diff --git a/Processes/01_Development.md b/Processes/01_Development.md
index d6e0e3a..8dc5774 100644
--- a/Processes/01_Development.md
+++ b/Processes/01_Development.md
@@ -134,6 +134,10 @@ Developers may only rely on the dependencies defined in [Approved Customer Softw
Developers may only rely on the dependencies defined in [IT Equipment & Software](). If new software should be added to this list or a different version is required developers should make a request with their team leader/head of department who forwards this requests if appropriate to the CTO and explain the reasoning for the different dependency needs. The CTO can decide if the dependency will be accepted. Changing the package managers such as `composer.json` or `package.json` is not allowed by anyone else than the CTO. (**R12**)
+## Other related documents
+* [Confidentiality Policy](../Policies%20&%20Guidelines/Confidentiality%20Policy.md)
+* [Organization Activity Policy](../Policies%20&%20Guidelines/Organization%20Activity%20Policy.md)
+* [Tutorials](./Development/Tutorials)
2022-01-01 - Version 1.0
diff --git a/Processes/05_HR.md b/Processes/05_HR.md
index 8b7c732..37c8f99 100644
--- a/Processes/05_HR.md
+++ b/Processes/05_HR.md
@@ -103,7 +103,7 @@ The result of the voting process is logged in the notes of the HR employee and m
The employment contract must be created by the HR department. The basis for the contract is the [Sample Contract](./HR/Hiring/Sample%20Contract.md) maintained by the DHR (**R12**), the job application, the [Employee Search Form](./HR/Hiring/Employee%20Search%20Form.md), conditions negotiated during the interview process. Before sending the contract to the applicant it must get approved by the DHR (**R13**). Additional documents which must be signed and provided by the applicant are the NDA, CLA, privacy policy, criminal record certificate, tax id.
-The following aspects must be considered and checked by the DHR before the contract can be signed by authorized persons in the organization:
+The following aspects (see [Hiring Checklist](./HR/Hiring/Hiring%20Checklist.md)) must be considered and checked by the DHR before the contract can be signed by authorized persons in the organization:
- [x] The applicant in the contract got selected by the selection committee (**R14a**)
- [x] Application contains credentials (**R14b**)
@@ -170,6 +170,10 @@ Every year every employee receives a Company Evaluation Form which they can fill
Every employee is checked automatically every night against sanctions lists in the IT system (**R23**). In case of valid matches the export control officer must get contacted together with the CEO who evaluate the next steps.
+## Other related documents
+
+* [Onboarding Does and Donts](./HR/Hiring/Onboarding/Onboarding%20Does%20and%20Donts.md)
+
2022-01-01 - Version 1.0
diff --git a/Processes/07_Management.md b/Processes/07_Management.md
index f79fbd9..a6e6873 100644
--- a/Processes/07_Management.md
+++ b/Processes/07_Management.md
@@ -38,11 +38,14 @@ The following controlling instruments are implemented.
* [Internal audits](./Quality%20Management/Internal%20Quality%Management%Audit%Form.md)
* [Risk Management](./COSO/Risk%20Management) and Process Risk Control Matrices
* [Whistleblower System](../Policies%20&%20Guidelines/Whistleblower%20System.md)
+* Executive Committee Meeting where all key people exchange information
* [Regular meetings](./Information%20Flow.md) for information exchange
* Checklists as described in the processes
* External audits
- * Tax audits
+ * Tax audits (approx. every 3-5 years)
* Annual accounting audit
+* Monthly financial reporting (e.g. cash, investments, sales, costs, deviations to budget/previous year)
+* Quality control as defined in the quality management process
## Optimization
diff --git a/Processes/08_Quality Management.md b/Processes/08_Quality Management.md
index 0799690..818cb1b 100644
--- a/Processes/08_Quality Management.md
+++ b/Processes/08_Quality Management.md
@@ -16,6 +16,19 @@ Every department needs to be audited once every quarter by an internal auditor w
The results of the internal audits are reviewed by the DQM and appropriate steps are taken by the DQM in case of audit findings.
