are the size of the job portal and the target group who visits these job portals. The contact address for applicants is the HR department.
Every employment ad must be posted on the own website, internally through the Intranet, on the black board in the company location(s) and the agency for labor (Agentur für Arbeit) (**R2**). Additionally, employment ads may be placed on online job portals. The job portals can be chosen by the HR department, important criteria are the size of the job portal and the target group who visits these job portals. The contact address for applicants is the HR department.
The standard PDF layout for job postings can be found in the Job [Posting Layout_**.docx](./HR/Hiring/Posting%20Layout_en.docx) file. Different language files are available. (**R4**)
The standard PDF layout maintained by the DHR for job postings can be found in the Job [Posting Layout_**.docx](./HR/Hiring/Posting%20Layout_en.docx) file. Different language files are available (**R3**). Every job has a pre-defined [job description](./HR/Job%20Descriptions) by the DHR which must be used as a basis for the job posting. Manual adjustments are allowed. (**R4**)
#### Head hunter & HR search agency
The search with a search agency should be none exclusive and paid based on success. Searching with a head hunter should be the last option or primarily get used for the search of head of departments or managers (**R5**). The search with a head hunter can be exclusive. As a basis for their search they must receive the job posting which is also published internally, additional information such as the preferred salary (not max salary) should be provided as well.. The contact for the head hunter and the search agency is the HR department.
The search with a search agency should be none exclusive and paid based on success. Searching with a head hunter should be the last option or primarily get used for the search of head of departments or managers. The search with a head hunter can be exclusive. As a basis for their search they must receive the job posting which is also published internally, additional information such as the preferred salary (not max salary) should be provided as well.. The contact for the head hunter and the search agency is the HR department.
### Application
All applications must be reviewed by the HR department. The HR department may immediately exclude applications in case of salary requests above the maximum acceptable salary and applications of applicants which obviously don't match the job description (**R6**). Some deviations between the applicants haves and the job posting haves are acceptable (**R7**).
All applications must be reviewed by the HR department. The HR department may immediately exclude applications in case of salary requests above the maximum acceptable salary and applications of applicants which obviously don't match the job description (**R5**). Some deviations between the applicants haves and the job posting haves are acceptable (**R6**).
The applications must get anonymized (name, address, nationality, gender, image, etc.) by the HR department, possible salary figures must also get removed. The anonymized application is forwarded by the HR department to the responsible person for review (e.g. head of department, executive member, CEO, ...). (**R8**)
The applications must get anonymized (name, address, nationality, gender, image, etc.) by the HR department, possible salary figures must also get removed. The anonymized application is forwarded by the HR department to the responsible person for review (e.g. head of department, executive member, CEO, ...). (**R7**)
#### Rejection
In case of a application rejection the HR department should give a timely response to the applicant. The rejection text must be the [Default Rejection](./HR/Hiring/Default%20Rejection.md) text. (**R9**)
In case of a application rejection the HR department should give a timely response to the applicant. The rejection text must be the [Default Rejection](./HR/Hiring/Default%20Rejection.md) text. (**R8**)
#### Interviews
Candidates selected by the responsible person (often the head of the department or executive staff member who initiated the hiring process) for interviews must be returned to the HR department with a remark "*to be interviewed*" or similar. Candidates who are deemed to be unfit must be returned to the HR department with a remark "*to be rejected*" or similar. No copies of the application must remain in the position of the responsible person (emails must be deleted).
Candidates selected by the responsible person (often the head of the department or executive staff member who initiated the hiring process) for interviews must be returned to the HR department with a remark "*to be interviewed*" or similar. Candidates who are deemed to be unfit must be returned to the HR department with a remark "*to be rejected*" or similar. No copies of the application must remain in the position of the responsible person (emails must be deleted). In general, a fast application review, following a timely response by the HR department for the applicant (rejection or interview appointment).
The HR department handles the applications according the remark by the responsible person. The HR department checks in the sanctions software the accepted applicant against sanctions and If an applicant is sanctioned in a way which doesn't allow or doesn't make an employment feasible the applicant must be rejected by the HR department. (**R10**).
The HR department handles the applications according the remark by the responsible person. The HR department checks in the sanctions software the accepted applicant against sanctions and If an applicant is sanctioned in a way which doesn't allow or doesn't make an employment feasible the applicant must be rejected by the HR department. (**R9**).
The HR department must take notes during the interview process and also make sure that all necessary aspects for a potential contract are clarified (e.g. salary, vacation, job description, work conditions, ...). These notes must be forwarded to the person creating the contract.
