Overview

This security guide provides information about security for Requirements Valuation Cockpit (RVC) by CENIT for all kind of users.

About Requirements Valuation Cockpit (RVC) by CENIT

RVC helps to shorten time-to-quote in Request for Information, Proposal or Quote (RFx) processes by providing a central interface for managing and processing customer requirements in order to offer a high-quality solution for the customer in the shortest possible time.

The following diagram shows the solution concept:

rvc architecture solution concept
Illustration 1. RVC solution concept

1. User Administration, Authentication, and Authorizations

For security considerations relating to user administration, authentication, and authorizations in the CENIT apps and services, see User Management in the Administration Guide. When creating and configuring users and roles for working with the CENIT apps and services, you are recommended to do the following:

  • Grant users only the minimum level of authorizations that is necessary.

  • Ensure that the authorizations are removed as soon as they are no longer needed (for example, when an employee leaves the organization).

When using RVC via SaaS application subscriptions, users are authenticated via the configured identity provider in the SAP BTP. The role collection and role-mapping features of SAP BTP are used to configure access. Refer Security on SAP BTP for security information about user administration, authentication and authorization.

2. Session Security Protection

This section contains information about the session security protection of RVC apps and services.

RVC runs on SAP Business Technology Platform (BTP). Security mechanisms to protect apps and services are provided by SAP BTP. Refer Security on SAP BTP.

3. Network and Communication Security

The following general security measures are in place:

  • Connections to the services are only made over encrypted HTTPS channels.

  • All service endpoints are protected by authentication and authorization checks.

We recommend the Cloud Connector to be used to connect the application to an on premises system. For security features of the Cloud Connector, see Security in SAP BTP Connectivity service documentation.

4. Data Storage Security

RVC uses SAP HANA Cloud to store configuration data and to cache properties of the requirements model and the requirements from Requirement Management capability of SAP EPD to enable search and filtering. Access to this persistent storage facility is restricted to the RVC services.

In the capabilities of SAP EPD the following personal data is stored:

  • Email addresses are used to represent and invite the counterpart users of the customer. These email addresses are stored in the created requirements model in Requirement Management capability of SAP EPD and in the created collaboration in Collaboration capability of SAP EPD.

  • Name of the customer company is used to represent and identify the customer company. The customers company name is stored in the created requirements model in Requirement Management capability of SAP EPD and in the name of the created collaboration in Collaboration capability of SAP EPD.

  • Name of the supplier company is used to represent and identify the supplier company. The suppliers company name is stored in the created team in Common Functions capability of SAP EPD, in the requirement in Requirement Management capability of SAP EPD and in the name of the created collaboration in Collaboration capability of SAP EPD.

4.1. Data Storage Security for CENIT COMMON Metering

CENIT COMMON Metering uses SAP HANA Cloud to store company related and personal data to meter the usage of CENIT apps and services by business users of the customer in order to calculate the actual usage. The following data is stored by CENIT in the persistent storage:

  • User ID of the business user using CENIT apps.

  • Tenant ID of the business users tenant on customers SAP BTP.

  • Time stamp of usage.

  • Role of the used CENIT app assigned to the business user.

Except these data CENIT COMMON Metering does not store any personal data in the persistent store.

Access to this persistent storage facility is restricted to the CENIT COMMON Metering services. Access to the CENIT COMMON Metering services is restricted to CENIT.

Glossary

CENIT on premises App

CENIT on premises App refers to applications/software created by CENIT which the licensee installs, operates, runs and uses under its own responsibility in its own environment.

CENIT cloud App

CENIT cloud App refers to applications/software created by CENIT that are provided, operated and executed on a cloud platform such as Amazon Web Service (AWS), Google Cloud Platform (GCP), Mircosoft Azure (MS Azure) or SAP Business Technology Platform (BTP) by CENIT and used by licensees.

CENIT mobile App

CENIT mobile App refers to applications/software created by CENIT that are installed, executed and used by the licensee on mobile operating systems such as iOS or Android on corresponding end devices.

CENIT App

CENIT App refers to CENIT on premises App, CENIT cloud App and CENIT mobile App.

SW Purchase Contract

The SW Purchase Contract is the contract agreed between the licensee and CENIT for the use of a specific CENIT on premises App in perpetuity.

Program certificate for permanent SW

The Program certificate for permanent SW is the document attached to the order confirmation by CENIT for a specific CENIT on premises App, which contains the licenses for this CENIT on premises App ordered in the SW Purchase Contract with the number and license start date.

SW Rental Contract

The SW Rental Contract is the contract agreed between the licensee and CENIT for the use of a specific CENIT App for a period of time.

Program certificate for temporary SW

The Program certificate for temporary SW is the document attached to the order confirmation by CENIT for a specific CENIT App, which contains the licenses for this CENIT App ordered in the SW Rental Contract with the number, license start date and minimum terms.

