🧠 Key Concepts and Glossary¶

This page defines the key concepts, terms, and acronyms used throughout GetCimple documentation and the platform itself.

Core GetCimple Concepts¶

GetCimple Platform Terminology¶

GetCimple: A cybersecurity compliance SaaS platform designed for Australian businesses with board directors, focusing on the dual needs of governance oversight (directors) and implementation management (staff).
Governance-First Approach: GetCimple's positioning as a board-level governance tool rather than a technical security tool, emphasizing director oversight and compliance management.
Dual-Target Design: The platform's architecture serving both board directors (governance oversight) and management teams (implementation), creating a win-win relationship between stakeholders.
Multi-Board Access: Directors can switch between different company boards they serve on, with each organization maintaining complete data isolation. Note: There are no unified or cross-company views.

User Roles and Stakeholders¶

Board Director: Non-executive directors responsible for governance oversight, compliance monitoring, and strategic cybersecurity decisions. Primary users of executive dashboards and reports.
Management Team: Senior executives responsible for implementing cybersecurity policies and managing compliance activities within their organization.
IT Staff/Implementation Team: Technical staff responsible for executing cybersecurity tasks, collecting evidence, and maintaining day-to-day security operations.
Compliance Team: Staff specifically focused on regulatory compliance, audit preparation, and documentation management.
Tenant Administrator: User with administrative privileges for managing their organization's GetCimple instance, user access, and configuration.

Cybersecurity and Compliance Concepts¶

Australian Regulatory Framework¶

Essential Eight: The Australian Cyber Security Centre's (ACSC) prioritized cybersecurity mitigation strategies. GetCimple's core framework for security implementation and maturity assessment.
Australian Cyber Security Centre (ACSC): The Australian Government's lead agency for cybersecurity, providing guidelines, threat intelligence, and the Essential Eight framework.
Corporations Act Section 180: Australian legislation requiring directors to exercise their powers with care and diligence, including cybersecurity oversight responsibilities.
Privacy Act 1988: Australian privacy legislation requiring protection of personal information, with cybersecurity implications for data handling and breach notification.

Governance and Risk Concepts¶

Cybersecurity Governance: The framework of policies, procedures, and oversight mechanisms that guide an organization's cybersecurity strategy and implementation.
Risk Appetite: The level of cybersecurity risk an organization is willing to accept in pursuit of its business objectives.
Risk Acceptance: Formal process for acknowledging and accepting specific cybersecurity risks that cannot be mitigated to acceptable levels.
Compliance Tracking: Systematic monitoring and documentation of adherence to cybersecurity policies, standards, and regulatory requirements.
Evidence Collection: The process of gathering and organizing documentation that demonstrates compliance with cybersecurity requirements.

Maturity and Assessment¶

Maturity Level: A measurement of an organization's cybersecurity capability and sophistication, often rated on a scale (e.g., Essential Eight Maturity Levels 1-3).
Gap Analysis: Assessment comparing current cybersecurity posture against desired standards or regulatory requirements. For policies, this identifies which controls are not implemented or only partially implemented, along with associated risks and remediation priorities.
Implementation Roadmap: Strategic plan outlining the steps and timeline for achieving cybersecurity objectives and compliance requirements.
Remediation Roadmap: Detailed action plan for closing identified gaps in policy implementation, including assigned owners, target dates, priorities, and resource requirements for each unimplemented control.
Compliance Percentage: Calculated metric showing what percentage of a policy's requirements are currently implemented, based on control-level status assessment (e.g., "SDLC Policy: 23% compliant").

Technical and Architecture Concepts¶

Platform Architecture¶

Multi-Tenant Architecture: Software design where a single instance serves multiple organizations (tenants) with complete data isolation and security separation.
Tenant Isolation: Ensuring that each organization's data and access are completely separated from other organizations using the platform.
Edge Computing: Using Cloudflare Workers to process requests closer to users for improved performance and reduced latency.
Row-Level Security (RLS): Database security feature ensuring users can only access data belonging to their organization/tenant.

Technology Stack¶

SvelteKit: Full-stack web framework used for GetCimple's frontend application development.
shadcn-svelte: Modern component library providing copy-paste components built on Radix UI primitives and Tailwind CSS, used for GetCimple's user interface.
Cloudflare Workers: Serverless platform used for GetCimple's backend API and edge computing functions.
Supabase: PostgreSQL database platform providing GetCimple's data storage, authentication, and real-time features.
Kinde Auth: Authentication and user management service providing secure login and access control.
n8n: Workflow automation platform used for GetCimple's AI agents and business process automation.