@ -75,7 +75,7 @@ Final decision if no majority vote can be found during the application selection
#### Reference check
The HR department has to check the references of an applicant latest before the third interview. This includes checking some previous employment references if applicable. Certificates and educational credentials must only be checked if they seem illegitimate. (**R11**)
The HR department has to check the references of an applicant latest before the third interview. This includes checking some previous employment references if applicable. Certificates and educational credentials must only be checked if they seem illegitimate. (**R10**)
#### Applicant selection
@ -95,35 +95,35 @@ It is advised to compare multiple applicants with each other to find the best fi
##### Voting
The final decision if an applicant should get hired after meeting the above mentioned requirements is the responsibility of the selection committee. The selection committee makes this decision based on a majority vote where every member of the selection committee has equal voting rights (**R12**). Sometimes additional participants can be present during interview processes, they have no voting rights. If different HR employees partake in the interview processes only one HR employee has voting rights (usually the HR employee with the highest position).
The final decision if an applicant should get hired after meeting the above mentioned requirements is the responsibility of the selection committee. The selection committee makes this decision based on a majority vote where every member of the selection committee has equal voting rights (**R11**). Sometimes additional participants can be present during interview processes, they have no voting rights. If different HR employees partake in the interview processes only one HR employee has voting rights (usually the HR employee with the highest position).
The result of the voting process is logged in the notes of the HR employee and must be signed by all members of the selection committee. (**R13**)
The result of the voting process is logged in the notes of the HR employee and must be signed by all members of the selection committee.
### Contract
The employment contract must be created by the HR department. The basis for the contract is the [Sample Contract](./HR/Hiring/Sample%20Contract.md) (**R14**), the job application, the [Employee Search Form](./HR/Hiring/Employee%20Search%20Form.md), conditions negotiated during the interview process. Before sending the contract to the applicant it must get approved by the head of HR (**R15**). Additional documents which must be signed and provided by the applicant are the NDA, CLA, privacy policy, criminal record certificate, tax id.
The employment contract must be created by the HR department. The basis for the contract is the [Sample Contract](./HR/Hiring/Sample%20Contract.md) maintained by the DHR (**R12**), the job application, the [Employee Search Form](./HR/Hiring/Employee%20Search%20Form.md), conditions negotiated during the interview process. Before sending the contract to the applicant it must get approved by the DHR (**R13**). Additional documents which must be signed and provided by the applicant are the NDA, CLA, privacy policy, criminal record certificate, tax id.
The following aspects must be considered and checked by the head of HR before the contract can be signed by authorized persons in the organization (**R16**).
The following aspects must be considered and checked by the DHR before the contract can be signed by authorized persons in the organization:
- [x] The applicant in the contract got selected by the selection committee (**R16a**)
- [x] Application contains credentials (**R16b**)
- [x] Credentials are verified (**R16c**)
- [x] The applicant in the contract got selected by the selection committee (**R14a**)
- [x] Application contains credentials (**R14b**)
- [x] Credentials are successfully verified (random selection) (**R14c**)
- [x] Contract is signed by applicant
- [x] The signed contract is the approved version (unaltered) (**R16d**)
- [x] NDA is signed (**R16e**)
- [x] CLA is signed (**R16f**)
- [x] Privicy policy is signed (**R16g**)
- [x] Criminal record certificate (**R16h**) and no sanctions which prevent hiring (**R16i**)
- [x] Applicant tax id is available (**R16j**)
- [x] Work permit is available (if necessary) (**R16k**)
- [x] The signed contract is the approved version (unaltered) (**R14d**)
- [x] Unaltered NDA is signed (**R14e**)
- [x] Unaltered CLA is signed (**R14f**)
- [x] Unaltered privicy policy is signed (**R14g**)
- [x] Criminal record certificate is negative (**R14h**) and no sanctions which prevent hiring (**R14i**)
- [x] Applicant tax id is available (**R14j**)
- [x] Work permit is available (if necessary) (**R14k**)
The employment contract must only get signed by an authorized persons in the organization (e.g. CEO, executive staff member, authorized officers). (**R17**)
The employment contract must only get signed by an authorized persons in the organization (e.g. CEO, executive staff member, authorized officers). The HR department only hands the contract over for signing to these authorized people. (**R15**)
### Training plan
The training plan must be finalized before the employee starts their employment. The head of the department where the employee will start is responsible for creating the training plan. The basis for the training plan is the [Sample Training Plan](./HR/Onboarding/Sample%20Training%20Plan.md) and the department specific tasks. (**R18**)
The training plan must be finalized before the employee starts their employment. The head of the department where the employee will start is responsible for creating the training plan. The basis for the training plan is the [Sample Training Plan](./HR/Onboarding/Sample%20Training%20Plan.md) and the department specific tasks maintained by the DHR. (**R16**)
This training plan must get signed by the employee after completion in order to document the successful training. (**R19**)
This training plan must get signed by the employee after completion in order to document the successful training. (**R17**)
### Employee file
@ -144,29 +144,31 @@ Documents from the hiring process attached in the employee file are:
* Hiring Checklist
* Signed training plan
The HR department must ensure, that these documents are available.
