top of page
AdobeStock_301701829_edited_edited_edited_edited_edited_edited.jpg

Core Module

Core Module offers service and automation functions used by other business modules.

Process automation and consistency

Main assumptions

The content modules of the BCMLogic Platform, including BCM, use common modules and technical mechanisms. Their common goal is to implement three main assumptions.


Automate repetitive activities and ensure repeatable and complete activities for the same business objects.

Ensuring data consistency not only at the application level, but also, and perhaps above all, at the level of the organization or group of organizations.

Unification of created documents and communication within processes.

 

These mechanisms are mentioned when describing business functions, and below we provide a compact compendium on them.​

Workflow

Workflow defines the full life cycle of a given object/document. As an object, we understand a set of information regarding a single instance specific to a given process - audit, process BIA analysis, risk, emergency procedure, BCM test, incident, document, deviation, change request, etc.

Each type of object can have many different Workflows at its disposal, corresponding to its specificity. For example, a Workflow for a Business Process may be different from an IT Service.

The workflow is built on the basis of status - corresponding to the points in the graphical presentation below. This status corresponds to the status of a business object. Depending on the status, you can control the visibility and ability to edit bookmarks in the application. Workflow transitions, represented by arrows in the graph, indicate actions that can be performed on the current status of the object. On the application side, transitions are presented as context buttons. The permission to perform the transition is controlled based on system roles. Additionally, at each transition you can define the execution of a procedure or command. An example of an application is a script that can perform complex checks on an object's data before changing its status. If the established condition (e.g. each observation must have at least one recommendation) is not met, a message is displayed and the audit status remains unchanged. One or more system events can be defined on the transition - causing the creation and sending of a notification. Another option when defining a transition is the Acceptance Scheme - controlling who and how should accept the status change or express an opinion. Application example - acceptance of the audit result by the superior of the audited entity

Acceptance scheme

Acceptance scheme is an element defining an additional step in the workflow transition, where an entity is required to make and register a decision or express an opinion. The assignment of a given scheme takes place at the edit level of the workflow transition.

 

A separate screen is dedicated to managing diagrams. First of all, acceptance may be one or multi-level, with the condition for moving to a higher level being acceptance at a lower level. Rejecting an acceptance at a lower level will result in the cancellation of all acceptances at a higher level.

 

At the level definition level, acceptance actors are defined. These may be people/groups/roles indicated in the diagram, the audit owner, etc. After submitting the audit for approval, users calculated by the application based on the definition receive a notification. The accepting person can/must enter a comment and accept (then the workflow control moves to the next state) or reject (the control returns to the state indicated in the workflow definition).​

Events and notifications

Notifications in the system work based on the so-called events (EVENT).
An event can be triggered in several ways.

  • Making a transition within the workflow.

  • Detection of changes in data - e.g. automatic change of user status after importing data from the HR system.

  • Meeting the conditions requiring the creation of a notification. For example: for an audit recommendation, there are less than 30 days left until its completion.


The notification handling process regularly checks for new events for which messages have been defined. If so, a notification is sent using the channel specified in the template.

  • Mail – mailbox from which the email notification will be sent. The Automatic Email option allows you to dynamically substitute an email depending on the process assignment within the organizational structure - useful in the multicompany option, where the email should come from the domain of a specific company from the group.

  • Recipients – ability to flexibly define different categories of Actors to be notified. In this case, this will be the person who is identified in the acceptance schema as responsible for acceptance. The indicated categories can be combined.​

Precise authorization system

The permissions system is based on Atomic Permissions, relating to individual screens, options or buttons, and Roles, which on the one hand group individual permissions and, on the other hand, are assigned to users.

Information about the audit is divided into thematic tabs. The permissions system allows you to dynamically assign permissions to view or edit a given tab, depending on a combination of parameters such as user role and audit status.​

Integration with the HR system and authorization management

BCMLogic allows you to independently manage users and their permissions. The recommended solution, one of many that ensures data consistency and security at the organizational level, is integration with systems providing information about users and their authorizations. Integration is carried out using ETL mechanisms or online, directly with the identity and authorization management system.

The system administrator has access to many different user-related information, divided into thematic tabs.

  • Contact details, logins and status

  • Membership in organizational units and task groups

  • Related items – quick preview of objects to which the user has permissions

  • Additional information – non-standard data needed in a given organization

Organizational structure

The BCMLogic platform stores and uses the company's organizational structure and a list of employees - along with their assignment to units and functions. This information can be entered and managed from within the application, but a more common method is to retrieve it from source systems. This is done either through the ETL mechanism or online through communication with AD.

Working based on actual data means correctness and consistency of data at the level of the entire process. Lists of units and employees are used to fill out forms, define notifications and approvals (instead of a specific person, we indicate the actor: Unit Owner), assign recommendations, etc.​

Domain login

The main way to log in to the BCMLogic Platform is the so-called SSO, i.e. access to the application based on previous authorizations obtained when logging the user's computer to the organization's domain. For the user, this means there is no need to remember the login and password. This is very convenient, especially when the user uses the system occasionally - e.g. when he or she receives a notification about an action to be taken as part of the implementation of post-audit recommendations. He then clicks on the link provided in the notification, the application verifies permissions in the background and, if positive, displays the appropriate screen.​

Data dictionaries

The system makes extensive use of data dictionaries. These are:

  • Dictionary of business objects – processes, resources, vulnerabilities, locations, contracts, suppliers, etc.

  • Dictionaries organizing data - all types and categories - e.g. types of resources, audits, organizational units and many others

  • Dictionaries of screen labels and messages - the vast majority of names of screens, columns, buttons and messages can be set by an authorized user from the application level​

bottom of page