| | Bespoke Application Service | | |
|---|
| 1. Bespoke Application Service: (BAS) | | 1. By definition, the scope of the Bespoke Application Service is continually evolving at the same rate as the market and business requirements. | | 2. Bespoke Application Service is not a static package as one-size-fits-all and is not a downloadable application program with vulnerabilities that need patching. | | 3. Bespoke Application Service is provided based on the Owners Business Requirement Specification that includes: | | (1) Data Specification: Objects and Fields. | | (2) Functional Specification: Functions and Pages. | | (3) Procedural Specification: Policies and Procedures. |
| 1.1. Parties: | | 1. The Owner and Data Controller (DC) of their own Bespoke Application Service (BAS) has title to the intellectual property that is their Business Requirement Specification (BRS) and has a legal obligation to document what data is processed and what procedures are used. | | 2. The application Service Provider (ASP) as the Data Processor (DP) transform the Business Requirement Specification (BRS) into business rules as knowledge that is taught to the Artificial Intelligent Assistant (Eliza) that provides the Bespoke Application Service (BAS). |
| 2. Data Specification: | | 1. Data objects are natural collections of fields that were known as records. Data objects are continually evolving as extra fields are added and existing field change their purpose. | | 2. Third Normal Form: is the way that the designed data structure can be proven to be viable and stable. Every field in an object must be totally dependent on the object key and no other value. Ted Cod authored this rule in 1969 and it has been proven to be complete and correct in all circumstances. | | 3. BAS has a purpose to collect evidence and that dictates that data must never be lost by deletion or overtyping. It would be unacceptable to permit a new supplier name to overtype the old supplier name so the old supplier name is lost - this is a data loss. | | 4. The loss of data is a data breach that must be reported to the Information Commissioners Office. The company that permitted a data loss can expect to be fined until they put procedures in place to prevent such a data loss. | | 5. The data object list shown below is just a summary of the actual business data processed by the continually evolving scope of BAS. |
| 2.1. Data Object List: | | 1. Customer: CRM data begins with customer and prospect, name and address data where every customer a primary named contact person. | | 2. Customer Contact Name: A customer may have many contact people for different purposes. | | 3. Customer Letter of Authority: Over time, a customer may have many Letter of Authority documents. | | 4. Customer Terms of Business: Over time, a customer may have many Terms of Business documents. | | 5. Customer Task: Over time, a customer may have many scheduled tasks for quotation follow up, emails and documents. | | 6. Customer Site: A customer may have many physical location sites. | | 7. Service: The customer has one or more services as fixed assets such as: Gas, Electricity, Water, Insurance, etc.. Utility services are identified by some kind of meter, vehicle or phone number. Every metered service must has one supply address. | | 8. Service Task: Over time, a service may have many scheduled tasks for initial reading and other purposes. | | 9. Reading: For each service, one or more readings or consumptions or measurements will exist at different times. Utilities have charges based on usage that is metered with readings and consumptions by date. Insurance measures risk of component parts, social care measures skill and time, while freight measures weight of size for a route. Actual consumption by date is what is billed and that may be very different to estimated consumption. | | 10. Contract: For each service, one or more contracts will exist at different times. Contracts have a unique number with a fixed start and end date that may be periodically renewed. Contracts may begin with an estimated consumption, but that is not what is billed - actual readings or measurements are what is billed. By definition, each contract has one service supplier, provider or vendor. | | 11. Contract Task: May be a scheduled billing tasks with an estimated commission that is used for cash flow purposes. Every billing task involving invoices as scheduled by a contract. Financial account receivables and cash flow are stored as contract tasks. | | 12. Supplier: Supplier Relationship Management (SRM) data is a critical ajunct to CRM where broking and finance processes are included. The supplier to the customer may also be known as a service provider or vendor. Care must be taken not to confuse this energy supplier with a supplier to the business such as the office landlord that is paid every month. | | 13. Supplier Task: May be a scheduled follow up tasks such as an email request for consumption or rates or commission. | | 14. Tariff: For each supplier, the supplier will have many different priced services that they offer and are known as tariff data. | | 15. Approved Person: People may be granted the right to access certain CRM and SRM data. Every customer and supplier contact person has the legal right to access, correct, download and delete their own data. The process of managing people may be known as Authentication and Identity and Access Management (IAM) service. | | 16. Person Task: May be a scheduled follow up task such as an email request for information or diary appointment. | | 17. Expense: People need to be able to record their expenses in a private and safe environemt that is shared with the finance team. | | 18. Message: Private, confidential and sensitive information must be communicated in full compliance with Privacy and Electronic Communication Regulations (PECR). The public envelope and private letter method is used with subscription management of encrypted messages so data is not leaked by phone or email. Uploaded documents are recorded as task messages that cannot be lost, deleted or changed in any way. |