Program description

The program description is the description of the designated CENIT App contained in the Program certificate for permanent SW or the Program certificate for temporary SW.

Program documentation

The program documentation is the documentation of the CENIT App identified in the Program certificate for permanent SW or the Program certificate for temporary SW.

Hotline Service

Service of CENIT for the receipt of error messages for applications/software and elimination of the error message by simple bypass solution (first level support). If a simple workaround is not possible, the error message is forwarded to the support infrastructure of the respective manufacturer of the applications/software.

Support Service

Service of CENIT to resolve malfunctions that occur during the licensee’s contractual use of the applications/software (second level support).

Update Service

Service of CENIT to provide new program versions of the applications/software and associated program documentation to the licensee.

Provide

CENIT provides licensed CENIT on premises App, additional files for licensed CENIT App and program documentation for licensed CENIT App to licensees for download on the portal of CENIT or the portal of a contractor.

Install

The licensee copies the licensed CENIT on premises App or CENIT mobile App under its own responsibility into its own environment to configure, operate and use it.

Configure

The licensee configures the licensed CENIT App under its own responsibility in its own environment using the configuration options specified in the program documentation of the CENIT App. Configuration is understood to be both the initial configuration after installation of the CENIT App and the business configuration of the CENIT App for use by the users.

Customize

The licensee extends the licensed CENIT on premises App under its own responsibility in its own environment using exclusively the exits/extension interfaces listed in the program documentation of the CENIT on premises App.

Implement

Summarizes the installation, configuration and customization of a CENIT on premises App.

Deploy

CENIT deploys a CENIT cloud App on the respective cloud platform of CENIT for operation.

Operate

CENIT operates a CENIT cloud App provided on the respective cloud platform of CENIT by CENIT. CENIT is thus responsible for providing updates for this CENIT cloud App on the respective cloud platform of CENIT.

Run

A CENIT cloud App runs on the cloud platform of CENIT. Licensees can use the CENIT cloud App after subscribing to its cloud platform.

Offer

CENIT offers a CENIT App on the homepage of CENIT so that customers can order this CENIT App.

Buy

Customers enter into a SW Purchase Contract or SW Rental Contract with CENIT to get licenses for the use of a specific CENIT App.

Whitelisting

CENIT whitelists a licensees cloud platform to activate a specific CENIT cloud App on the licensee’s cloud platform so that the licensee can subscribe to this CENIT cloud App.

Subscribe

Licensees subscribe to a CENIT cloud App on their cloud platform to use it.

Usage

Licensee users who have subscribed to a CENIT cloud App or installed a CENIT on premises App or CENIT mobile App may use this CENIT App for their business purposes.

Getting Support

This section describes how you can get support from CENIT in case of an unexpected behavior occurs in any CENIT App.

Context

The get support the following questions have to be answered:

  • To which application/software do you need support?

  • What is the version of the application/software?

  • What is the issue?

  • What is the expected behavior?

  • What are the steps to reproduce the issue?

Prerequisites
Procedure

  1. Open CENIT Support Portal and login.

    1. Create an new support ticket with New Request.

    2. Fill out at least the following fields:

      Field Value

      Title

      What is the issue?

      Priority

      low or normal or urgent

      Type of Incident

      Failure or Service Request

      Category

      To which application/software do you need support?

      Version/Release

      What is the version of the application/software?

      Description

      What is the expected behavior?

      What are the steps to reproduce the issue?

    3. Submit your support request with Save.

      or

  2. Open your company email account.

    1. Create an email to CENIT Support.

    2. Give answers to the above listed questions in the email body.

    3. Submit your support request.

Giving Feedback

This section describes how you can give feedback to CENIT about your user experience for any {cenit-app].

Context

In order to provide evaluable feedback, we would like to ask you to answer the following questions:

  • To which application/software do you want to give feedback?

  • What is the version of the application/software?

  • What is the feedback about?

  • How satisfied you are with the application/software as a whole?

  • Does the application/software meet your requirements and is easy to use?

  • Which additional feedback do you have that could help us to improve your user experience with the application/software?

Prerequisites
Procedure

  1. Open CENIT Support Portal and login.

    1. Create an new support ticket with New Request.

    2. Fill out at least the following fields:

      Field Value

      Title

      What is the feedback about?

      Priority

      normal

      Type of Incident

      PER

      Category

      To which application/software do you want to give feedback?

      Version/Release

      What is the version of the application/software?

      Description

      How satisfied you are with the application/software as a whole?

      Does the application/software meet your requirements and is easy to use?

      Which additional feedback do you have that could help us to improve your user experience with the application/software?

    3. Submit your feedback with Save.

      or

  2. Open your company email account.

    1. Create an email to CENIT Support.

    2. Give answers to the above listed questions in the email body.

    3. Submit your feedback.