GDPR Case Management

Login & Credentials

INDICA uses a web-based interface, you can easily login in with administrator user credentials.

../../_images/logins1.png

Overview

INDICA aims to provide you with a powerful GDPR compliance tool in an intuitive and user-friendly manner. For you to better set-up and manage your GDPR activities in INDICA, it is important to familiarize yourself with its main administrative features. This manual outlines INDICA’s GDPR administrative capabilities and walks you through how you can best manage cases as system administrator.

Note that this manual is written based on our demo environment, your actual interface might differ slightly from the screenshots below;

After you have created a GDPR case and set up user information correctly, go to ‘Manage Cases’ to set case settings, add your evidence and generate reports. On the top of the INDICA Manage Cases interface you can find a list of tabs which will allow you to navigate to the corresponding function pages, including the Home page, Settings, Datasources, Tags, Saved Queries, and Logs & Reports settings. Click on the tab and you will be directed to the targeted page.

../../_images/overview1.png

Definitions

  • Data Record: a record from a structured data source;
  • GDPR Item (token): A personal data record (e.g. name, email or IBAN);
  • Data Record = Data type = GDPR item = GDPR token;
  • PII = Personally Identifiable Information;
  • Object: any record or file in the data set (e.g. email, PDF or presentation);
  • Issue: any Personally Identifiable Information (PII) matched by the GDPR engine;
  • GDPR Score: a fuzzy number that is calculated over the issues based on GDPR items’ variety, sensitivity and number within the object;
  • Data collection: a combination of data from different sources;
  • Data Source: a system or an application containing objects (e.g. CRM system, mail server, file share);
  • Resolved issue: an issue with the tag “Resolved”;
  • Unresolved issue: an issue with the tag “Unresolved”;
  • Data tab: a pre-set data collection visible as a tab in the user interface;
  • Open share alert: an alert triggered when an object containing PII is available to the high risk Active Directory (AD) groups;
  • Outgoing data alert: an alert triggered when an object containing PII is being transferred outside of the company.

Home Page

Home page provides you with an overview of your GDPR data activities and data status. As the administrator, you can enable/disable indexer, monitor GDPR activity progress, as well as generate reports directly from this page. On this page, you can find the statistics of the index that are shown for informational purposes. Item ‘parents’ are mails that are at the root of a thread, zip files that contain items, etc. Note that clicking ‘Clean Index’ will throw all data out of INDICA. When you add a new case, this page will be empty. Please check if the settings are correct before you move on.

Not-indexed documents are documents INDICA couldn’t read. Reasons for this are most likely rights issues, unknown encryption or corruption of files.

../../_images/homepage2.png

Settings

There are four sections in the Settings page where you can customize your INDICA GDPR (Look & Feel, General Settings, Search Settings and GDPR Settings), we will show you in the content below how you can better customize INDICA GDPR and make it work the best for you. Remember to click ‘Save Changes’ after your action, otherwise the system will not deploy any of the changes you made.

../../_images/settings.png

1. Look & Feel

In this section, you can customize INDICA GDPR to fit your corporate style. You can change the logo on the top left side into your own company logo and switch the interface colour into your company colour.

../../_images/lookandfeel2.png

2. General Settings

Click on ‘General Settings’ and you will be directed to this page, here you can change different Indexer and usage settings.

  • Use first folder as Facet or Custodian name: enabling this allows you to have the custodian names as filters on the frontend;
  • Enable OCR: enabling this will allow INDICA to extract information from images and image-PDFs; enabling this will cause an increase in indexing time.
  • Pre-create document views: we advise you to enable this to have a good document loading speed; this will also increase indexing time.
  • Only index email meta data: enabling this will fasten document loading, but only meta data will be shown at the frontend. Document contents will not be available;
  • Use nice document viewer: we advise you to enable this to have a nice view;
  • Disable this option to remove ACL from shares: enabling this will allow all users to have access to all files in INDICA;
  • Enable NLP library: we advise you to enable this to have better search results;
  • How many hits should be shown per page: you can decide how many hits will be shown per page in the frontend;
  • Enable comments: enable this if you want reviewers to leave comments in the frontend;
  • Enable Stemming: here you have the options to turn on/off stemming. Stemming can be enabled by choosing the language needed. The indexer will be restarted and a re-index is strongly advised.
../../_images/general1.png