## Payroll
## Evaluation
### Employee evaluation
The employee evaluations goal is to allow a supervisor to provide a formalized performance and qualification review to the employee. This evaluation must take place annually ideally during October 1st to October 31st between the supervisor and the employee (**R20**). Every supervisor must perform these employee evaluations based on the Employee Evaluation Form which needs to be signed by the supervisor after its discussion with the employee (**R21**).
The employee evaluations goal is to allow a supervisor to provide a formalized performance and qualification review to the employee. This evaluation must take place annually ideally during October 1st to October 31st between the supervisor and the employee (**R18**). Every supervisor must perform these employee evaluations based on the Employee Evaluation Form which needs to be signed by the supervisor after its discussion with the employee.
The signed evaluation form must get handed over by the supervisor to the HR department who ensure that the employee also receives a copy. The HR department also must keep track of all completed employee evaluations and remind supervisors to to finish their employee evaluations if they are not completed in time. (**R22**)
The signed evaluation form must get handed over by the supervisor to the HR department who ensure that the employee also receives a copy (**R19**). The HR department also must keep track of all completed employee evaluations and remind supervisors to to finish their employee evaluations if they are not completed in time. (**R20**)
### Self-Evaluation
Every employee must fill out the Self-Evaluation Form which the employee must sign and hand over to the supervisor during the employee evaluation. The purpose of the self-evaluation is to match the employees performance and qualification perception against the performance and qualification perceived by the supervisor (**R23**). Deviations between the self-evaluation and the evaluation by the supervisor must be discussed during the employee evaluation.
Every employee must fill out the Self-Evaluation Form which the employee must sign and hand over to the supervisor during the employee evaluation. The purpose of the self-evaluation is to match the employees performance and qualification perception against the performance and qualification perceived by the supervisor (**R21**). Deviations between the self-evaluation and the evaluation by the supervisor must be discussed during the employee evaluation.
The self-evaluation must be handed over by the supervisor to the HR department after the employee evaluation.
### Company evaluation
Every year every employee receives a Company Evaluation Form which they can fill out and anonymously submit to the HR department (**R24**). These forms are evaluated and analyzed by the HR department to find improvements for the company. (**R25**)
Every year every employee receives a Company Evaluation Form which they can fill out and anonymously submit to the HR department. These forms are evaluated and analyzed by the HR department to find improvements for the company. The results are shared and discussed in the executive committee meeting. (**R22**)
### Regularly employee checks
Every employee is checked automatically every night against sanctions lists in the IT system (**R26**)
Every employee is checked automatically every night against sanctions lists in the IT system (**R23**). In case of valid matches the export control officer must get contacted together with the CEO who evaluate the next steps.

12
Processes/05_HR_Flowchart.md
View File

@ -9,20 +9,20 @@ graph TD;
APPROVAL_SEARCH--YES-->SEARCH[HR: Search];
SEARCH-->CHECK_APPLICATION{HR: Application fits?};
CHECK_APPLICATION--YES-->SKIP_FIRST{Is manager?};
SKIP_FIRST--YES-->INTERVIEW_1[Team: First interview];
SKIP_FIRST--YES-->INTERVIEW_1[Committee: First interview];
SKIP_FIRST--NO-->INTERVIEW_2;
CHECK_APPLICATION--NO-->REJECT[HR: Reject application];
INTERVIEW_1-->CHECK_INTERVIEW_1{Team: Interview was good?};
CHECK_INTERVIEW_1--YES-->INTERVIEW_2[Team: Second interview];
INTERVIEW_1-->CHECK_INTERVIEW_1{Committee: Interview was good?};
CHECK_INTERVIEW_1--YES-->INTERVIEW_2[Committee: Second interview];
CHECK_INTERVIEW_1--NO-->REJECT;
INTERVIEW_2-->CHECK_INTERVIEW_2{Team: Interview was good?};
CHECK_INTERVIEW_2--YES-->CHECK_REFERENCES{HR: Valid references?};
CHECK_REFERENCES--YES-->INTERVIEW_3[Team: Third interview];
CHECK_REFERENCES--YES-->INTERVIEW_3[Committee: Third interview];
CHECK_REFERENCES--NO-->REJECT;
CHECK_INTERVIEW_2--NO-->REJECT;
INTERVIEW_3-->CHECK_INTERVIEW_3{Team: Interview was good?};
INTERVIEW_3-->CHECK_INTERVIEW_3{Committee: Interview was good?};
CHECK_INTERVIEW_3--NO-->REJECT;
