{ "schema": "https://saferpage.de/schemas/trust-access-automation-rules.v1", "generated_at": "2026-06-09T03:23:12+00:00", "domain": "bestandsuebersicht-acdp.faust-web.de", "available": true, "scan": { "id": "909a8c90-92fa-4851-9534-2e187fa9bbb9", "checked_at": "2026-06-08 13:15:48.659845+02" }, "status": "operator_setup_required", "readiness_score": 52, "summary": "CRM-/NDA-Automation für bestandsuebersicht-acdp.faust-web.de: 6 Regel(n), 4 NDA-Regel(n), 2 Manual-Review-Schutzregeln.", "metrics": { "rule_count": 6, "auto_eligible_rule_count": 1, "manual_review_rule_count": 2, "nda_rule_count": 4, "integration_count": 4, "guardrail_count": 5, "domain_verified": false, "operator_score": 67 }, "rules": [ { "id": "crm_account_nda_auto_approve", "label": "CRM-Konto plus vorhandene NDA prüfen", "condition": "requester_domain matches CRM account AND nda_on_file=true AND requested_package=public_or_standard", "decision": "eligible_for_auto_approval_after_domain_claim", "risk_level": "mittel", "owner": "Sales/Legal/Compliance", "required_signals": [ "crm_account_id", "opportunity_stage", "nda_on_file", "domain_claim" ], "dry_run_only": true }, { "id": "crm_opportunity_manual_review", "label": "Opportunity-Kontext in Review-Queue anzeigen", "condition": "requester_domain matches active CRM opportunity BUT nda_on_file=false", "decision": "send_nda_then_manual_review", "risk_level": "mittel", "owner": "Sales/Compliance", "required_signals": [ "opportunity_owner", "deal_stage", "requested_documents" ], "dry_run_only": true }, { "id": "contract_system_nda_bypass", "label": "Ironclad/Contract-Record für NDA-Bypass nutzen", "condition": "contract_counterparty matches requester email domain AND nda_or_msa_active=true", "decision": "bypass_new_nda_keep_access_review", "risk_level": "niedrig", "owner": "Legal", "required_signals": [ "contract_record_id", "counterparty_domain", "agreement_status" ], "dry_run_only": true }, { "id": "docusign_clickwrap_required", "label": "DocuSign oder Clickwrap vor privaten Dokumenten erzwingen", "condition": "requested_package contains restricted_document AND no_valid_nda=true", "decision": "require_nda_signature_before_delivery", "risk_level": "hoch", "owner": "Legal/Compliance", "required_signals": [ "nda_template_id", "signer_role", "signature_history_id" ], "dry_run_only": true }, { "id": "high_risk_request_manual_only", "label": "High-Risk-Anfragen nie automatisch freigeben", "condition": "public_mailbox OR competitor_domain OR incident_package OR unknown_company", "decision": "manual_review_only", "risk_level": "hoch", "owner": "DSB/IT/Security", "required_signals": [ "request_reason", "company_domain", "risk_reason", "approver" ], "dry_run_only": true }, { "id": "expiry_revocation_sync", "label": "Ablauf und Widerruf systemübergreifend synchronisieren", "condition": "delivery_created OR access_revoked OR viewer_deletion_requested", "decision": "sync_expiry_revocation_and_viewer_deletion", "risk_level": "mittel", "owner": "Platform/Compliance", "required_signals": [ "delivery_id", "expires_at", "revoked_at", "viewer_hash" ], "dry_run_only": true } ], "decision_samples": [ { "requester": "bestehender_kunde.example", "signals": { "crm_account": true, "nda_on_file": true, "package": "Procurement Evidence Pack" }, "decision": "eligible_for_auto_approval_after_domain_claim", "reason": "CRM-Konto und NDA vorhanden; produktiv erst nach Domain-Claim und Rollenfreigabe." }, { "requester": "prospect.example", "signals": { "crm_opportunity": true, "nda_on_file": false, "package": "Auditor Evidence Pack" }, "decision": "send_nda_then_manual_review", "reason": "Opportunity-Kontext hilft dem Reviewer, ersetzt aber keine NDA und keine Freigabe." }, { "requester": "freemail.example", "signals": { "public_mailbox": true, "crm_account": false, "package": "Incident / Deletion Pack" }, "decision": "manual_review_only", "reason": "Unklare Identität und sensibler Scope bleiben blockiert." } ], "integrations": [ { "id": "salesforce_hubspot", "label": "Salesforce/HubSpot CRM", "purpose": "Account, Opportunity, Owner, NDA-Feld und Deal-Kontext serverseitig prüfen.", "secret_policy": "OAuth-Token nie exportieren; nur abgeleitete Statuswerte anzeigen." }, { "id": "docusign_clickwrap", "label": "DocuSign oder Clickwrap NDA", "purpose": "NDA-Signatur vor gated Dokumenten anfordern und Signaturhistorie auditieren.", "secret_policy": "Template-IDs und Signatur-IDs intern halten; keine Vertragsinhalte veröffentlichen." }, { "id": "ironclad_contracts", "label": "Ironclad/Contract System", "purpose": "Bestehende Gegenpartei- oder MSA-/NDA-Records für Bypass-Regeln auswerten.", "secret_policy": "Nur boolesche Matches und Status verwenden, keine Vertragsdaten im Public Report." }, { "id": "slack_teams", "label": "Slack/Teams Approval", "purpose": "Reviewer mit Kontext benachrichtigen und Approve/Deny/Revoke protokollieren.", "secret_policy": "Webhook-Secrets serverseitig; öffentliche Seiten zeigen nur Payload-Schema." } ], "guardrails": [ { "id": "domain_claim_required", "label": "Auto-Approval erst nach Domain-Claim aktivieren", "status": "blocked_until_verified" }, { "id": "least_privilege", "label": "CRM- und Contract-Scopes nur lesend und minimal halten", "status": "required" }, { "id": "no_sensitive_export", "label": "Keine E-Mail-Adressen, Vertragsfelder oder CRM-Secrets exportieren", "status": "enforced_in_public_blueprint" }, { "id": "human_override", "label": "Manual Override, Deny, Revoke und Viewer Deletion immer ermöglichen", "status": "required" }, { "id": "audit_log", "label": "Jede Entscheidung mit Regel-ID, Signal-Hash und Approver protokollieren", "status": "required" } ], "automation_contract": { "input": [ "requester_domain_hash", "requested_resource_ids", "crm_match_status", "nda_status", "contract_match_status", "risk_flags" ], "output": [ "decision", "rule_id", "requires_human_review", "requires_nda", "expires_at_policy", "audit_event_id" ], "does_not_use_plain_email_in_public_exports": true, "does_not_auto_approve_publicly": true }, "links": { "html": "https://saferpage.de/datenraum/bestandsuebersicht-acdp.faust-web.de/automatisierung", "json": "https://saferpage.de/datenraum/bestandsuebersicht-acdp.faust-web.de/automatisierung-json", "csv": "https://saferpage.de/datenraum/bestandsuebersicht-acdp.faust-web.de/automatisierung-csv", "markdown": "https://saferpage.de/datenraum/bestandsuebersicht-acdp.faust-web.de/automatisierung-md", "data_room": "https://saferpage.de/datenraum/bestandsuebersicht-acdp.faust-web.de", "access_requests": "https://saferpage.de/datenraum/bestandsuebersicht-acdp.faust-web.de/zugriffe", "connections": "https://saferpage.de/trust/bestandsuebersicht-acdp.faust-web.de/connections", "access_groups": "https://saferpage.de/trust/bestandsuebersicht-acdp.faust-web.de/gruppen", "legal_agreements": "https://saferpage.de/trust/bestandsuebersicht-acdp.faust-web.de/nda", "document_delivery": "https://saferpage.de/datenraum/bestandsuebersicht-acdp.faust-web.de/zustellung", "crm_sync": "https://saferpage.de/trust-analytics/bestandsuebersicht-acdp.faust-web.de/crm-sync", "api_operations": "https://saferpage.de/trust/bestandsuebersicht-acdp.faust-web.de/api", "integrations": "https://saferpage.de/integrationen/setup-json", "domain_verification": "https://saferpage.de/betreiber/bestandsuebersicht-acdp.faust-web.de/verifizierung" }, "does_not_grant_access": true, "disclaimer": "Diese Automation ist ein Betreiber-Blueprint. Die öffentliche Seite prüft keine echten CRM-, Vertrags- oder NDA-Daten und genehmigt keine realen Zugriffe." }