Basic Configuration

This page will cover some basic configuration of the SDLT.

All configuration is done in the admin panel (or content management system/CMS). You will need to authenticate to the SDLT as an admin and access the admin panel (http://127.0.0.1:8123/admin).

All of the following sections assume you have loaded the admin panel. The following terms will be used to describe navigating around the admin panel:

  • The SideBar is the left navigation bar in the admin panel, it’s the top level navigation element.

  • The NavBar is located at the top-right of the screen and is a context navigation bar based on the SideBar context.

  • The Content Window is the main window where configuration options will be changed.

Admin Panel Sections

The admin panel has the following pages pre-configured with the SDLT.

  • Pages - Not used by the SDLT, SilverStripe default.

  • Files - Not used by the SDLT, SilverStripe default.

  • Reports - Pre-built reports about SDLT usage.

  • Security - User, Group and Role configuration.

  • Archive - Not used by the SDLT, SilverStripe default.

  • Audit - An audit log of actions undertaken within the SDLT by users and admins.

  • Jobs - Cron and scheduled jobs for the SDLT. When the SDLT needs to email users, it will create a job here.

  • Questionnaires - Configuration for the dashboard, pillars, questionnaires and tasks (including risk assessments)

  • Questionnaires Submissions - List of all questionnaire submissions in the SDLT.

  • Security Components - Defined security control catalogues and controls with associated risk ratings.

  • Service Inventory - List of services/systems that have a certification and accreditation issued by the SDLT.

  • Task Submissions - List of all tasks that have been generated by the SDLT as part of a submission.

  • Settings - Side-wide configuration options including site name, colour scheme, email configurations.

Changing Pillars on the Dashboard

Navigate to Questionnaires and you will see Dashboards selected in the NavBar. Ensure Dashboards is selected and you will see the configured dashboard in the main content window.

The dashboard has three different configuration options via it’s NavBar.

  1. The text displayed above the pillars can be modified under the Main option.

  2. The pillars can be modified under the Pillars option.

  3. Tasks that are displayed directly on the dashboard can be modified under the Tasks option.

Note: While the CMS supports adding more dashboards, the SDLT will only recognise and use one. Creating anymore than one dashboard may have unintended negative impacts

Adding/Modifying a Question

Adding or modifying a question on a questionnaire or task requires no programming. All question configurations have a graphic editing interface and drag-n-drop functionality.

Questions are defined as either an action or input type. An action question is one that changes the behaviour of the questionnaire when the user answers it. An input question is one that asks information from the user and stores it as part of the submission. It does not allow for any logic on the question.

An example action question is one that asks the user “Will you require any firewall changes for this delivery?”. The options presented to the user will be Yes or No. If the user selects Yes, then the SDLT will navigate to the next question which will be an input question asking for details of the firewall rule changes. If the user answers No then the SDLT will navigate over the next input question to the next relevant question.

Navigate to Questionnaires in the SideBar, and select either Questionnaires or Tasks in the NavBar. From here, select one of the items that has the type of Questionnaire. The NavBar should now have a Questions option, select this to see a list of questions assigned to this questionnaire.

Questions can be re-ordered by dragging and dropping them in this context.

You can determine the question type by looking at the Answer Field Type column. Questions can be either input or action type. The differences between these are described in the Basic Concepts page.

Input Type Questions

An input type question will have three fields to provide information to the user:

  1. The Question Title - This is displayed in the side bar of the questionnaire. This should be kept nice and short, but understandable.

  2. The Question Heading - This is the top bold text displayed to the user in the content section of the question.

  3. The Question Description - This provides a full description of the question, expectations for answers and any required information.

The input type question’s role is to solicit information from the user. This is done by adding Answer input fields to the question. By selecting Answer input fields when adding or modifying an input type question, you can add/modify the input fields presented to the user.

All input fields have the following fields:

  1. Field Label - This is displayed to the left of the input element and informs the user of the required information.

  2. The Field Type - This is the type of input we expect (more below on types).

  3. Required - A check box tagging this field as a required field. Required fields will be mandatory when completing the questionnaire.

