[Owasp-board] Member Nation Portal
Tobias
tobias.gondrom at owasp.org
Sat Dec 14 18:14:33 UTC 2013
Am in support, too.
(subject to clarification on the security question...)
Cheers, Tobias
On 14/12/13 18:07, Tom Brennan wrote:
> I support this workflow automation
>
> On Dec 14, 2013, at 12:55 PM, "Dave Wichers" <dave.wichers at owasp.org
> <mailto:dave.wichers at owasp.org>> wrote:
>
>> I forgot to ask Fonteva (the vendor) about the security question
>> (shame on me). Sarah -- can you ask them about that or have you
>> already? Hope so....
>>
>>
>>
>> All our users will be going through Salesforce to access to data they
>> provide. They don't access Fonteva (Member Nation is the name of
>> their service) directly. So most of the security is provided by
>> Salesforce, not Fonteva, which is a significant mitigating factor.
>> Like all authentication/authorization is from Salesforce for example.
>>
>>
>>
>> The cost savings are clearly spelled out in the referenced doc Sarah
>> forwarded the link to, and they are substantial:
>>
>> Year 1
>>
>>
>>
>> $35,000
>>
>> ($20k Cvent, $7k regonline, $1k forms & surveys, $7k CFP, CFT &
>> scheduling software)
>>
>>
>>
>> $56789
>>
>>
>>
>> +$21,789 year 1 added cost
>>
>> Year 2
>>
>>
>>
>> $35,000
>>
>>
>>
>> $11,100
>>
>>
>>
>> $23,900 (annual savings)/ + $2,111(total savings recognized)
>>
>> Year 3
>>
>>
>>
>> $35,000
>>
>>
>>
>> $11,100
>>
>>
>>
>> $23,900 (annual savings)/ $26,011 (total savings recognized)
>>
>> Year 4
>>
>>
>>
>> $35,000
>>
>>
>>
>> $11,100
>>
>>
>>
>> $23,900 (annual savings)/ $49,911 (total savings recognized)
>>
>> Year 5
>>
>>
>>
>> $35,000
>>
>>
>>
>> $11,100
>>
>>
>>
>> $23,900 (annual savings)/$73,811 (total savings recognized)
>>
>>
>>
>> I'm not worried about Fonteva going out of business. We've never
>> pushed on that point with any of our previous providers. They are a
>> Salesforce partner, and Salesforce wouldn't enter into an arrangement
>> with them if they were seriously worried about that. Go read:
>> http://www.fonteva.com/company/about/. They have 4000 customers
>> already. So they are a pretty big outfit.
>>
>>
>>
>> -Dave
>>
>>
>>
>>
>>
>> *From:*owasp-board-bounces at lists.owasp.org
>> <mailto:owasp-board-bounces at lists.owasp.org>
>> [mailto:owasp-board-bounces at lists.owasp.org] *On Behalf Of *Eoin Keary
>> *Sent:* Saturday, December 14, 2013 4:43 AM
>> *To:* Sarah Baso
>> *Cc:* OWASP Foundation Board List
>> *Subject:* Re: [Owasp-board] Member Nation Portal
>>
>>
>>
>> Hey,
>>
>> before i vote i need to understand.
>>
>>
>>
>> Have they had a penetration test/Code review/ SDLC security etc etc.
>>
>> Any evidence of security on the SaaS?
>>
>> Would be rather ironic if they were hacked an our data was pasted all
>> over the web?
>>
>>
>>
>> What are the tangible savings how much projected per year/ 3years?
>>
>>
>>
>> If the company collapses what happens our data?
>>
>>
>>
>>
>>
>>
>>
>> Eoin Keary
>>
>> Owasp Global Board
>>
>> +353 87 977 2988
>>
>>
>>
>>
>> On 13 Dec 2013, at 17:53, Sarah Baso <sarah.baso at owasp.org
>> <mailto:sarah.baso at owasp.org>> wrote:
>>
>> All -
>>
>>
>>
>> Dave, Kate, and I had a call with our rep at Member Nation today
>> and I also have spent a bit of time on the financials. I have
>> updated the proposal
>> here: https://docs.google.com/a/owasp.org/document/d/1yDTFCdmmZN3t732sqHTOFHMhQrXgUC46YbgDhGROcXM/edit
>>
>>
>>
>> Here are the key points of new information
>>
>> * The cost of all the systems that the new Member Nation Portal
>> will be able to replace for us starting in 2014, is
>> $35,000/year. Note that some of those systems/costs are
>> based on actual registrations so I have used past numbers and
>> current projections to put together an estimate.
>> * This "cost" does not include the staff time/costs in managing
>> multiple registration systems, running ineffective reports,
>> and other operational overhead. I expect that this new
>> system will be much better for our data management and staff
>> time in managing (not to mention the benefits for the community).
>> * The first year costs at the point are estimates ($45,000) and
>> we are hoping to get that number down by handling some of our
>> own data migration and customization.
>> * On our call this morning, we learned that Salesforce has
>> adjusted some of its pricing (and minimums), which will save
>> us an additional $2600 on our annual fees (reducing them to
>> $11,100)
>> * *We should be able to break even with costs after 2 years and
>> recognizing $26,000 in savings in year 3.*
>>
>>
>>
>> Here are some answers to the other questions in this thread:
>>
>>
>>
>> *Internationalization*
>>
>> * Yes supports internationalization - currency is based on
>> merchant accounts and we will be able to accept payments in
>> other currencies (which will settle into whatever accounts we
>> have set up).