+## Quality Control
+
+Quality control is performed manually and continuously. Additional quality control tasks besides the quality control activities which are directly implemented in the various processes are:
+
+* Evaluating customer satisfaction through the support
+* Manual software quality checks (ease of use, features, documentation, bug hunting, security checks, ...)
+ * *in addition to the checks and controls defined in the development process*
+* Analyzing bugs and features
+ * open bugs, time until bugs are closed
+ * open feature requests, time until feature requests are resolved
+
+The quality management department can improve some of the *deficiencies* by themselves (i.e. documentation improvements) or create a quality control report for a specific supposed *deficiency* for further investigation in the project tasks. Some of the supposed *deficiencies* may be ruled as intended and will not require a change. This decision is made by the CTO together with the DQM.
+
2022-01-01 - Version 1.0
diff --git a/Processes/09_IT.md.md b/Processes/09_IT.md.md
index 5c14a3c..c5a28cc 100644
--- a/Processes/09_IT.md.md
+++ b/Processes/09_IT.md.md
@@ -9,11 +9,31 @@
## Backups
+Backups are performed according to the Backup & Data Recovery policy. This includes the following 3 backup types for all data stored on the organization IT systems:
+
+* Backup to external data storage: Daily (**R1**)
+* Backup to an external service provider: Daily (**R2**)
+* Manual back (cloning): Quarterly (**R3**)
+
+Both the external data storage backup and the external service provider backup are automatically generated by a software. The backup of these two methods is also validated automatically during the backup process by randomly comparing backup data with live data. (**R4**)
+
## Maintenance
-## Data security
+The IT department has to ensure that the IT systems are running according to their purposes with the necessary stability and robustness. This is done by manually inspecting error reports from the different software solutions running on the IT servers and manually testing the performance of the software and hardware.
+## IT security
+### Permission changes
+
+Permissions for data access must be handled carefully and users should only receive permissions according to their functions and tasks (**R6**). A General permission overview can be found in the Permission List and a guideline how to handle permission change requests is defined in the Change Management policy. This list contains a basic guideline for permission handlings but can be deviated from in special situations.
+
+### Software changes
+
+New software or software updates must be tested by the IT team in a sandbox environment before they can get migrated to the live environment (**R5**). Generally, updates should be installed as soon as reasonably possible to ensure the newest security fixes, bug fixes and newest software features. See Change Management policy for further details.
+
+### Additional guidelines
+
+The IT Security policy defines additional best practices and guidelines how to handle IT security.
2022-01-01 - Version 1.0
diff --git a/Processes/HR/Evaluation Forms/Employee Evaluation Form.md b/Processes/HR/Evaluation Forms/Employee Evaluation Form.md
index 46d2cb9..4fb40b2 100644
--- a/Processes/HR/Evaluation Forms/Employee Evaluation Form.md
+++ b/Processes/HR/Evaluation Forms/Employee Evaluation Form.md
@@ -4,8 +4,8 @@ Name:
| No. | Topic | Very Confident | Fairly Confident | Not Very Confident | Not At All Confident | Notes |
| ---- | ------------------------------------------------------------ | -------------- | ---------------- | ------------------ | -------------------- | ----- |
-| 1 | The employee has a broad and deep knowledge over his work field. | | | | | |
-| 2 | The employee is also considering other people and departments when doing his work. | | | | | |
+| 1 | The employee has a broad and deep knowledge over their work field. | | | | | |
+| 2 | The employee is also considering other people and departments when doing their work. | | | | | |
| 3 | The employee is flexible. | | | | | |
| 4 | The employee is motivated. | | | | | |
| 5 | The employee is good at communicating. | | | | | |
@@ -18,7 +18,12 @@ Name:
| 12 | The employee shows initiative. | | | | | |
| 13 | The employee can work autonomously. | | | | | |
| 14 | The employee is good at negotiating. | | | | | |
-| 15 | The employee is good at leading his subordinate. | | | | | |
+| 15 | The employee is good at leading their subordinates. | | | | | |
+| 16 | The employee is sufficiently qualified for their current job/tasks. | | | | | |
+
+## Other remarks
+
+....