CHECK_INTERVIEW_3--YES-->VOTE{Team: Vote hiring?}
CHECK_INTERVIEW_3--YES-->VOTE{Committee: Vote hiring?}
VOTE--YES-->SIGN_CONTRACT[HR: Sign contract];
VOTE--NO-->REJECT
SIGN_CONTRACT-->TRAIN([Department: Train employee])

63
Processes/05_HR_Risk Control Matrix.md
View File

@ -1,33 +1,40 @@
# HR Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY |
| ---- | ---- | -------- | ---------- | ---- | ---- | ---- | ----- | --------------- | ------------------- | ---- | ---- | ------- | -------- | ---- | ---- |
| 1 | | | | | | | | | | | | | | | |
| 2 | | | | | | | | | | | | | | | |
| 3 | | | | | | | | | | | | | | | |
| 4 | | | | | | | | | | | | | | | |
| 5 | | | | | | | | | | | | | | | |
| 6 | | | | | | | | | | | | | | | |
| 7 | | | | | | | | | | | | | | | |
| 8 | | | | | | | | | | | | | | | |
| 9 | | | | | | | | | | | | | | | |
| 10 | | | | | | | | | | | | | | | |
| 11 | | | | | | | | | | | | | | | |
| 12 | | | | | | | | | | | | | | | |
| 13 | | | | | | | | | | | | | | | |
| 14 | | | | | | | | | | | | | | | |
| 15 | | | | | | | | | | | | | | | |
| 16 | | | | | | | | | | | | | | | |
| 17 | | | | | | | | | | | | | | | |
| 18 | | | | | | | | | | | | | | | |
| 19 | | | | | | | | | | | | | | | |
| 20 | | | | | | | | | | | | | | | |
| 21 | | | | | | | | | | | | | | | |
| 22 | | | | | | | | | | | | | | | |
| 23 | | | | | | | | | | | | | | | |
| 24 | | | | | | | | | | | | | | | |
| 25 | | | | | | | | | | | | | | | |
| 26 | | | | | | | | | | | | | | | |
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY |
| ---- | ---- | --------------------- | ------------------------------------------------------------ | ---- | ---- | ---- | ----- | --------------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- |
| 1 | DHR | Operational Risk (HR) | Unauthorized search for new employees. | 1 | 1 | | | Preventing (Manual) | Only selected people can authorize the employee search. | 1 | 1 | | | yes | yes |
| 2 | DHR | Operational Risk (HR) | Job postings are not posted according to the legal requirements. | 1 | 1 | | | Preventing (Manual) | Job postings must be posted internally and at the agency for labor. | 1 | 1 | | | yes | yes |
| 3 | DHR | Operational Risk (HR) | The job postings are inconsistent or miss important information. | 1 | 1 | | | Preventing (Manual) | The DHR maintains a standard job posting layout. | 1 | 1 | | | yes | yes |
| 4 | DHR | Operational Risk (HR) | The job postings are inconsistent or miss important information. | 1 | 1 | | | Preventing (Manual) | The DHR maintains a standard job descriptions for the different positions which should be used as a basis. | 1 | 1 | | | yes | yes |
| 5 | DHR | Operational Risk (HR) | Not matching applications are considered for the job posting. | 1 | 1 | | | Preventing (Manual) | The HR department reviews every application and filters obviously mismatching applications. | 1 | 1 | | | yes | yes |
| 6 | DHR | Operational Risk (HR) | Applications of candidates get rejected only because of minor mismatches. | 1 | 1 | | | Preventing (Manual) | Minor mismatches are allowed if the candidate fits the overall position. | 1 | 1 | | | yes | yes |
| 7 | DHR | Operational Risk (HR) | Applications are handled with biases. | 1 | 1 | | | Preventing (Manual) | Applications are anonymized by the HR department. | 1 | 1 | | | yes | yes |
| 8 | DHR | Operational Risk (HR) | Applicants don't receive a feedback leading to bad reviews. | 1 | 1 | | | Preventing (Manual) | The HR department has to reject mismatching applications in a timely manner using a default rejection text. | 1 | 1 | | | yes | yes |
| 9 | DHR | Operational Risk (HR) | Applicants are sanctioned. | 1 | 1 | | | Revealing (System + Manual) | Applicants are checked by the HR department in a software for sanctions. | 1 | 1 | | | yes | yes |
| 10 | DHR | Operational Risk (HR) | References of applicants are invalid. | 1 | 1 | | | Revealing (Manual) | The HR department performs random checks of references. | 1 | 1 | | | yes | yes |
| 11 | DHR | Operational Risk (HR) | Applicants are chosen despite majority differences in the selection committee. | 1 | 1 | | | Preventing (Manual) | All selection committee members have equal voting rights. | 1 | 1 | | | yes | yes |
| 12 | DHR | Operational Risk (HR) | Missing critical contractual aspects. | 1 | 1 | | | Preventing (Manual) | The HR department has to use a sample contract which contains all important contractual standard aspects. | 1 | 1 | | | yes | yes |
| 13 | DHR | Operational Risk (HR) | The applicant receives an unapproved contract. | 1 | 1 | | | Preventing (Manual) | The DHR must approve a contract before it can be sent to the applicant. | 1 | 1 | | | yes | yes |