| 2.2. Data Formats: | | 1. Business fields exist with three formats that are not quite what they seem. | | 2. Display: format is how a field is presented to an approved person with optional symbols. Display format has meaning to people, but it will restrict processing such as sorting, filtering and calculation. | | 3. Internal: format is how a field is processed by Eliza. Internal format is readable, but greatly simplified as numbers of character strings that are optimised for rapid processing by Eliza. Fields are represented by a glyph and objects are represented by a glyph so processing knowledge will precisely represent data without knowing its readable name. | | 4. Stored: format is a meaningless first-level encrypted format that cannot be reverse engineered without a lot of other encrypted information. Stored format may be fragmented into a set of tokens that collectively represent one field. Some encrypted data will be stored in other data objects and some objects will be merged based on usage and size. Knowledge applies many encryption methods to fields as values are transformed between internal and stored formats using glyph identification. |
| 2.3. Data Protection Impact Analysis: | | 1. It is a legal obligation for the Data Protection Officer (DPO) to manage a Data Protection Impact Assessment (DPIA) to be shared with the Information Commissioners Office (ICO). The DPO is responsible to continually improve the DPIA as a strategic document in light of evolving threats. The Information Security Manager (ISM) is responsible to deploy adequate security measures in accordance with DPIA requirements. The Process Audit Manager (PAM) is responsible to periodically audit the actual security with internal and external penetration tests. | | 2. By fragmenting responsibilities between diferent people, it is expected that a higher quality of security will be achieved. A long term strategic assessment is used to drive the tactial security measures that are deployed. Regular testing of those security measures ensure that strategy and the tactics are fit-for-purpose. | | 3. Article 35 of GDPR states that the creation and maintenance of this DPIA is a legal obligation. The scope of this DPIA is limited to the business data processed by the Bespoke Application Service as provided by the Application Service Provider. The Owner is responsible for their own DPIA, data breach reporting, monitoring and protection of data stored in emails and on local computers. | | Data Protection Impact Assessment... |
| 3. Functional Specification: | | 1. Each data object has at least three different functional navigation paths provided. | | 2. No single point of failure is permitted so if one path is not working as expected, other paths provide business continuity. | | 2. Functional navigation paths are known as: | | (1) Long Page path shows many different functions on one long page. | | (2) Hierarchy path shows each function on a page that is dependent on its parent function. | | (3) All path shows many each function on a page with no regard to the hierarchy. |
| 3.1 Function Type List: | | 1. Each functional navigation paths has at least the following functions as: | | (1) List of objects for selection, sort and filtering. | | (2) Form showing one object set of fields to be changed or added. | | (3) History of all field value changes to an object. | | (4) Archive as list of all objects that have been used in the past. | | (5) Download as list of all objects. | | (6) Report or Document with placeholders for one or more objects. | | 2. It should be noted that no object deletion facility is permitted. | | 3. The list function type is customizable by each approved person to math their unique preferences. | | 4. Once an approved person understands the functions for one data object they will naturally understand the functions for every other object. |
| 3.2. Form Field Controls: | | 1. Fields are displayed in a form to approved people using just two controls to ensure that training of new people is as easy as possible with: | | 2. Text: data entry field. One line or multiple lines. A text field may be changeable or readonly. | | 3. List: select drop down values. One list or multiple lists for date and time. A list may be selectable or readonly. | | 4. Text data entry is subject to in-depth validation to remove malware, HTML codes that could corrupt a web page and symbols that could corrupt communications. Only a few symbols are permitted as a means to eliminate the risk of an injection attack or a defacing attack. | | 5. List selection is safe and secure because only valid permitted values can be selected. Criminal attacks to list controls are eliminated by the use of encrypted tokens. | | 6. Once an approved person understands the controls for one form they will naturally understand the controls for every other form. |
| 4. Procedural Specification: | | 1. BAS has a Purpose and a Mission with many Policies. | | 2. Each Policy has an Objective with many Processes. | | 3. Each Process has a Benefit that comes from many Procedures. | | 4. Each Procedure has an Outcome the contributes to the process Benefit according to its specified objective, purpose and mission. |
