Globale Einstellungen/en: Unterschied zwischen den Versionen

Global settings can only be changed as administrator or expert!

• Company name

Here the company name is entered that is to be used in e-mails to the supplier. If this field is not filled in, no messages can be sent to suppliers. Find more on suppliers here.

• Default language

Here you can select the language in which the application should be displayed by default.
Each user can however choose the language he wants to use by default via the flag symbol, top right.

• Organizational form

Here you can determine whether companies are more function-oriented (purchasing, production, sales, etc) or process-oriented.

• Enforce two-factor authentication when logging in with username and password

Here you can define whether users need to activate and use 2FA when they don't use SSO or a passkey for their login.

• Enforce two-factor authentication for suppliers

Here you can define whether supplier users need to activate and use 2FA for their login to the portal.

• Login with username and password disabled

If activated, users cannot login with username and passwort, but only with another configured login option (e.g., login with Microsoft). The option is only available if at least one other login option is configured.

Through these settings, the appearance of HITGuard can be customized to your needs. All settings are only effective after clicking on "Save" at the bottom of the page. Some settings are only visible after the page has been reloaded.

• Base color: Affects elements that are green by default (e.g. "save" button and load bar).
• Report color: This can be used to change the color used for reports.
• Tab icon: Determines the icon that is displayed in browser tabs. An .ico file must be used for the tab icon. Caution: In order to upload, the image must not exceed 16px in height and width.
• Report logo cover page: This can be used to set an image that will be displayed left aligned, centered, or right aligned on the cover page of reports in its original size. The report logo for the cover page can be reset via the button to the right of the preview. Caution: In order to upload, this image must not exceed 690px in width and 264px in height.
• Report logo page header: This can be used to set an image that will be displayed in the right corner of page headers of reports in its original size. The report logo for the page header can be reset via the button to the right of the preview. Caution: In order to upload, this image must not exceed 55px in width and 31px in height.
• Button colors: The colors set here affect their respective buttons.

The "Reset design" button can be used to reset the design settings back to the original ones.

If anonymous reporting via a whistleblower portal is activated in at least one management system with the case management add-on, a logo for the whistleblower system start page can be uploaded here.

This setting activates the LDAP integration.

This allows users to log in using their Active Directory or Azure Active Directory credentials.

• Automatic user creation: This option allows you to load user information from an Active Directory or Azure Active Directory at first login.
  This saves you the work of recreating all users in HITGuard. Only user roles have to be assigned to the users.

• Local login deactivated: If LDAP integration is activated, the local logon can be deactivated. This means that users can only log on to the system using their LDAP logon data. If both logon modes (LDAP and Local) are activated, users can log on to the system with their LDAP as well as with their local logon credentials. For more information on this, see login options.

If the LDAP integration is activated, you have to specify the domain and the root container of your Active Directory.

Alternatively to the LDAP, Microsoft Entra ID can be activated. In this case there is also the option of single sign-on for users. Local authentication can be deactivated just like with LDAP integration.

If this option is enabled, the local user data are updated daily with those in the directory. Users deactivated in the in the directory are then also deactivated in HITGuard. The synchronization is done every day just after midnight. The profile pictures of users are not updated.

If this option is enabled, users do not have to login with their credentials or the button. Instead, they are logged in directly.

Here, the settings for the automatic mailing are made. The sender's address as well as the mailing via SMTP server or Microsoft 365 (Exchange Online via OAuth2) can be configured. To send via Microsoft 365, a service account must be configured for the Microsoft Entra ID app.

If you want to, change the settings for the mailing to a company address, or for test purposes ideally to the address of a resource mailbox, as you need to provide the password here. If you do not use an e-mail account of your own but the one provided by TogetherSecure, the sender address needs to end in @hitguard.at.

You can choose a separate e-mail address for each management system (see Management system e-mail).

It is possible to configure whether new users should receive a welcome e-mail and whether they should receive an e-mail when they are assigned to a team.

More technical details for the mailing setup can be found in the HITGuard installation instructions.

Here, you can set which information will be shown when selecting a responsible person.
For example, it can be shown from which company and department a user is.

This can be used to configure which options should be activated by default when creating management systems.
Under "Measures → Settings" it is possible to configure these options individually for each management system.
This has an effect on the creation of measures in the respective management systems.

• Impact and Effort:

The effort describes how much is needed in terms of resources (personnel, monetary, time-wise, etc.) to implement a measure. For this, effort classes can be defined under "Measures → Settings → Effort classes".