| 14a | DHR | Operational Risk (HR) | An applicant gets employed who didn't get selected by the majority of the selection committee. | 1 | 1 | | | Preventing (Manual) | The DHR checks if the applicant got selected through a majority vote by the selection committee. | 1 | 1 | | | yes | yes |
| 14b | DHR | Operational Risk (HR) | The applicant didn't submit any credentials for aspects mentioned in their CV. | 1 | 1 | | | Preventing (Manual) | The DHR checks if the applicant submitted the credentials for aspects mentioned in their CV. | 1 | 1 | | | yes | yes |
| 14c | DHR | Operational Risk (HR) | The credentials are invalid. | 1 | 1 | | | Preventing (Manual) | The DHR checks if the credentials were successfully verified (random checks) | 1 | 1 | | | yes | yes |
| 14d | DHR | Operational Risk (HR) | The contract signed by the applicant is unaltered. | 1 | 1 | | | Preventing (Manual) | The DHR checks if the contract is unaltered. | 1 | 1 | | | yes | yes |
| 14e | DHR | Operational Risk (HR) | No or altered NDA is signed. | 1 | 1 | | | Preventing (Manual) | The DHR checks if the unaltered NDA is signed. | 1 | 1 | | | yes | yes |
| 14f | DHR | Operational Risk (HR) | No or altered CLA is signed. | 1 | 1 | | | Preventing (Manual) | The DHR checks if the unaltered CLA is signed. | 1 | 1 | | | yes | yes |
| 14g | DHR | Operational Risk (HR) | No or altered privacy policy is signed. | 1 | 1 | | | Preventing (Manual) | The DHR checks if the unaltered privacy policy is signed. | 1 | 1 | | | yes | yes |
| 14h | DHR | Operational Risk (HR) | Employee has a criminal record which prevent their employement. | 1 | 1 | | | Preventing (Manual) | The DHR checks if criminal record certificate is negative. | 1 | 1 | | | yes | yes |
| 14i | DHR | Operational Risk (HR) | Employee has sanctions which prevent their employment. | 1 | 1 | | | Preventing (Manual) | The DHR checks if sanction check is negative. | 1 | 1 | | | yes | yes |
| 14j | DHR | Operational Risk (HR) | The applicant tax id is missing. | 1 | 1 | | | Preventing (Manual) | The DHR checks if the applicants tax id is available. | 1 | 1 | | | yes | yes |
| 14k | DHR | Operational Risk (HR) | The applicant has no work permit even though it is required for this employee. | 1 | 1 | | | Preventing (Manual) | The DHR checks if the work permit is available. | 1 | 1 | | | yes | yes |
| 15 | DHR | Operational Risk (HR) | The contract for the applicant is signed by unauthorized personnel. | 1 | 1 | | | Preventing (Manual) | The DHR only hands over the contract for signing to authorized personnel. | 1 | 1 | | | yes | yes |
| 16 | DHR | Operational Risk (HR) | Training plans are inconsistent or miss critical components. | 1 | 1 | | | Preventing (Manual) | A sample training plan must be used as a basis. | 1 | 1 | | | yes | yes |
| 17 | DHR | Operational Risk (HR) | The employee is not completely trained. | 1 | 1 | | | Preventing (Manual) | The employee must sign the training plan after completion confirming their training. | 1 | 1 | | | yes | yes |
| 18 | DHR | Operational Risk (HR) | The employee doesn't receive any feedback regarding their performance. | 1 | 1 | | | Preventing (Manual) | Annual employee evaluations take place by supervisors. | 1 | 1 | | | yes | yes |
| 19 | DHR | Operational Risk (HR) | The employee evaluation and performance is not shared with the HR department which leads to problems during salary negotiations. | 1 | 1 | | | Preventing (Manual) | The employee evaluation must be handed over by the supervisor to the HR department who store this evaluation in the employee file. | 1 | 1 | | | yes | yes |
| 20 | DHR | Operational Risk (HR) | The employee evaluation doesn't take place. | 1 | 1 | | | Preventing (Manual) | The HR department checks that all evaluations have taken place and reminds the supervisors. | 1 | 1 | | | yes | yes |
| 21 | DHR | Operational Risk (HR) | The employee evaluation by the supervisor and the employees self-assessment are apart. | 1 | 1 | | | Preventing (Manual) | The employee must provide a self-evaluation before the employee evaluation takes place which allows both sides to reconcile the differences. | 1 | 1 | | | yes | yes |
| 22 | DHR | Operational Risk (HR) | The organization is unattractive for employees. | 1 | 1 | | | Preventing (Manual) | Employees have a annual chance to create a anonymous company evaluation which gets evaluated by the HR department and discussed in the executive committee meeting. | 1 | 1 | | | yes | yes |
| 23 | DHR | Operational Risk (HR) | The employee gets put on sanction lists after joining the company. | 1 | 1 | | | Revealing (System) | All employees are checked automatically every day by a sanction software. | 1 | 1 | | | yes | yes |
## Abbreviations

26
Processes/Acronyms and Abbreviations.md Normal file
View File

@ -0,0 +1,26 @@
