[Owasp-board] Member Nation Portal

Eoin Keary eoin.keary at owasp.org
Sat Dec 14 09:42:59 UTC 2013


Hey,
before i vote i need to understand.

Have they had a penetration test/Code review/ SDLC security etc etc.
Any evidence of security on the SaaS?
Would be rather ironic if they were hacked an our data was pasted all over the web?

What are the tangible savings how much projected per year/ 3years?

If the company collapses what happens our data? 




Eoin Keary
Owasp Global Board
+353 87 977 2988


On 13 Dec 2013, at 17:53, Sarah Baso <sarah.baso at owasp.org> wrote:

> All -
> 
> Dave, Kate, and I had a call with our rep at Member Nation today and I also have spent a bit of time on the financials. I have updated the proposal here: https://docs.google.com/a/owasp.org/document/d/1yDTFCdmmZN3t732sqHTOFHMhQrXgUC46YbgDhGROcXM/edit
> 
> Here are the key points of new information
> The cost of all the systems that the new Member Nation Portal will be able to replace for us starting in 2014, is $35,000/year.  Note that some of those systems/costs are based on actual registrations so I have used past numbers and current projections to put together an estimate.  
> This "cost" does not include the staff time/costs in managing multiple registration systems, running ineffective reports, and other operational overhead.  I expect that this new system will be much better for our data management and staff time in managing (not to mention the benefits for the community).
> The first year costs at the point are estimates ($45,000) and we are hoping to get that number down by handling some of our own data migration and customization.
> On our call this morning, we learned that Salesforce has adjusted some of its pricing (and minimums), which will save us an additional $2600 on our annual fees (reducing them to $11,100)
> We should be able to break even with costs after 2 years and recognizing $26,000 in savings in year 3.
> 
> Here are some answers to the other questions in this thread:
> 
> Internationalization
> Yes supports internationalization - currency is based on merchant accounts and we will be able to accept payments in other currencies (which will settle into whatever accounts we have set up).
> Languages - Salesforce translates into the following languages (built in): English, French, German, Italian, Japanese, Spanish, Swedish, Korean, Simplified Chinese, Traditional Chinese, and Thai
> 
> Handling payments
> Payments will be handled through our same payment processors - chase payment tech and payflow pro. Member Nation itself is not accepting the money.
> 
> Protection of data 
> Data is held by Salesforce, I don't foresee issues with this.
> 
> Because time is of the essence in making a decision on this and going forward with the contract (we need to have a full 3 months to implement and roll out, and need to plan for event registrations in 2014 as well as memberships with the new membership model) - I am adding this for a vote on Monday's board meeting.  This is included in the budget, but even if the budget isn't finalized Monday it is critical for the operations team to have a decision on this.
> 
> Sarah
> 
> 
> 
> 
> On Thu, Dec 5, 2013 at 5:50 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>> Sarah,
>> 
>> I've checked the tool and indeed looks impressive. There are a few questions that will appreciate your clarification:
>> 
>> - Does the platform support internationalisation? Eg. Would members in Asia/Latin America be able to use it?
>> 
>> - Does it handle payments for conferences, memberships, etc? If so, is it PCI-DSS certified to accept payments? 
>> 
>> - Eoin's point about escrow... would it be possible to pay in monthly installments? This could limit our liability if they go busted.
>> 
>> - Regarding the protection of our data... do they have an certications such as ISO27001/SAS70?
>> 
>> Thanks,
>> Fabio
>> 
>> 
>> On Thu, Dec 5, 2013 at 9:47 AM, Eoin <eoin.keary at owasp.org> wrote:
>>> If there is no escrow...
>>> Lets say we spend 40K and the service is terminated / company folds etc etc do we have any protection?
>>> Does the system have adequate protection of our data also? Security of our data? SLA/availability, access to our data if they company folds.
>>> These are common questions when outsourcing services to SaaS and COTS solutions.
>>> 
>>> Eoin
>>> 
>>> 
>>> 
>>> 
>>> On 5 December 2013 05:11, Seba <seba at owasp.org> wrote:
>>>> Hi
>>>> 
>>>> Kate showed me this in New York, and it seems a really good fit for owasp. I fully support this proposal.
>>>> 
>>>> Regards 
>>>> Seba
>>>> 
>>>> On 04 Dec 2013 22:00, "Sarah Baso" <sarah.baso at owasp.org> wrote:
>>>>> Board members -
>>>>> 
>>>>> This came up briefly on Monday's budget call, but I wanted to provide some additional operational details on the portal that the staff would like to transition to in 2014.  
>>>>> 
>>>>> Details are available here: 
>>>>> 
>>>>> https://docs.google.com/a/owasp.org/document/d/1yDTFCdmmZN3t732sqHTOFHMhQrXgUC46YbgDhGROcXM/edit
>>>>> Additionally -  here is a short video demo put together by another organization about the portal: http://www.youtube.com/watch?v=g7s5j-i9BUU
>>>>> 
>>>>> Info about Member Nation by Fonteva: http://www.fonteva.com/products/membernation/
>>>>> 
>>>>> Operational Notes:
>>>>> 
>>>>> The transition to Member Nation is MUCH MORE than a new system for membership and event registration, it is a community management platform that will give us tools to assist with volunteer management and recognition and a place for dynamic update of project and chapter related data so we can gather metrics and run reports.  It will also be a one stop shop for community members to manage all their information membership, event, chapters, projects, volunteer and other ways they interact with OWASP.  
>>>>> The critical points are that in order to implement as smooth a transition as possible, we would like to have a 3 month roll out plan (starting no later than January 1) to be completed by end of Q1 when our 2 year contract with cvent expires.  Additionally, I know there were some points of frustration and lack of communication in the move from Regonline to Cvent a couple year ago, so the more time we have to plan and work on the roll out plan, the better.
>>>>> The OWASP Staff will manage the set up of events and other administration of the portal - and will receive training as part of our set up costs. The portal does support various access controls and "roles" for members of the community (i.e. chapter leader, project leader, event planner). 
>>>>> Financial
>>>>> 
>>>>> There will be a one time set up cost of $45,689 and an ongoing annual portal user fee of $13,500 - so a total of $59,189 for the first year.  This $13,5000 will significantly reduce our annual costs for other registration and membership systems (estimated at $24856). And enable us to dramatically decrease our fees over the next several years. 
>>>>> 
>>>>> Please let me know any additional questions you have.
>>>>> 
>>>>> Regards,
>>>>> Sarah Baso
>>>>> 
>>>>> -- 
>>>>> Executive Director
>>>>> OWASP Foundation
>>>>> 
>>>>> sarah.baso at owasp.org
>>>>> +1.312.869.2779
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>> 
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> 
>>> 
>>> 
>>> -- 
>>> Eoin Keary
>>> OWASP Member
>>> https://twitter.com/EoinKeary
>>> 
>>> 
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> 
> -- 
> Executive Director
> OWASP Foundation
> 
> sarah.baso at owasp.org
> +1.312.869.2779
> 
> 
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131214/f2f2c1c4/attachment.html>


More information about the Owasp-board mailing list