Website Monitoring with AvePoint Compliance Guardian Online

This week AvePoint released its latest compliance platform: Compliance Guardian Online. Compliance Guardian Online is a high performance online system that is deployed on Microsoft Azure cloud services. With global data center support in the USA, Europe, and Asia, the system is ready to work where you are. The system itself is developed based on standards with web technologies. The HTML interface is fully accessible, and in every feature accessibility and usability were taken into consideration. This along with security and other policy initiatives allow us to provide maximum operational availability. Compliance Guardian Online provides website monitoring, including but not limited to: International accessibility standards like Web Content Accessibility Guidelines (WCAG) 2.0, US Section 508 Guidelines, international privacy factors, and site quality factors in addition to identifying data leakage vulnerabilities. All of these items represents some type of risk to your organization, and Compliance Guardian Online is here to help you reduce this risk in the cloud.

Using Compliance Guardian Online

As a standards based system, Compliance Guardian Online may be operated via your favorite browser. It is not dependent on any browser-specific features. A scan can be configured and run in as few as four steps once your account is set up. Compliance Guardian Online is ready to go in seconds, eliminating IT complexity with no additional hardware and software installations needed.

Steps to Run Your First Scan

1. Get an account by visiting https://complianceguardianonline.com/account/signup  (a free, 14-day trial is available)
2. Create a New Scan
3. Select your Test Suite
4. Set your Spider (Scanner) Rules
5. Save and Run your Scan

It is really that simple. The reports are designed in HTML and can be viewed by anyone with access to the system and the internet via a web browser. In the case that a user does not have access to the system but you want to provide access to the reports, it is as simple as creating a  distributable HTML Report Collection easily accessible for download as a zip file. [caption id="attachment_3101" align="alignnone" width="590"] Screenshot of a report run in Compliance Guardian Online.[/caption]

Test Suites

The Test Suites can help Identify many quality issues including but not limited to:

• Broken links
• Missing files or images
• Misused alternative text
• Misused company names or logos
• Words or phrases used that are outside of website usage policy.

Additionally, the Test Suites can validate and/or identify items that require more review for international accessibility standards or guidelines such as the WCAG 2.0 or the US Section 508 Guideline.  From a privacy perspective, the system can identify unsecure forms, data leakage, invalid cookie usage, improper SSL usages or Lack of SSL Usage, and inventory data collection interfaces. Beyond identification of the forms, the system can also validate the existence of privacy policies and/or disclosures as required. The following Test Suite Groups are available for users:

• Privacy
• Accessibility
• Secure Sensitive Information/Operational Security
• Site Quality
• Custom

Each group has preconfigured Test Suites. If you select “Customized”, you can upload your customized Test Suite to the Test Suite Manager, and you can upload checks to the Test Suite Manager as well.

All Testing is Not the Same

When testing static content, just grabbing the HTML may be good enough, but for dynamic content and some static content you need to test what is rendered by the HTML. With this in mind, Compliance Guardian Online provides the ability to test what is rendered via our embedded browser (a headless browser) that operates automatically with no user interactions. By testing this way, you are assured a complete test. Compliance Guardian Online does not stop there, of course. You can test much more than HTML, including Microsoft Office documents, PDFs, zip files, and much more. Simply refer to the user guide for a full list of supported document formats. Beyond web servers, you can test SharePoint Online sites as well.

Web Applications

Web applications provide a more complex testing challenge. All of the above support is required, but the targets for validation cannot be found without some predefined user interaction. Some examples include: searching for a flight, booking a hotel room, adding a product to a shopping cart, or logging into a bank account. This complexity is handled in Compliance Guardian Online by simply recording your transaction and then playing it back. The steps to run your scan are almost identical except for one item. Instead of entering a starting URL to scan you enter the transaction script to run. Absolutely no programming knowledge is required. You literally record your steps and then these can be played back over and over as required for monitoring.

Summary

Public brand and reputation management are important facets of any organization. Poor accessibility, privacy violations, leakage of secure sensitive information, improperly configured web servers, or applications that are not accessible by all can impact a company and brand negatively if not monitored. This is a topic that is in the news almost daily, with large companies experiencing brand damaging events as well as threats such as the HeartBleed security vulnerability.  It is also almost proverb at this point that monitoring content helps to deter visitor violations of the acceptable use policies of a website. Monitoring is a sure way to mitigate exposure to risk from a company and brand perspective, and Compliance Guardian Online can assure that your site works how you want, for whom you want, and that all of your content complies with internal and external policies.

Guidelines

• WCAG 2.0: http://www.w3.org/TR/WCAG20/
• Usability: http://guidelines.usability.gov/
• Section 508: http://www.section508.gov/Section-508-Of-The-Rehabilitation-Act
• Privacy and Data Protection: http://en.wikipedia.org/wiki/Information_privacy

Resources

• AvePoint Privacy Impact Assessment System:  https://www.privacyassociation.org/resource_center/avepoint_privacy_impact_assessment_system
• Compliance Guardian Online: https://complianceguardianonline.com/account/signup