📆 Following the demand, we extended our free trial to 30 days! No automated billing/upgrade. You decide!  

General Guidance

Blueprints

Role-Specific Access

In general, blueprints are available to all users.

The following factors decide about the availablity of blueprints to specific tenants:

  • Blueprints need to be enabled on tenant basis (by a tenant admin).
  • Users of the tenant require access to the respective vucavoid feature (e. g. access to controls management if control blueprints should be imported).
  • Every blueprint that should be accessible needs to either be vucavoid-defined (see below) or made specifically accessible for the tenant.
  • Once a blueprint has been imported, the new entity is disconnected from the availability of a blueprint.

Overview & Concept

Compliance management can be a daunting task that is connected to many tedious routine tasks. Especially when beginning to set up compliance management or extending it for new domains, a fresh start is a tough task.

Blueprints are like organization-agnostic templates for specific entity-types in vucavoid. It is important to note, that blueprint and tenant entity types cannot be mixed - they coexist in different worlds.

They are designed to be imported into a vucavoid tenant at any time, providing the tenant's organization with a head start for developing new entities of the specific entity types.

Once a blueprint is imported, into a tenant, it becomes a tenant-specific entity (e. g. a control) - which only exists in the context of the specific tenant. Blueprints that are imported to multiple tenants have no connection to one another.

For user-defined (personal) blueprints, the accessibility of such can be restricted to specific tenants (see below), which does not influence the general rule outlined above. Even if blueprints are defined to only be visible for specific tenants, the imported entities from such a blueprint is only accessible for the importing tenant. The only information remaining is that the entity had been imported from a blueprint, being statistical information that can be viewed by the importing tenant. The author of the blueprint can only see that is has been imported but does not have further details in access.

To put it into other words: Blueprint are shells on a different level, transforming into a tenant-specific entity once imported, loosing its ties to the blueprint.

Relevant entity types

Controls Management

  • Controls
  • Control Ojectives Requirement Management
  • Requirements
  • References Structures
  • Domains
  • Standards
  • Categories
  • Assurances

Types of blueprints

In vucavoid, there are two types of blueprints.

Blueprints can either be defined by vucavoid or by single user accounts.

Author Purpose Visibility
vucavoid General and broad approach to provide a head-start to organizations, especially small and medium sized entities (SMEs), in building up or extending their compliance management. Per default visible for all tenants.
user As set by the author (user), major use cases are either set for Can be individually shared by the author and are private per default. Visibility can be controlled by two factors:

1. Author needs to publish them (in draft per default).
2. Tenants needs to be specifically selected to have access.

Note, this can also lead to travelling blueprints between all specifically selected tenants but does never lead to tenant-specific entities (imported blueprints) travel between tenants.

Note: Visibility of blueprints is subject to tenant-specific blueprint settings (if blueprints are not allowed, neither vucavoid- nor user-defined blueprints can be accessed from that tenant).

Activation of blueprints per tenant

Before blueprints can be used by any user within a tenant, the tenant admin needs to activate them in Tenant Settings.

To do so, a tenant admin needs to visit Tenant Settings of the specific tenant (be mindful if part of multiple tenants). On this page, the admin can activate blueprints on the level of available blueprint entity types.

Even though the activation of specific blueprint entity types does not influence others, it is recommended to activate blueprint entity types following a potential import logic.

Example:When activating blueprint controls but not blueprint control objectives, this might lead to an inconsistent import basis since most blueprint contols have pre-defined links to blueprint control objectives. The same inconsistency might be given when importing blueprint sets (see box below).

vucavoid blueprints: To use blueprints, the functionality needs to be activated in the tenant settings first.
vucavoid blueprints: To use blueprints, the functionality needs to be activated in the tenant settings first.

Every activation of a specific blueprint entity type has to be confirmed via a modal request - the same appplies to deactivation.

vucavoid blueprints: The deactivation of blueprints needs to be confirmed in a modal request - same applies to the activation of blueprints.
vucavoid blueprints: The deactivation of blueprints needs to be confirmed in a modal request - same applies to the activation of blueprints.

Please note: Even if an user has access to blueprints in a different tenant, the user cannot access blueprints in a tenant that did not activate blueprints for use.

Import of blueprints

Regardless of type of blueprints (vucavoid- or user-defined), once a blueprint is available to a tenant, it can be imported to the tenant.

Blueprints can be imported from the tenant's overview for the entity type that an user wants to import a blueprint for.

Example: An user wants to import a blueprint control to become an actual control in the user's tenant, the user finds the option to do so in the overview of the tenant's controls.

vucavoid blueprints: To import a new blueprint, the tenant's overview of the respective entity type holds a button to call all available blueprint entities for the active tenant.
vucavoid blueprints: To import a new blueprint, the tenant's overview of the respective entity type holds a button to call all available blueprint entities for the active tenant.

Once the user clicked the button, a slide-over will open showing a list of all (to the tenant) available blueprints of the respective entity type.

vucavoid blueprints: Overview of all available blueprints for a specific entity type (in the demo case: Controls).
vucavoid blueprints: Overview of all available blueprints for a specific entity type (in the demo case: Controls).

To simplify the user experience, the view for blueprints is kept the same across blueprint entity types.