# Acronyms and Abbreviations
| Acronym / Abbreviation | Definition |
| ---------------------- | ---------------------------------------------------------- |
| CEO | Chief Executive Officer |
| CFO | Chief Financial Officer |
| CSO | Chief Sales Officer |
| CTO | Chief Technical Officer |
| HOD | Head of Department |
| HOP | Head of Procurement |
| DHR | Director Human Resources |
| DOD | Director of Development |
| DQM | Director of Quality Management |
| HOM | Head of Marketing |
| HOCS | Head of Customer Service |
| TBD | To be defined / To be decided / To be discussed |
| QM | Quality Management |
| QMR | Quality Management Representative |
| A | Actual (often used in combination with financial figures) |
| B | Budget |
| PY | Previous year (sometimes used to define any previous year) |
| FC | Forecast |
| FTE | Full Time Equivalent |
2022-01-01 - Version 1.0

48
Processes/Organigram.md
View File

@ -4,25 +4,73 @@
flowchart TD;
subgraph CTO
DEVELOPMENT[Development\nCTO *E];
DEVELOPMENT---TEAM_LEADER[Team Leader];
TEAM_LEADER---SENIOR_DEVELOPER[Senior Developer &\nCode Reviewer];
TEAM_LEADER---DEVELOPER[Developer];
SUPPORT_SERVICE[Support & Service\nHOCS];
SUPPORT_SERVICE---TEAM_LEADER_SUPPORT[Team Leader];
TEAM_LEADER_SUPPORT---SENIOR_SUPPORT[Senior Support Staff];
TEAM_LEADER_SUPPORT---SUPPORT[Cuystomer Support];
IT[IT\nHead of IT];
IT---IT_DEVOPS[DEVOPS];
IT---IT_CLERK[IT Clerk];
end
MANAGEMENT[Management\nCEO *E]---CTO;
subgraph CFO
FINANCE[Finance\nCFO *E];
FINANCE---CHIEF_ACCOUNTANT[Chief Accountant];
FINANCE---ACCOUNTS_RECEIVABLES[Accounts Receivables];
FINANCE---ACCOUNTS_PAYABLE[Accounts Payables];
HR[HR\nDHR *E];
HR---PAYROLL[Payroll]
HR---HR_CLERK[HR Clerks];
PURCHASE[Purchase\nHOP];
PURCHASE---PURCHASE_CLERK[Purchase Clerk];
end
MANAGEMENT---CFO;
subgraph CSO
SALES[Sales\nCSO *E];
SALES---SALES_REP[Sales Reps];
SALES---SALES_BACKOFFICE[Sales Backoffice];
MARKETING[Marketing\nHOM];
MARKETING---MARKETING_CLERK[Marketing Clerk]
end
MANAGEMENT---CSO;
MANAGEMENT---QM[Quality Management\nDQM *E];
QM---QM_CLERK[QM Clerk];
```
\*E: Executive Committee Member
## Key Functions
| Title | Name(s) |
| ----------------------------- | ------- |
| CEO | |
| DQM | |
| CTO | |
| HOCS | |
| Head of IT | |
| CFO | |
| DHR | |
| HOP | |
| CSO | |
| HOM | |
| Export Control Officer | |
| Fleet Manager | |
| QMR | |
| Emergency Responder | |
| Work Safety Officer | |
| Safety Officer | |
| Data Protection Officer | |
| Company Physician | |
| Waste Management Officer | |
| Fire Prevention Officer | |
| Equal Opportunities Officer | |
| Ladder Officer | |
| Officer for Severely Disabled | |
2022-01-01 - Version 1.0

26
Processes/Purchase/Key Supplier Evaluation.md
View File

@ -1,16 +1,26 @@
# Key Supplier Evaluation
| Name | Products & Services | Description | Annual amount | Type | Dependency risk | Alternative evaluation | Quality evaluation | Last evaluated by | Last evaluated |
| ---------- | ----------------------------------------- | --------------------------- | ------------- | --------------- | --------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | ----------------- | -------------- |
| Oracle | VirtualBox | Machine virtualization | 0 EUR | single purchase | very low | Alternative solutions such as VMWare or KVM don't provide any significant benefits for the general use case. Customers can still choose a different solution regardless. | No significant issues | Dennis Eichhorn | 2022-01-01 |
| PHPOffice | PhpSpereadsheet, PHPWord, PHPPresentation | Office software | 0 EUR | single purchase | medium | No alternative supplier could be found which combines all three products and same functionality. Solutions which cover a single aspect are available but more inconvenient to use. | No significant issues but the performance (e.g. memory usage) limits the use cases and requires parallelizing certain tasks. | Dennis Eichhorn | 2022-01-01 |
| mPDF | mPDF | PDF renderer | 0 EUR | single purchase | low | Alternative solutions don't provide the same level of html/css rendering capabilities. Alternatives are also available through PHPWord or tcpdf. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Tecnick | tcpdf | PDF renderer | 0 EUR | single purchase | low | Fastest php pdf renderer. Alternatives are also available through PHPWord or mpdf. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| TeamViewer | TeamViewer | Remote desktop connection | | subscription | very low | No alternative is as conveniently to use or is as broadly implemented (works on many different OS). It is the most well established remote desktop connection tool for support purposes. Alternatives VNC solutions could work as a fall back in a worst case situation. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Microsoft | github | Source code version control | 0 EUR | subscription | very low | The closest alternative is gitlab. However, github is the most established solution which is simple to use and provides the necessary functionality. It's also possible to host alternative solutions on the company servers in a worst case situation. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Name | Products & Services | Description | Annual amount | Type | Dependency risk | Alternative evaluation | Quality evaluation | Last evaluated by | Last evaluated |
