src/compliance/compliance.mock.service.ts
Properties |
Methods |
| assignCompliance |
assignCompliance(id: number, userId: string)
|
|
Returns :
any
|
| complianceRuleById | ||||||
complianceRuleById(id: number)
|
||||||
|
Parameters :
Returns :
any
|
| getComplianceRules | ||||||||
getComplianceRules(projectId: number)
|
||||||||
|
Parameters :
Returns :
{}
|
| getFrameworks |
getFrameworks()
|
|
Returns :
{}
|
| getJurisdictions |
getJurisdictions()
|
|
Returns :
{}
|
| submitComplianceRisk | ||||||
submitComplianceRisk(projectId: number)
|
||||||
|
Parameters :
Returns :
{ id: number; name: string; description: string; requestType: string; requestStatus: string; requestedBy: string; assignedTo: {}; updatedAt: string; requestFieldObject: { status: string; riskCategory: string; ... 6 more ...; projectId: number; }; requestActivityLog: {}; }
|
| updateAssignee |
updateAssignee(id: number, assignee: string)
|
|
Returns :
void
|
| complianceRulesData |
Type : []
|
Default value : [
{
id: 1,
name: "Customer Feedback Portal",
severity: "LOW",
category: "BUSINESS",
assignee: null,
status: "TODO",
projectId: 1,
},
{
id: 2,
name: "Exploitation of AI system vulnerabilities",
severity: "HIGH",
category: "SECURITY",
assignee: "dulce_levine@mckinsey.com",
status: "TODO",
projectId: 1,
},
{
id: 3,
name: "Use of AI to generate code that can bypass cybersecurity measures",
severity: "LOW",
category: "SECURITY",
assignee: null,
status: "INPROGRESS",
projectId: 1,
},
{
id: 4,
name: "Data Privacy Compliance Module",
severity: "HIGH",
category: "SECURITY",
assignee: "pruthvi_prakasha@mckinsey.com",
status: "INPROGRESS",
projectId: 1,
},
{
id: 5,
name: "Use of AI to generate malicious content",
severity: "MEDIUM",
category: "SAFETY_AND_PERFORMANCE",
assignee: "fabiana_ferrara@mckinsey.com",
status: "MITIGATED",
projectId: 1,
},
{
id: 6,
name: "Lack of explainability",
severity: "MEDIUM",
category: "TRANSPARENCY_AND_EXPLAINIBILITY",
assignee: "pruthvi_prakasha@mckinsey.com",
status: "TODO",
projectId: 1,
},
{
id: 7,
name: "Lack of reliability",
severity: "HIGH",
category: "TRANSPARENCY_AND_EXPLAINIBILITY",
assignee: null,
status: "MITIGATED",
projectId: 1,
},
{
id: 8,
name: "Lack of control over usage of data inputs",
severity: "MEDIUM",
category: "THIRD_PARTY_RISKS",
assignee: "dulce_levine@mckinsey.com",
status: "TODO",
projectId: 1,
},
{
id: 9,
name: "Vendor lock-in",
severity: "LOW",
category: "THIRD_PARTY_RISKS",
assignee: null,
status: "MITIGATED",
projectId: 1,
},
{
id: 10,
name: "Dependency on 3P tools",
severity: "LOW",
category: "THIRD_PARTY_RISKS",
assignee: "andrew_mackay@mckinsey.com",
status: "INPROGRESS",
projectId: 1,
},
{
id: 11,
name: "Lack of vendor oversight",
severity: "HIGH",
category: "THIRD_PARTY_RISKS",
assignee: "mohammed_elnabawy@mckinsey.com",
status: "TODO",
projectId: 1,
},
]
|
|
Defined in src/compliance/compliance.mock.service.ts:5
|
import { Injectable } from "@nestjs/common";
@Injectable()
export class ComplianceMockService {
complianceRulesData = [
{
id: 1,
name: "Customer Feedback Portal",
severity: "LOW",
category: "BUSINESS",
assignee: null,
status: "TODO",
projectId: 1,
},
{
id: 2,
name: "Exploitation of AI system vulnerabilities",
severity: "HIGH",
category: "SECURITY",
assignee: "dulce_levine@mckinsey.com",
status: "TODO",
projectId: 1,
},
{
id: 3,
name: "Use of AI to generate code that can bypass cybersecurity measures",
severity: "LOW",
category: "SECURITY",
assignee: null,
status: "INPROGRESS",
projectId: 1,
},
{
id: 4,
name: "Data Privacy Compliance Module",
severity: "HIGH",
category: "SECURITY",
assignee: "pruthvi_prakasha@mckinsey.com",
status: "INPROGRESS",
projectId: 1,
},
{
id: 5,
name: "Use of AI to generate malicious content",
severity: "MEDIUM",
category: "SAFETY_AND_PERFORMANCE",
assignee: "fabiana_ferrara@mckinsey.com",
status: "MITIGATED",
projectId: 1,
},
{
id: 6,
name: "Lack of explainability",
severity: "MEDIUM",
category: "TRANSPARENCY_AND_EXPLAINIBILITY",
assignee: "pruthvi_prakasha@mckinsey.com",
status: "TODO",
projectId: 1,
},
{
id: 7,
name: "Lack of reliability",
severity: "HIGH",
category: "TRANSPARENCY_AND_EXPLAINIBILITY",
assignee: null,
status: "MITIGATED",
projectId: 1,
},
{
id: 8,
name: "Lack of control over usage of data inputs",
severity: "MEDIUM",
category: "THIRD_PARTY_RISKS",
assignee: "dulce_levine@mckinsey.com",
status: "TODO",
projectId: 1,
},
{
id: 9,
name: "Vendor lock-in",
severity: "LOW",
category: "THIRD_PARTY_RISKS",
assignee: null,
status: "MITIGATED",
projectId: 1,
},
{
id: 10,