The impact describes how much of a difference the implementation of a measure makes when completed. For this, impact classes can be defined under "Measures → Settings → Impact classes".

• Automatic determination of deadline:

If activated, the deadline for the measure is automatically filled in once effort, impact, and start date have been entered. The basis of calculation is the matrix for the determination of deadline under "Measures → Settings". This should enable a neutral and as objective as possible determination of the implementation duration.

The option "Impact and Effort" must be activated for this as well.

• Mentioned deadline:

This option allows the entering of a mentioned deadline for measures. It can differ from the deadline and dates the day the responsible person is expected to have completed the measure implementation.

If activated, it is a mandatory field in the measure and is considered in progress reports as well.

• Delayed:

Measures can be marked as delayed with this. If the mentioned deadline is activated and then changed for an existing measure, HITGuard automatically suggests setting the "delayed" marker.

• Risk reduction:

If a measure has been partially implemented and a reduction of the linked risk has been achieved, the marker "risk reduction" can be set for the measure. The marker is shown in Progress Reports and then automatically removed in the following analysis period.

• KO criterion:

With this option, measures can be marked as critical. They are especially designated in Progress Reports.

• Rescheduled:

This option allows for a re-planning of a measure. If the measure is marked with "Rescheduled" and the deadline of the measure is changed accordingly, the traffic light for the measure is set back to Green if traffic light control is analysis period-based or deadline-based.

• Corrective & improvement measure

If activated, measures can be designated as serving correction and/or improvement. They can be filtered by this marker in the measure overview and it is shown in reports.

• Info e-mail when allocating measures:

If this option is activated, a notification is sent to the responsible user in the following situations:

• creation of an open measure
• change of responsibility in an open measure
• setting a measure into the state "open"

• Report progress actively:

This makes the button "Report Progress" available under "My tasks → Measures" and on the page of the measure itself. This allows users to independently submit a progress report for their measures. (without a progress report having been requested).

This can be used to configure whether or not the "Private" identifier of threat layers should be set by default.

More information on this can be found at "Risk Management → Risk Assessment → Risk".

• Password reset deadline

This setting defines the validity period of the password link. Password links are included in welcome mails for supplier users. Additionally, password links are sent to supplier users when they request a password reset.

• Supplier deactivation deadline

This setting is used to preset the expiration date for suppliers. Presetting only occurs when a new supplier is created. The expiration date is calculated as follows: the current date at the time of creation + the number of months specified in the settings.

Example: If 6 months are defined in the settings and the supplier is created on 02/15, then the expiration date is preset as 08/15.

• Deactivation mail to the supplier

This option defines whether suppliers are to receive a deactivation mail. If the respective supplier has administrators, this mail will only be sent to the administrators. Otherwise, all users of the supplier will receive this mail.

• Deactivation mail

This setting allows you to specify how many days before a supplier expiration date is reached the notification mail should be sent. This applies to mails sent to supplier users as well as to the internal team.

• Deactivation mail to internal team

This option determines whether the deactivation mail is to be sent to the internal team in addition to the supplier.

• Internal team

The internal team can be set here. They are to be responsible for the supplier and possibly receive notifications.

Find more on suppliers here.

Here you can set the default of whether an automatic code should be created for any new elemtents, and for which ones. The structure of the code can also be configured here. The setting is then taken over for all newly created management systems, but it can be changed and adapted directly in the management system itself.

• The general prefix is used at the beginning of the code for all selected elements.
• The first column allows you to select all elements that are to be generated with an automatic code.
• Prefix: a string of letters, digits, or special characters that clearly labels the element (e.g., M for measure). The default entry can be changed.
• OrgUnits abbr.: decides whether the element's code also includes the code of the organizational unit. Elements that aren't directly associated with any organizational unit do not have this option activated (e.g., risks or processes).
• OrgUnit abbr. suffix: a delimiter between the OrgUnit code and the final digit string (e.g., _ or -).
• Minimum precision: the minimum number of digits to be included in the resulting string. At least 1 and at most 10 can be entered. With a number of 4, the resulting strings would be, for example, 0001, 0026, or 0184.

Note: If a management system uses the centrally configured code generation instead of its own, configured under "Administration → Management systems", then the string counts between management systems. This means, if three measures are first created in management system A, then the first measure code in management system B ends with a "4".