Print this Page
12 Demand
07 Contact Us Application
Close this Page

Contact Us Application
1. Every Bespoke Application Service has a public menu bar that has buttons to popup a common privacy notice and contact us notice.
2. The Contact Us Notice web page includes a form that triggers the Contact Us Application (CUA).   Contact Us Notice complies with the legal obligation (GDPR article 13(1a+1b)) to provide people with data controller contact facilities.   Contact Us Notice complies with the legal obligation (GDPR article 38.4) to provide people with the right to send a messge to the Data Protection Officer.
3. The contact us notice web page is common to all Bespoke Application Services and provides an online message service that conforms with legal obligations that a person must be able to request more information from the DPO and others.
4. Any approved person should sign-in so they are identified and then author a support request.
5. Any person may use the CUA to send a message and where it is from an approved person, then the CUA message is transformed into a normal support message.   It is expected that the majority of CUA messages will be fake and can be ignored.

How is CUA used?
1. The Contact Us form contains many data entry fields and a list select field.   The data entry fields are not mandatory and no error messages are shown.   To prevent injection attacks, most symbols are ignored as if they had not been entered.   Field values may be capitalised, changed to lower case, upper case or only numbers.
2. When the final list select field is changed, the contact us page is displayed with the data entered protected and thank you for the message.
3. The contact us form must be closed and reopened to cause the data entry form to be shown again.   By design, this may minimise bots from triggering many messages.

Replicated Encrypted Data (RED)
1. When the list is selected, the field values are posted to the same page that shows the validated field values in read-only mode.
2. Each field value is encrypted according to its type resulting in a long string of digits.
3. The string of digits is encrypted many more times to create an alternate string of digits that cannot be reversed by pure computing power.
4. The string of digits is zipped and hidden in at least two images that are hidden in different image libraries that cannot be accessed from the Internet.
5. The image file name implies the date and time that the image was written.

Monica
1. Monica periodically reads the image library to detect a new CUA message.
2. Monica will decrypt and display the message.
3. First Level Support may click the message to popup the CUA application that can process the message.
4. When the persons identity is fake, the CUA message can be ignored and so its status is simply changed to "closed" so it will not be shown again.
5. When the persons identity is confirmed, then CUA message will be copied into a Bespoke Application Service support message that can be processed by the Request Fulfilment Management team as normal.
6. When the support message has a simple resolution, the applicable web page can be entered and the support message sent via an email envelope to the "on behalf of" approved person.
7. Closed CUA messages will periodically be destroyed. Support messages are retained for two years and then destroyed.

Private Security
1. CUA information is encrypted to cause it to be unintelligible, meaningless and worthless to a criminal.
It is plausible to state that CUA information is never stored and so CUA information cannot be stolen.
2. CUA encrypted images are replicated to ensure that they cannot be lost.
If an image is corrupted, stolen or lost in one image library, other copies exist in other image libraries.
3. CUA messages are never leaked by email and so they may contain private, confidential and sensitive information.
CUA messages are only displayed using HTTPS end-to-end encrypted communications.

Message To
1. The message author does not need to know the name of the person who is available to handle their request because they can select from a drop down list of roles and responsibilities as:-   All roles are manned 24*7 to expect a response within the hour and an automatic escallation to an officer if a message is not being resolved in an effective way.
  First Level Support (default)
  Request Fulfilment Manager (enquiries)
  Data Protection Officer (privacy)
  Access Control Manager (sign in)
  Personel Director (HR)
.
  Demand Director (capacity management)
  Supplier Director (a large number of secure data centers)
  Operations Director (system software)
  Finance Director (open and transparent accounts)
  Portfolio Director (demonstrable applications)
  Continual Improvement Manager (making dreams come true)
  Business Continuity Manager (replicated with no single point of failure)
  Service Level Manager (as defined by the owner)
  Information Security Manager (as needed to eliminate problems)
  Compliance Manager (international open standards)
  Facilties Manager (data center environmental issues)
  Risk Manager (what can go wrong and what is needed to stop it)
  Development Manager (what does the Owner want)
  Deployment Manager (what the owner said)
  Configuration Manager (making the hardware fit the application)
  Knowledge Manager (artificial intelligence rules)
  Incident Manager (attack containment)
  Problem Manager (attack counter measures)
  Process Audit Manager (review and revise)
3. For advice and guidance about these roles and responsibilities, please lookup the Information Technology Infrastructure Library (ITIL) ISO 20001 International standard.

Document Management Service
1. Title: Contact Us Application (CUA).
2. Reference: 161207.
3. Key Words: privacy, security, legal compliance, contact us, 23*7 receptionist.
4. Description: Public contact us application for online messages to be authored by members of the public.
5. Privacy: Public shared for the benefit of humanity without copyright.
6. Edition: 1.2.
7. Issued: 2 Sep 2017.