  4. Min Length - Minimum length of a response the user can provide

  5. Max Length - The maximum length of a response the user can provide

  6. Place Holder - The hint text to provide to the user

  7. Special Field Type - (e.g., product name if type is text) - This is a special field indicator for the SDLT. It’s used to fill in special fields as part of the submission.

  8. Certification and accreditation input type - This is a special field used when configuring a certification and accreditation process.

Field Types

The SDLT supports the following field types:

  • Text - A single line text field.

  • Email - An email address that must meet email address format specification.

  • TextArea - A multi-line text field.

  • Rich Text Editor - A multi-line text field with rich edit controls.

  • Service Register -

  • Information Classification -

  • Dropdown -

  • Product Aspects -

  • Date - A date field with a date picker.

  • Release Date - A date field with a date picker that is automatically assigned to the “release date” special field.

  • URL - A web compliant URL/URI.

  • Multiple-Choice: Single Selection - HTML Radio buttons with only a single selection being allowed.

  • Multiple-Choice: Multiple Selection - HTML CheckBox buttons with multiple selection allowed.

Special Fields

The SDLT has special fields that are used for nicely cataloging and displaying information. The following special fields are currently configured in the SDLT:

  • Text field : Product Name - The name of the product that is the target of the submission.

  • Email field : Business Owner - The business owner who can accept risks on behalf of the organisation for this delivery.

  • URL field : Ticket Link - A URL link to a ticket in a ticketing system (e.g., JIRA) for this delivery.

Assigning/Removing a Task

Tasks can be spawned either on a questionnaire so that the task is mandatory for all submissions that require this questionnaire, or they can be assigned to an action question type.

For the questionnaire level tasks, these can be configured so that every submission through a specific pillar has mandatory tasks; OR this can be ensued to change tasks on-to tasks as part of a submission. This allows you to have a multi-stage assurance process (e.g., you may have a privacy threshold tasks that when completed spawns a privacy impact assessment task).

For the question level tasks, these can be assigned to an action on an action type question.

Assigning Tasks to Questionnaires

To assign a task to a pillar questionnaire, you will need to navigate to Questionnaires in the SideBar, then Questionnaires in the NavBar. Select the questionnaire you would like to modify then click on it in the content window. Then select Tasks from the NavBar. You can create a new task by clicking the “Add Task” button, or link an existing task to the questionnaire by typing part of it’s name in the search box and clicking Link Existing.

One task can be linked to many questionnaires or questions. This would be the primary use case. Clicking “Add Task” should only be used when you want to create a brand new, never been used before task. If you do create a task, it will show up in the regular list of tasks and be accessible to other questionnaires/questions for linking as well.

Assigning Tasks to Questions

To assign a task to a question, you will need to enter the edit screen for the question by selecting it from the questionnaire or task (see Adding/Modifying a Question above). Ensure the question type is action and once you have selected the question select Answer action fields from the NavBar.

Each action field will appear as a new button to the user. You can have one or more action fields. You can modify an existing one by clicking on it, or add a new one by clicking on “Add Answer Action Field”.

From here, you can select the Action Label which is the text that will be displayed on the button, and the Action Type which is the type of action you’d like the button to perform.

More information on the action types and their functions can be found on the Basic Concepts page. A brief summary is:

The action question will have action fields (buttons) that have an action associated with them. The SDLT has the following actions:

  1. continue - Continue to the next question in the questionnaire.

  2. goto - Go to a specific question in the questionnaire.

  3. message - Display a message to the user and halt the questionnaire.

  4. finish - End the questionnaire, returning an optional result.

Adding a New Task

You can add as many tasks as you would like to the SDLT, then link these to questionnaires and questions following the instructions above.

To add a new tasks, click on Questionnaires in the SideBar, then Tasks in the NavBar. You can then click on “Add Task” to add a new task, or “Import” to import a task from a JSON file. You can download your tasks as JSON by clicking on the download icon on the right of the task list.

In general, you will only need to create tasks of type questionnaire or risk questionnaire. Both of these types function large the same in terms of their configuration, with the major difference being that the risk questionnaire will return a risk result at the end if properly configured.

There are other task types (i.e., security risk assessment, control validation audit, selection, certification and accreditation). These exist for initial configuration. It is unlikely that you would need to create a new task of this type in any basic configuration environment. More information about these is explained under the advanced configuration.