Integration and Automation¶

Workflow Automation: Automated business processes that reduce manual work and ensure consistent execution of compliance activities.
AI Agents: Automated systems that can perform specific tasks like policy updates, compliance monitoring, or report generation.
WhatsApp Business Integration: Mobile-first communication channel allowing directors and staff to interact with GetCimple through familiar messaging interfaces.
API Integration: Connections between GetCimple and external systems for data exchange and workflow automation.

Business Process Concepts¶

Policy Management¶

Policy Template: Pre-built cybersecurity policy documents that can be customized for specific organizations and industries.
Policy Status: The governance state of a policy indicating whether it has been approved by the board and is active as an organizational standard. This is separate from implementation status.
Implementation Status: The actual compliance level showing what percentage of a policy's requirements are currently being done. Tracked at the control level for complex policies.
Control-Level Tracking: Monitoring implementation at the individual requirement level within a policy, allowing granular assessment of what is implemented vs. what is not, rather than treating the entire policy as binary (compliant/non-compliant).
Policy Acknowledgment: Formal process where staff confirm they have read, understood, and agree to comply with organizational policies.
Policy Versioning: System for managing changes to policies over time while maintaining historical records and approval trails.
Board Approval Workflow: Formal process for director review and approval of cybersecurity policies and significant changes.

Implementation and Monitoring¶

Task Management: System for tracking cybersecurity implementation activities, assignments, due dates, and completion status.
Compliance Dashboard: Visual interface showing current compliance status, outstanding tasks, and key metrics for different user roles.
Automated Alerts: System-generated notifications for important events like policy updates, compliance deadlines, or security incidents.
Director Reports: Executive-level summaries of cybersecurity posture, compliance status, and key metrics formatted for board meetings.

Assessment and Improvement¶

Baseline Assessment: Initial evaluation of an organization's current cybersecurity posture and compliance status.
Continuous Monitoring: Ongoing assessment of cybersecurity controls and compliance status to identify changes and improvements needed.
Maturity Progression: Structured approach to advancing cybersecurity capabilities from basic to advanced levels over time.

Communication and Collaboration¶

Notification Systems¶

Email Notifications: Automated email communications for policy updates, task assignments, compliance reminders, and other important events.
WhatsApp Messaging: Business messaging integration allowing mobile-friendly communication about cybersecurity matters.
Dashboard Alerts: In-platform notifications displayed on user dashboards for immediate attention items.

Reporting and Documentation¶

Board Meeting Reports: Formal documents prepared for board meetings summarizing cybersecurity status and requiring director attention.
Compliance Reports: Detailed documentation of compliance status for regulatory reporting and audit purposes.
Audit Trail: Complete record of actions, changes, and decisions related to cybersecurity governance and implementation.

Acronyms and Abbreviations¶

ACSC: Australian Cyber Security Centre ACSC: Australian Cyber Security Centre API: Application Programming Interface CPS: Cyber Security Prudential Standard E8: Essential Eight ERD: Entity Relationship Diagram IaC: Infrastructure as Code MVP: Minimum Viable Product RLS: Row-Level Security SaaS: Software as a Service SIEM: Security Information and Event Management S180: Section 180 of the Corporations Act

Understanding Documentation Context¶

Documentation Types¶

Internal Documentation: Business-sensitive documentation (this site) containing detailed implementation plans, technical specifications, and strategic information.
Customer Documentation: Public-facing documentation for GetCimple users, containing help guides, feature explanations, and user instructions.
API Documentation: Technical documentation for developers integrating with or extending GetCimple functionality.

Document Relationships¶

Cross-Section Integration: How different documentation sections connect and reference each other to provide complete understanding.
Process Workflows: Sequential documentation showing how business processes flow from one step to another.
Implementation Pathways: Documentation trails showing how to move from planning through implementation to operation.

Quick Reference¶

For quick lookup of these concepts while reading documentation:

Business Concepts: Focus on governance, compliance, and stakeholder terminology
Technical Concepts: Understand architecture, technology stack, and implementation terms
Process Concepts: Know the workflow, assessment, and management terminology
Platform Concepts: Grasp GetCimple-specific features and approaches

Need a definition not listed here? Search the documentation or refer to the relevant section's detailed content for domain-specific terminology.