| --------------------------------------- | ----------------------------------------- | --------------------------- | -------------------- | --------------- | --------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | ----------------- | -------------- |
| Oracle | VirtualBox | Machine virtualization | 0 EUR | single purchase | very low | Alternative solutions such as VMWare, Hyper-V or KVM don't provide any significant benefits for the general use case. Customers can still choose a different solution regardless. | No significant issues | Dennis Eichhorn | 2022-01-01 |
| PHPOffice | PhpSpereadsheet, PHPWord, PHPPresentation | Office software | 0 EUR | single purchase | medium | No alternative supplier could be found which combines all three products and same functionality. Solutions which cover a single aspect are available but more inconvenient to use. | No significant issues but the performance (e.g. memory usage) limits the use cases and requires parallelizing certain tasks. | Dennis Eichhorn | 2022-01-01 |
| mPDF | mPDF | PDF renderer | 0 EUR | single purchase | low | Alternative solutions don't provide the same level of html/css rendering capabilities. Alternatives are also available through PHPWord or tcpdf. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Tecnick | tcpdf | PDF renderer | 0 EUR | single purchase | low | Fastest php pdf renderer. Alternatives are also available through PHPWord or mpdf. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| TeamViewer | TeamViewer | Remote desktop connection | 219.50 EUR per month | subscription | very low | No alternative is as conveniently to use or is as broadly implemented (works on many different OS). It is the most well established remote desktop connection tool for support purposes. Alternatives VNC solutions could work as a fall back in a worst case situation. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Microsoft | github | Source code version control | 0 EUR | subscription | very low | The closest alternative is gitlab. However, github is the most established solution which is simple to use and provides the necessary functionality. It's also possible to host alternative solutions on the company servers in a worst case situation. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| PHP | PHP | Programming language | 0 EUR | single purchase | very high | Alternative solutions exist (e.g. node/javascript or C#) but would require substantial efforts in re-writing the applicatio and it's modules | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| MariaDB | MariaDB | Database | 0 EUR | single purchase | very low | Alternative solutions are already implemented and ready for use. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Oracle | MySQL | Database | not purchased | single purchase | very low | Alternative solutions are already implemented and ready for use. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| The PostgreSQL Global Development Group | Postgresql | Database | 0 EUR | single purchase | very low | Alternative solutions are already implemented and ready for use. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Microsoft | SQLSrv | Database | 0 EUR | single purchase | very low | Alternative solutions are already implemented and ready for use. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| SQLite | SQLite | Database | 0 EUR | single purchase | very low | Alternative solutions are already implemented and ready for use. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Memcached | Memcached | Memory cache | 0 EUR | single purchase | very low | A alternative solution is already implemented and ready for use. This software is also not necessary and *only* provides improved performance. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Redis Ltd. | Redis | Memory cache | 0 EUR | single purchase | very low | A alternative solution is already implemented and ready for use. This software is also not necessary and *only* provides improved performance. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
> Single purchase can also mean one time download for software without any dependency on other services.