3. Search Settings

In this page, you can add/delete stop words and synonyms which will affect the search results. INDICA will not analyze on the words on ‘stop word list’. Use the ‘boost query’ function to have certain search results appear above others or exclude certain results altogether.

../../_images/search1.png

Please refer to the content below for general search method, you can also use this for boosting queries:

INDICA provides the relevance level of matching documents based on the results found. To boost a query, use the caret, “^”, symbol with a boost factor (a number) at the end of the query you are searching. The higher the boost factor, the more relevant the query will be.

Boosting allows you to control the relevance of a document by boosting its query. For example, if you are searching for

jakarta apache

And you want the term “jakarta” to be more relevant boost it using the ^ symbol along with the boost factor next to the query. You would type:

jakarta^4 apache

This will make documents with the term jakarta appear more relevant. You can also boost Phrase Terms as in the example:

“jakarta apache”^4 “Indica search”

By default, the boost factor for each term or phrase is 1. Although the boost factor must be positive, it can be less than 1 (e.g. 0.2).

../../_images/boost1.png

4. GDPR Settings

In this page, you can customize the features specially related to GDPR compliance to have INDICA works the best for your company.

  • Enable GDPR: tick this box to enable GDPR module in INDICA.
  • Create new privacy datatab: by enabling this, INDICA will scan emails for privacy data items (e.g. name, address and IBAN) to form a GDPR privacy database. This database will be displayed as a tab on the top of INDICA interface.
  • Privacy datatab name: fill in the name you want for the privacy datatab here.
  • Use datatab as seed: the datatab with structured GDPR results will be used as a structured data source.
  • Own email domains: fill in here the email domains that are considered as internal email domains, INDICA will consider them as ‘safe domains’.
  • High risk AD groups: fill in the user groups that will generate high privacy risks once exposed to sensitive privacy data.
  • Own bank accounts: fill in here the IBANs that are considered as company bank accounts, INDICA will not recognize these bank accounts as privacy data.
../../_images/indexer2.png

On the bottom of the page you can find the section to define your own GDPR pattern. Fill in personal identifiable items (e.g. name, IBAN) in the ‘Name’ column, define their patterns in the ‘Pattern’ column so that INDICA can successfully identify them in your data. Give each of your personal identifiable items a confidence (0-100). The higher confidence you have for the item, the more positive INDICA will be when identifying it as personal data.

For each item, you will have the option to save the changes you have made, restore it to the previous status, delete it from your data index or simply inactive it from your GDPR dashboard by clicking on the corresponding button. INDICA provides a list of general privacy items and pattern that you can use as default settings, to deploy it click on ‘reset patterns to default’.

GDPR Threat matrix??? (not sure)

../../_images/pattern.png

Datasources

After you have the previous steps set up correctly, you can go to ‘Datasources’ to add new evidence, edit information of existing evidence and delete certain evidence. INDICA supports various forms of evidence as shown below.

../../_images/datasources2.png

1. Data sources and file types that INDICA supports:

  • File shares;
  • Active Directory, Novel Directory, Open Directory, LDAP;
  • Websites/ WEBdav;
  • MySQL, MS SQL, PostgreSQL, Oracle, ODBC;
  • Mail servers: POP3, IMAP, MS Exchange (starting from 2003), Office 365, Amazon, WorkMail and more;
  • SharePoint (limited, depending on configuration);
  • Default connectors to DB;
  • Amazon S3 buckets;
  • E01/L01 evidence files;
  • UNIT4 – Alure;
  • MS Dynamics (in case of default setup, there is a possibility to make adjustments);
  • INDICA recognises over 400 file types: most common office formats and a lot of proprietary formats.