diff --git a/Processes/HR/Evaluation Forms/Self-Evaluation Form.md b/Processes/HR/Evaluation Forms/Self-Evaluation Form.md
index b440f27..42c411f 100644
--- a/Processes/HR/Evaluation Forms/Self-Evaluation Form.md
+++ b/Processes/HR/Evaluation Forms/Self-Evaluation Form.md
@@ -4,22 +4,29 @@ Name:
| No. | Topic | Very Confident | Fairly Confident | Not Very Confident | Not At All Confident | Notes |
| ---- | ----------------------------- | ---------------| ---------------- | ------------------ | -------------------- | ----- |
-| 1 | I possess sufficient resources for me to achieve my tasks. | | | | | |
-| 2 | I have a broad and deep knowledge over my work field. | | | | | |
-| 3 | I am also considering other people and departments when doing my work. | | | | | |
-| 4 | I am flexible. | | | | | |
-| 5 | I am motivated. | | | | | |
-| 6 | I am good at communication. | | | | | |
-| 7 | I share information with my colleagues and supervisors accordingly. | | | | | |
-| 8 | I am a team player. | | | | | |
-| 9 | I have a confident presence in my field of work. | | | | | |
-| 10 | I complete assigned work effectively and on time. | | | | | |
-| 11 | I am fully occupied with my work. | | | | | |
-| 12 | I am resilient. | | | | | |
-| 13 | I show initiative. | | | | | |
-| 14 | I can work autonomously. | | | | | |
-| 15 | I am good at negotiating. | | | | | |
-| 16 | I am good at leading my subordinate. | | | | | |
+| 1 | I have a broad and deep knowledge over my work field. | | | | | |
+| 2 | I am also considering other people and departments when doing my work. | | | | | |
+| 3 | I am flexible. | | | | | |
+| 4 | I am motivated. | | | | | |
+| 5 | I am good at communication. | | | | | |
+| 6 | I share information with my colleagues and supervisors accordingly. | | | | | |
+| 7 | I am a team player. | | | | | |
+| 8 | I have a confident presence in my field of work. | | | | | |
+| 9 | I complete assigned work effectively and on time. | | | | | |
+| 10 | I am fully occupied with my work. | | | | | |
+| 11 | I am resilient. | | | | | |
+| 12 | I show initiative. | | | | | |
+| 13 | I can work autonomously. | | | | | |
+| 14 | I am good at negotiating. | | | | | |
+| 15 | I am good at leading my subordinates. | | | | | |
+| 16 | I am sufficiently qualified for my current job/tasks. | | | | | |
+| *17 | I possess sufficient resources for me to achieve my tasks. | | | | | |
+
+\* Not available in the employee evaluation form, only in this form.
+
+## Other remarks
+
+....
diff --git a/Processes/IT/IT Equipment & Software.md b/Processes/IT/IT Equipment & Software.md
index 9a3afad..612c364 100644
--- a/Processes/IT/IT Equipment & Software.md
+++ b/Processes/IT/IT Equipment & Software.md
@@ -23,7 +23,7 @@
### Single user
-| Position | Office / Adobe PDF / Outlook / Typora / WinRar | Teams / Skype / Team Viewer | Firefox / Edge / Chrome / Opera | Sublime Text / Visual Studio Code / CMake / g++ / composer / npm / git / php / Memcached / Redis | Datev / Crefo / Coface | Adobe Illustrator / Adobe Photoshop | Sanction Monitor |
+| Position | Office / Adobe PDF / Outlook / Typora / WinRar | Teams / Skype / Team Viewer | Firefox / Edge / Chrome / Opera | Sublime Text / Visual Studio Code / Visual Studio / CMake / g++ / composer / npm / git / php / Memcached / Redis | Datev / Crefo / Coface | Adobe Illustrator / Adobe Photoshop | Sanction Monitor |
| ----------------- | ------ | - | ------------------------------- | - | - | - | - |
| Management | x | x | x | x | | | |
| CTO | x | x | x | x | | | |
diff --git a/Processes/Management/Department Minute Template.md b/Processes/Management/Department Minute Template.md
new file mode 100644
index 0000000..e4dd15e
--- /dev/null
+++ b/Processes/Management/Department Minute Template.md
@@ -0,0 +1,61 @@
+# Department Minute: YYYY-MM-DD
+
+## Members
+
+Present: XXX (CEO), XXX ()
+
+Guests: None
+
+Absent: None
+
+Keeper of the minutes: CEO
+
+Moderator: CEO
+
+## Company information
+
+### Financials
+
+* Sales are above previous year and above budget
+* Profit is above previous year and above budget
+
+### HR
+
+* 1 new person started in the XXX department
+* 1 person quit in the XXX department
+
+### Key product information
+
+*
+
+### Other important information
+
+*
+
+## Todos
+
+| Topic | Description | Responsible | Deadline |
+| ----- | ----------- | ----------- | -------- |
+| | | | |
+| | | | |
+| | | | |
+
+## Feedback from department
+
+| Person | Good | Bad | Other |
+| ------ | ---- | ---- | ----- |
+| | | | |
+| | | | |
+| | | | |
+
+## Resource assessment (by moderator)
+
+All members report, that the resources are sufficient to ensure the ongoing of the normal business operations.