>> * Languages - Salesforce translates into the following
>> languages (built in): English, French, German, Italian,
>> Japanese, Spanish, Swedish, Korean, Simplified Chinese,
>> Traditional Chinese, and Thai
>>
>>
>>
>> *Handling payments*
>>
>> * Payments will be handled through our same payment
>> processors* *- chase payment tech and payflow pro. Member
>> Nation itself is not accepting the money.
>>
>>
>>
>> *Protection of data *
>>
>> * Data is held by Salesforce, I don't foresee issues with this.
>>
>>
>>
>> *Because time is of the essence in making a decision on this and
>> going forward with the contract (we need to have a full 3 months
>> to implement and roll out, and need to plan for event
>> registrations in 2014 as well as memberships with the new
>> membership model) - I am adding this for a vote on Monday's board
>> meeting. This is included in the budget, but even if the budget
>> isn't finalized Monday it is critical for the operations team to
>> have a decision on this.*
>>
>>
>>
>> *Sarah*
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Dec 5, 2013 at 5:50 AM, Fabio Cerullo <fcerullo at owasp.org
>> <mailto:fcerullo at owasp.org>> wrote:
>>
>> Sarah,
>>
>>
>>
>> I've checked the tool and indeed looks impressive. There are a
>> few questions that will appreciate your clarification:
>>
>>
>>
>> - Does the platform support internationalisation? Eg. Would
>> members in Asia/Latin America be able to use it?
>>
>>
>>
>> - Does it handle payments for conferences, memberships, etc? If
>> so, is it PCI-DSS certified to accept payments?
>>
>>
>>
>> - Eoin's point about escrow... would it be possible to pay in
>> monthly installments? This could limit our liability if they go
>> busted.
>>
>>
>>
>> - Regarding the protection of our data... do they have an
>> certications such as ISO27001/SAS70?
>>
>>
>>
>> Thanks,
>> Fabio
>>
>>
>>
>> On Thu, Dec 5, 2013 at 9:47 AM, Eoin <eoin.keary at owasp.org
>> <mailto:eoin.keary at owasp.org>> wrote:
>>
>> If there is no escrow...
>>
>> Lets say we spend 40K and the service is terminated / company
>> folds etc etc do we have any protection?
>>
>> Does the system have adequate protection of our data also?
>> Security of our data? SLA/availability, access to our data if
>> they company folds.
>>
>> These are common questions when outsourcing services to SaaS and
>> COTS solutions.
>>
>>
>>
>> Eoin
>>
>>
>>
>>
>>
>>
>>
>> On 5 December 2013 05:11, Seba <seba at owasp.org
>> <mailto:seba at owasp.org>> wrote:
>>
>> Hi
>>
>> Kate showed me this in New York, and it seems a really good fit
>> for owasp. I fully support this proposal.
>>
>> Regards
>> Seba
>>
>> On 04 Dec 2013 22:00, "Sarah Baso" <sarah.baso at owasp.org
>> <mailto:sarah.baso at owasp.org>> wrote:
>>
>> Board members -
>>
>> This came up briefly on Monday's budget call, but I wanted to
>> provide some additional operational details on the portal
>> that the staff would like to transition to in 2014.
>>
>> Details are available here:
>>
>> https://docs.google.com/a/owasp.org/document/d/1yDTFCdmmZN3t732sqHTOFHMhQrXgUC46YbgDhGROcXM/edit
>>
>> Additionally - here is a short video demo put together by
>> another organization about the
>> portal: http://www.youtube.com/watch?v=g7s5j-i9BUU
>>
>> Info about Member Nation by
>> Fonteva: http://www.fonteva.com/products/membernation/
>>
>> *Operational Notes:*
>>
>> · The transition to Member Nation is MUCH MORE than a
>> new system for membership and event registration, it is a
>> community management platform that will give us tools to
>> assist with volunteer management and recognition and a place
>> for dynamic update of project and chapter related data so we
>> can gather metrics and run reports. It will also be a one
>> stop shop for community members to manage all their
>> information membership, event, chapters, projects, volunteer
>> and other ways they interact with OWASP.
>>
>> · The critical points are that in order to implement
>> as smooth a transition as possible, we would like to have a 3
>> month roll out plan (starting no later than January 1) to be
>> completed by end of Q1 when our 2 year contract with cvent
>> expires. Additionally, I know there were some points of
>> frustration and lack of communication in the move from
>> Regonline to Cvent a couple year ago, so the more time we
>> have to plan and work on the roll out plan, the better.
>>
>> · The OWASP Staff will manage the set up of events
>> and other administration of the portal - and will receive
>> training as part of our set up costs. The portal does support
>> various access controls and "roles" for members of the
>> community (i.e. chapter leader, project leader, event planner).
>>
>> *Financial*
>>
>>
>>
>> There will be a one time set up cost of $45,689 and an
>> ongoing annual portal user fee of $13,500 - so a total of
>> $59,189 for the first year. This $13,5000 will significantly
>> reduce our annual costs for other registration and membership
>> systems (estimated at $24856). And enable us to dramatically
>> decrease our fees over the next several years.
>>
>>
>>
>> Please let me know any additional questions you have.
>>
>>
>>
>> Regards,
>>
>> Sarah Baso
>>
>>
>>
>> --
>>
>> Executive Director
>>
>> OWASP Foundation
>>
>>
>>
>> sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>> +1.312.869.2779 <tel:%2B1.312.869.2779>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>> --
>> Eoin Keary
>> OWASP Member
>> https://twitter.com/EoinKeary
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>>
>> --
>>
>> Executive Director
>>
>> OWASP Foundation
>>
>>
>>
>> sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>> +1.312.869.2779
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131214/5b8781fa/attachment-0001.html>
More information about the Owasp-board
mailing list