Consider to update the [Approved Customer Software](../Support/Approved%20Customer%20Software.md) when changing this table.
2021-01-01 - Version 1.0

12
Processes/Sales/Customer Service Agreement.md
View File

@ -0,0 +1,12 @@
## Authorization Table
| Name / Category | Authorization | Customization | Software & Data | Support |
| ------------------------ | ------------- | ------------- | --------------- | ------- |
| Name1 Name2 (CEO) | x | x | x | x |
| Name1 Name2 (Head of IT) | x | x | x | x |
| Name1 Name2 (Key User) | | | | x |

21
Processes/Support/Application Install Checklist.md Normal file
View File

@ -0,0 +1,21 @@
# Application Install Checklist
- [x] Installation of the application
- [x] Basic application configuration
- [x] Domains/Sub-Domains & routing behavior in the application
- [x] Server localization
- [x] Admin user
- [x] Setup update job (if requested & possible)
- [x] Setup monitoring & logging job
- [x] Organization units (up to 10 units)
- [x] Organization departments (up to 50 departments)
- [x] Organization positions (up to 250 positions)
- [x] Basic group & permission setup (up to 10 groups)
- [x] Installation & configuration of purchased modules
- [x] Hide unused modules (e.g. calendar module in navigation)
- [x] Test basic functionality
2022-01-01 - Version 1.0

30
Processes/Support/Approved Customer Software.md Normal file
View File

@ -0,0 +1,30 @@
# Approved Customer Software
| Software | Description | Version | Approval Date |
| ------------------------------------------------------------ | ----------------------------------- | ------------------------------------------------- | ------------- |
| Main application, resources in the Resource repository, the Build Repository and all official Karaka developed modules | Application | Latest / master branch | 2022-01-01 |
| Developer tools/package manager (npm & composer) and all tools defined in the respective package manager configuration | Package manager + tools | Based on configuration files in the master branch | 2022-01-01 |
| VirtualBox | Machine virtualization | | 2022-01-01 |
| VMWare | Machine virtualization | | 2022-01-01 |
| Hyper-V | Machine virtualization | | 2022-01-01 |
| PhpSpereadsheet, PHPWord, PHPPresentation | Office software | | 2022-01-01 |
| mPDF | PDF renderer | | 2022-01-01 |
| tcpdf | PDF renderer | | 2022-01-01 |
| TeamViewer | Remote desktop connection | | 2022-01-01 |
| Tesseract-OCR | OCR | | 2022-01-01 |
| Memcached | Memory cache | | 2022-01-01 |
| Redis | Memory cache | | 2022-01-01 |
| PHP | Programming language | >=8.1.0 | 2022-01-01 |
| PHP extensions: php-dev php-cli php-common php-mysql php-pgsql php-xdebug php-opcache php-pdo php-sqlite php-mbstring php-curl php-imap php-bcmath php-zip php-dom php-xml php-phar php-gd php-pear | Extensions for programming language | >=8.1.0 | 2022-01-01 |
| C++ | Programming language | | 2022-01-01 |
| MariaDB | Database | | 2022-01-01 |
| Postgresql | Database | | 2022-01-01 |
| SQLSrv | Database | | 2022-01-01 |
| SQLite | Database | | 2022-01-01 |
Consider to update the [Key Supplier Evaluation](../Purchase/Key%20Supplier%20Evaluation.md) when changing this table.
2022-01-01 - Version 1.0

0
Processes/Support/Third Party Software Testing Form.md Normal file
View File

0
Processes/Support/Training Manual Admin and Key-User.md Normal file
View File

0
Processes/Support/Training Manual Developer.md Normal file
View File

0
Processes/Support/Training Manual End-User.md Normal file
View File