name: "Dependency on 3P tools",
severity: "LOW",
category: "THIRD_PARTY_RISKS",
assignee: "andrew_mackay@mckinsey.com",
status: "INPROGRESS",
projectId: 1,
},
{
id: 11,
name: "Lack of vendor oversight",
severity: "HIGH",
category: "THIRD_PARTY_RISKS",
assignee: "mohammed_elnabawy@mckinsey.com",
status: "TODO",
projectId: 1,
},
];
updateAssignee(id: number, assignee: string) {
const rule = this.getComplianceRules().find((rule) => rule.id === id);
if (rule) {
rule.assignee = assignee;
}
}
complianceRuleById(id: number) {
return this.getComplianceRules().find((rule) => rule.id === id);
}
getComplianceRules(projectId: number = 1) {
// console log required for fixing lint errors
console.log(projectId);
return this.complianceRulesData;
}
assignCompliance(id: number, userId: string) {
this.updateAssignee(id, userId);
return this.complianceRuleById(id);
}
submitComplianceRisk(projectId: number) {
const complianceRiskRequest = {
id: 17,
name: "Data Privacy Compliance Module",
description:
"Segment customers and tailor engagement throughout their journey, optimising acquisition, reducing churn, and increasing lifetime value. Success is measured by lower costs, reduced churn, greater spend, and lifetime values.",
requestType: "COMPLIANCE_RISK",
requestStatus: "PENDING",
requestedBy: "pruthvi_prakasha@mckinsey.com",
assignedTo: ["mohamed_abusaid@mckinsey.com"],
updatedAt: "2024-07-31T11:25:47.578Z",
requestFieldObject: {
status: "INPROGRESS",
riskCategory: "SECURITY",
name: "Data Privacy Compliance Module",
severity: "HIGH",
description:
"Your project involves the processing and storage of electronic protected health information (ePHI) as per the HIPAA regulations. However, upon closer examination, it is discovered that the data transmission and storage mechanisms lack robust encryption protocols.",
metrics: "Agent judge",
evidence: "NIST Risk Management Framework 1.0",
source: "NIST Special Publication 800-37",
projectId: +(projectId || 1),
},
requestActivityLog: [
{
id: 40,
requestId: 17,
userId: "pruthvi_prakasha@mckinsey.com",
eventType: "CREATE_REQUEST",
eventTime: "2024-07-31T11:25:47.521Z",
details: {
message: "Created Request",
},
},
],
};
return complianceRiskRequest;
}
getJurisdictions() {
const jurisdictions: any[] = [
{
id: 1,
key: "INTERNATIONAL",
name: "International",
description: "Applies to multiple countries or regions",
},
{
id: 2,
key: "US",
name: "United States",
description: "Applies to the United States",
},
{
id: 3,
key: "EU",
name: "European Union",
description: "Applies to the European Union",
},
];
return jurisdictions;
}
getFrameworks() {
const frameworks: any[] = [
{
id: 1,
name: "International Organization for Standardization (ISO) 27001",
jurisdiction: "INTERNATIONAL",
description:
"Information security management system (ISMS) standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system.",
},
{
id: 2,
name: "National Institute of Standards and Technology (NIST) Cybersecurity Framework",
jurisdiction: "US",
description:
"Framework that helps organizations manage and reduce cybersecurity risks.",
},
{
id: 3,
name: "General Data Protection Regulation (GDPR)",
jurisdiction: "EU",
description:
"Regulation that protects the personal data and privacy of individuals in the European Union.",
},
{
id: 4,
name: "Health Insurance Portability and Accountability Act (HIPAA)",
jurisdiction: "US",
description:
"Regulation that protects the privacy and security of health information.",
},
{
id: 5,
name: "Payment Card Industry Data Security Standard (PCI DSS)",
jurisdiction: "INTERNATIONAL",
description:
"Standard that ensures the secure handling of credit card information.",
},
{
id: 6,
name: "California Consumer Privacy Act (CCPA)",
jurisdiction: "US",
description:
"Regulation that enhances privacy rights and consumer protection for residents of California.",
},
];
return frameworks;
}
getComplianceSummary() {
const metrics = "Agent judge";
const complianceSummary = {
riskCategory: "SECURITY",
name: "Data Privacy Compliance Module",
severity: "HIGH",
description:
"Your project involves the processing and storage of electronic protected health information (ePHI) as per the HIPAA regulations. However, upon closer examination, it is discovered that the data transmission and storage mechanisms lack robust encryption protocols.",
evidence: "NIST Risk Management Framework 1.0",
source: "NIST Special Publication 800-37",
sourceUrl:
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf",
metrics: metrics,
};
return complianceSummary;
}
}