Columns

Per default, there are six columns displayed in the overview of importable blueprints.

  1. Type of blueprint: Cog symbol (⚙️) represents a vucavoid-defined blueprint. A user symbol (👤) represents an user-defined blueprint. Hovering the symbol reveals more information on its origin.
  2. Status: In the import view, only published blueprints are shown. When defining personal blueprints, drafts are also shown.
  3. Title: Title of the blueprint.
  4. Affected structures: Bullet list of all affected domains, categories, standards and assurances.
  5. Import history: Cloud symbol (☁️) tells the blueprint has not yet been imported to this tenant. A cloud symbol with a downwrds arrow (☁️⬇️) represents
  6. Expansion: Clicking the chevron symbol expands further informtion on the blueprint entity of the specific row.

Please note: Even if collapsed, users can still search all collapsed content for better navigation.

vucavoid blueprints: A click on the chevron symbol at the end of each row reveals further informaton on the blueprint entity.
vucavoid blueprints: A click on the chevron symbol at the end of each row reveals further informaton on the blueprint entity.

To proceed with the import, users can select one, multiple or all blueprint entities that are available to the active tenant. To select all blueprint entities at once, the user can either click the checkbox left to the first column above the table or use the select all button on the top right of the table.

Please note, that clicking the checkbox on the top left of the table only selects the visible blueprints entities - with visibility depending on the pagination option for the respective table.

Once all blueprint entities, supposed to be imported, are selected, the user can click "Next" on the right side below the table to proceed.

Import of dependencies

During the import, the user will be asked to either

  • confirm the import of all data releated to the blueprint entity or
  • overwrite the dependencies with tenant-specific data.

The decision on this is primarily depending on the tenant's need for the specific blueprint.

Once confirmed, the blueprints will be imported to the tenant.

Please note:

  • Some entities will not become productive if specific information is not amended to it
  • If relevant to the operational compliance management of the tenant, imported entities will not be in an active status. Controls will be imported in draft mode to be subject to further review before being activated.
Image

Sets: SOC-2 or ISO out-of-the-box

Sets are an attribute for blueprints to show affiliation with other blueprint entities. Sets can be applied across all blueprint entity types, creating associated chains of blueprint entities.

For personal (user-defined) blueprints, the only sets available are the ones as defined by the user. Sets cannot be explicitly shared across different users.

Example
A law, a standard or a specific contract needs to be fulfilled by an organization. To plan for compliance, an organization would start with understanding the requirements, mapping it to its existing compliance management setup and plan accordingly for an implementation of controls.

  1. With blueprint sets, an user can create a blueprint requirement, link the specific reference to it (e. g. a law) and consequently create relevant blueprint control objectives with blueprint controls attached to it.
  2. To go further, the user could even link this to matching blueprints of domains, standards, categories and even assurances.
  3. With blueprint assurances, users could even create a full ISO 27001 or SOC-2 set, ready for import to a tenant.

Now, this example can be expanded further by having multiple tenants that need to comply with the requirements. By sharing blueprints as a set across different tenants, multiple organizations (tenants) can easily use a** head-start to achieve compliance**.

Major uses cases for the usage of blueprint sets:

  • As a consultant preparing a set (or multiple sets) of blueprints can provide every client with a kickstart to the implementation of specific compliance requirements.
  • With a group of companies (concern), the group office for infosec (or other domains) could easily roll-out the same set of requirements and/or controls to different tenants within the group.

Personal (user-defined) blueprints

Next to the vucavoid-defined blueprints, which users and tenants cannot influence, users can define their own blueprints for all available blueprint entity types. These blueprints are of type "personal blueprints" (or user-defined blueprints). Users can define and manage these regardless if any tenant they belong to has blueprints enabled for import or not.

To access personal blueprints, users can use their user dropdown menu by clicking its avatar and then select "Personal blueprints".

By using the tab naviagtion on top, users can switch between the different blueprint entity types.

Regardless of the activated tab, users can create new blueprint entities by using the green button for a new blueprint in the top right of the screen.

vucavoid blueprints: Overview over personal blueprints (empty demo data in screenshot).
vucavoid blueprints: Overview over personal blueprints (empty demo data in screenshot).

Blueprint entites can be linked to other blueprint entities (e. g. a blueprint control can be linked to a blueprint control objective) but never to active tenant data.

A newly created blueprint entity will not be published but created in draft mode. This cannot be changed to protect unwanted publications of unfinished blueprints (or even sets).

Once created, users can publish a single blueprint or select multiple blueprints to publish them at once. If multiple blueprints are selected, the status of each selected blueprint will be inverted, meaning blueprints in draft status will be published and published blueprints will be put back in draft mode.

Further, even published (user-defined) blueprints need to be be specifically made available to tenants for import. The authoring user can only select tenants that the user is active part of (regardless of role assignments in the tenants).

Users can also define blueprint sets (associated blueprints). To manage user-defined sets, the user can click the "Sets" button at the top right above the blueprints overview. One or multiple sets can be assigned to each blueprint entity. Defining sets can facilitate the provision of blueprints across tenants (e. g. based on specific topics like ISO 27001 related blueprints).

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.