+
+## Compliance topics (by department)
+
+None
+
+## Important upcoming events
+
+None
\ No newline at end of file
diff --git a/Processes/Purchase/Key Supplier Evaluation.md b/Processes/Purchase/Key Supplier Evaluation.md
index 2cbe5a0..2bfcbb8 100644
--- a/Processes/Purchase/Key Supplier Evaluation.md
+++ b/Processes/Purchase/Key Supplier Evaluation.md
@@ -8,7 +8,7 @@
| Tecnick | tcpdf | PDF renderer (backend) | 0 EUR | single purchase | low | Fastest php pdf renderer. Alternatives are also available through PHPWord or mpdf. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Mozilla | PDF.js | PDF renderer (frontend) | 0 EUR | single purchase | low | Simple pdf frontend renderer. Alternatives are available but not implemented (e.g. PDFium, PSPDFKit, PDFTron, ...). | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| TeamViewer | TeamViewer | Remote desktop connection | 219.50 EUR per month | subscription | very low | No alternative is as conveniently to use or is as broadly implemented (works on many different OS). It is the most well established remote desktop connection tool for support purposes. Alternatives VNC solutions could work as a fall back in a worst case situation. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
-| Microsoft | github | Source code version control | 0 EUR | subscription | very low | The closest alternative is gitlab. However, github is the most established solution which is simple to use and provides the necessary functionality. It's also possible to host alternative solutions on the company servers in a worst case situation. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
+| Microsoft | github
Visual Studio Express
Visual Studio Code | Source code version control
Programming IDE
Programming Editor | 0 EUR
0 EUR
0 EUR | subscription
single purchase
single purchase | very low | The closest alternative is gitlab. However, github is the most established solution which is simple to use and provides the necessary functionality. It's also possible to host alternative solutions on the company servers in a worst case situation. For Visual Studio many alternatives exist out of which some are already provided (i.e. Visual Studio Code, Sublime) | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| PHP | PHP | Programming language | 0 EUR | single purchase | very high | Alternative solutions exist (e.g. node/javascript or C#) but would require substantial efforts in re-writing the application and it's modules | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| MariaDB | MariaDB | Database | 0 EUR | single purchase | very low | Alternative solutions are already implemented and ready for use. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
| Oracle | MySQL | Database | not purchased | single purchase | very low | Alternative solutions are already implemented and ready for use. | No significant issues. | Dennis Eichhorn | 2022-01-01 |
diff --git a/Project/PROJECT.md b/Project/PROJECT.md
index 963a54e..8ef4ef4 100644
--- a/Project/PROJECT.md
+++ b/Project/PROJECT.md
@@ -20,6 +20,7 @@ Last update of this file: 2022.05.01
##### Application
* Implement table sorting
+* Created alpha version of OCRImageOptimizerApp (cli for image optimization for OCR)
##### Auditor
@@ -28,6 +29,7 @@ Last update of this file: 2022.05.01
##### Framework
* Hard limit JSON requests and urldata to 1MB
+* Add basic kernel support in cOMS
#### Bug fixes