| 4.1. Purpose and Mission: | | 1. Purpose is to maximise the productivity of approved people to make those approved people worth more than people without such tools. Where a CRM is operated so it does not increase the productivity and worth of the people using the CRM, then the CRM must be closed down. | | 2. Mission is to manage all business data in an integrated secure database that complies with UK laws. Where a CRM is operated so it does not secure all business data or it does not comply with UK laws, then the CRM must be closed down. | | 3. Each person approved by the Owner and Data Contoller has the right to follow these procedures or use their own procedures. Each company has a duty to train and manage their own staff according to their own methods. These documented procedures offer an insight into how the BAS may be used. | | Strategic Direction... |
| 4.2. Policy List (as Objective): | | 1. It is a CRM policy to fully comply with all UK laws, including all accounting and data protection regulations, and to gather evidence of such compliance. | | 2. It is a CRM policy to not loose any CRM data and to gather applicable evidence. Data cannot be lost by deletion and cannot be lost by overtyping. | | 3. It is a CRM policy to not have any CRM data stolen and to gather applicable evidence. Data represented by encrypted images is meaningless and worthless. | | 4. It is a CRM policy to only permit approved people to access CRM data and to gather evidence of every such access. 24*7 monitoring is a critical part of the legal obligation. | | 5. It is a CRM policy to deploy pseudonymisation and protection-by-design in compliance with GDPR article 28. | | 5. It is a CRM policy to deploy a Social Media Officer to promote the brand that is the Federation of independent companies. | | ..Policy List (ongoing)... |
| 4.3. Process List (with Benefit): | | 1. CRM processes may be identified by department or group such as: sales, broking, finance and personnel. | | 2. Sales process. | | Sales is about managing customer data that is at a prospect state and doing qualification and quantification analysis to determine if the prospect could be cost effective as a customer. When it can be proven that the prospect has a positive cost justification to become a customer, then those benefits can be presented and offered. The benefit result of selling is an agreement between the customer and the broker for a service. It is reasonable and viable to outsource the sales process and all sales procedures. Sales enablement has component parts as: | | 1. Value Proposition: position a differentiated message. | | 2. Enablement: with role-play and education: a complete and correct message. | | 3. Process: align all assets to be ready when the customer is ready. | | 4. Automate: its a numbers game where the more customer communication takes place the luckier a sales person becomes. | | 3. Broking process. | | Broking is bringing together a customer and a supplier with a cost justified proposal that both the customer and supplier can agree to. The benefit result of broking is a contract between the customer and the supplier for a service. Renewal is a process within the broking process - renewals have residual revenue benefits. | | 4. Finance process. | | Finance is an account receivable of invoiced amounts as the result of a contract. Broking is paid for by the customer directly and/or by the customer paying higher fees to the supplier who in turn pays the broker. The result of finance is revenue earned from customers and suppliers. The process benefit is a legal obligation to keep propper financial records. It is reasonable and viable to outsource the finance process and all finance procedures. | | 5. Personnel process. | | Personnel is about managing approved people who may be employees, partners or contractors. with an Identity and Access Management Service (IAM). Approved people may have a role that grants them access to sales, broking, finance and/or personnel data. Approved people have legal obligations to comply with laws and to gather evidence of financial transactions and data protection. A key benefit of CRM is that all legal obligations are integrated into a consistent database of evidence. It is reasonable and viable to outsource the personnel process and all personnel procedures. HR includes talent, recruitment, appraisal, training, qualification, clearance, expense, leave, holiday, sickness and performance management. |
| 4.8. Automated Procedure List: (Outcome) | | Procedure B3: Request Consumption from existing supplier using meter list and LoA with email envelope and encrypted form. | | Procedure B3: Enter Consumption by meter by existing supplier with encrypted form. | | Procedure B4: Request rates from potential suppliers using meter consumption list and LoA with email envelope and encrypted form. | | Procedure B4: Enter rates by meter by potential suppliers with encrypted form. | | Procedure B5: Request acceptance from customer using list of proposals with email envelope and encrypted form. | | Procedure B5: Enter acceptance and rejection of proposed contracts by customer with encrypted form. | | Procedure B6: Send contract start notice to customer with email envelope and encrypted form. | | Procedure B7: Send contract termination notice to current supplier with scheduled email envelope and encrypted form. | | Procedure F2: Send proforma invoice for actual consumption to current supplier with scheduled email envelope and encrypted form. | | Procedure F3: Send sales invoice to current supplier and/or customer with scheduled email envelope and encrypted form. | | Procedure P3: Send access code to supplier making SAR enquiry with email envelope and encrypted form. | | Procedure P3: Send access code to customer making SAR enquiry with email envelope and encrypted form. |
| Document Control. | | 1. Document Title: Bespoke Application Service. | | 2. Description: Bespoke Application Service. | | 3. Keywords: Bespoke Application Service. | | 4. Privacy: Shared with approved people for the benefit of humanity. | | 5. Edition: 1.2. | | 6. Issued: 24 Nov 2017. |
|
|