Application Architecture
C2P is a three-tier web application that comprises:

• A relational database that stores global regulations and customer data in structured format.
• An application server that implements the business logic and user interface of the application.
• A Web browser that displays C2P pages and sends data entered by users to the application server.

Supported Browsers

• Firefox 2 and 3.
• Safari 2 and 3.
• Internet Explorer 6 and 7.

Daily Updates of Global Regulations
Every C2P installation receives daily updates from Compliance and Risks’ (C&R’s) global regulations database. Daily updates are sent in XML format over HTTPS protocol. Global data updates do not interfere with local data created by users. Behind the scenes, C2P keeps track of the origin of every page and ensures the integrity of each transaction.

Hosting
The relational database and application server tiers of C2P can be hosted inside a company firewall or by C&R. Hosting by C&R includes the following benefits:

• Installation of the application on fast servers with advanced redundancy and fail-over features.
• Setup of daily updates from C&R’s global regulations database.
• Major functionality upgrades every 3–4 months.
• Frequent application of bug fixes and security patches.
• Daily backups.
• Automated continuous monitoring of the health of the system.
• Quick response to problems 24/7.
• Security and protection by a state-of-the-art data center.

Contact C&R for more details about the hosting environment.

Security

• All C2P installations use SSL to encrypt data traveling between user browsers and the C2P server.
• Transmission of daily updates from the regulations database is encrypted.
• Each user has a unique username and password; passwords are never transmitted or stored in plain text.
• C2P enforces password rules that follow best security industry practices.
• An installation controls how frequently users are required to change passwords.
• An installation controls how soon users can reuse old passwords.
• An installation controls the inactivity timeout period, which by default is set to one hour.

Auditing

• The C2P history subsystem logs all user transactions in C2P and retains them indefinitely.
• C2P history is searchable by user, date, transaction type (add/update/delete), and page type.
• C2P history manages transaction details at the field level, recording both old and new values of changed fields.
• Functionality is available to see the history of changes for a specific page, specific field, or related group of pages.
• The application server maintains standard user access logs that contain user IP addresses and application URLs accessed by users.
• Retention policies for application server logs are configurable.