Noted that Most non- standard DB applications can be connected through direct DB connection. This might take up to a day to configure depending on the complexity of the environment.

2. Collections

Collections contain one or more data sources (for example shares, sites, email or data tabs). To edit/delete certain data collections, click on the corresponding button.

../../_images/collections1.png

3. Fileshares

In this section, you can set Windows fileshares, SMB or CIFS, with or without authentication. Only read-rights are necessary for the share or the user connecting to the share.

  1. Add new fileshare

To add a new fileshare source in INDICA, click on ‘Add New’. Fill in the information of targeted fileshare and access credentials of this fileshare. Click ‘Show as datatab’ if you want this evidence to appear as a tab in INDICA front end. Click ‘Check’ to examine if you have entered the credentials correctly so that INDICA can connect to this evidence. If the credentials are correct, click ‘Submit’ and the evidence will be instantly reflected on ‘Fileshares’ page.

Enter the information in the form of \usershare or \localhostusb$ when connecting to a USB drive.

We advise you to have a dedicated user or service account e.g. ‘INDICA’ for the connection to the shares. This user needs read rights to all the data that the INDICA appliance needs to access.

../../_images/addfile1.png
  1. Check new fileshare added

To When the added data is fully processed, you can click ‘Info’ to see a visual summary of this evidence. The speed of data processing will depend on your data size, local network condition, OCR enabled/disabled and the condition of your hardware.

../../_images/checkfile1.png
  1. Edit/delete fileshare

To add or delete a certain evidence, click on the corresponding button on this page.

../../_images/editfile1.png

4. Sites

To index web sites or intranet sites, enter the information in the ‘sites’ section. Enter the name, the site and choose the spider interval (once, daily, weekly). If basic authentication is required, enter the site’s credentials.

Your reseller can set up form-based authentication for you if needed.

../../_images/sites.png

5. Email

Email integrations with security set on email owners can only work if Active Directory integration is turned on.

  1. E-mail integration

After enabling the e-mail functionality, the e-mail connectivity can be chosen, either a POP archiving/catch all mailbox or EWS connections. In order to store the email archive on an external share, please set the share information in the Archiving section. If mail is enabled and there is no (Active) Directory integration enabled, a custom email domain can be set here too. Default is set to indica.lan.

../../_images/email1.png
  1. POP3 Settings

Please fill in the server name, user name and password of the Catch all email box. The system will connect using the POP protocol, and store the email on the default archive location. You can choose to access it through a separate tab.

All email from the archive POP mailbox will be downloaded and removed from the mailbox. If needed, enter extra email aliases to the user in the list.

../../_images/email2.png
  1. EWS Accounts

Most modern mail servers have EWS API connectivity. To make full use of this, please enter the users and passwords. A special user can be created to spider all the email. Keep in mind that INDICA needs to create an Email archive, so enough storage should be added to the system.

../../_images/email3.png

Tags

After adding evidence, you can go to ‘Tags’ to create/edit/delete tags. To nest tags, simply drag and drop and indent them. Click on ‘Lock tags’ after changes are made so they cannot be changed by other users afterwards. If you have tagged certain documents and want to export them, go to the bottom of this page, click on the targeted tags and then click ‘Export’. Documents will be ready for download at this page after you click ‘Export’.

../../_images/tags1.png

Saved Queries

At this page, you can see all saved queries made in the INDICA front end, you can also add new ones by clicking ‘Add New +’. Import/export query list is also possible at this page. If you want to see how many hits are generated from your search terms (including duplicates), click ‘Get Totals’.

../../_images/savequeries.png

Logs & Reports

For Logs & Reports, there is a query log where you can see all searches done by the users and they are also available for download. In INDICA Logging, you can see all the work information done by INDICA.

../../_images/logs11.png

User action trails can be found in ‘Audit Log’, including tagging, commenting and etc.

../../_images/logs21.png