AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
91043d7391
nis2-agile/docs/sql/027_supplier_self_assessment.sql
DevEnv nis2-agile 1a5db30073 [FEAT] Self-assessment fornitori (P3 supply chain) - portale pubblico con token 
- Migrazione 027: tabella supplier_questionnaires (token hash, risposte, score, risk_level, scadenza)
- SupplyChainController: sendQuestionnaire (JWT, genera link 30gg), publicQuestionnaire + submitPublicQuestionnaire (NO auth, token), questionnaireStatus
- 8 domande sicurezza Art.21.2.d (ISO27001/MFA/patching/backup/incident/access/encryption/subfornitori) pesate -> score 0-100 -> risk_level + aggiornamento suppliers.risk_score
- public/supplier-assessment.html: portale standalone (no login) per il fornitore
- Pulito route map supplychain (rimossi duplicati + entry malformata PueT + metodi inesistenti)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 10:19:01 +02:00

36 lines
1.8 KiB
SQL
Raw Blame History

-- ============================================================================
-- Migration 027 - Supplier self-assessment portal (P3 supply chain)
-- ----------------------------------------------------------------------------
-- Abilita l'invio di questionari di sicurezza ai fornitori (Art.21.2.d NIS2)
-- e la compilazione tramite portale pubblico con token (senza login).
--
-- supplier_questionnaires: traccia invio, token (hash), risposte, score.
--
-- Idempotente. Rilanciabile.
-- mysql -h localhost nis2_agile_db -e "source docs/sql/027_supplier_self_assessment.sql"
-- ============================================================================
CREATE TABLE IF NOT EXISTS supplier_questionnaires (
id INT NOT NULL AUTO_INCREMENT,
organization_id INT NOT NULL,
supplier_id INT NOT NULL,
token_hash CHAR(64) NOT NULL COMMENT 'SHA-256 del token inviato al fornitore',
status ENUM('sent','completed','expired') NOT NULL DEFAULT 'sent',
answers JSON NULL COMMENT 'Risposte del fornitore {question_key: value}',
score INT NULL COMMENT 'Punteggio 0-100 calcolato dalle risposte',
risk_level ENUM('low','medium','high','critical') NULL,
sent_to_email VARCHAR(255) NULL,
sent_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
completed_at DATETIME NULL,
expires_at DATETIME NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
UNIQUE KEY uq_sq_token (token_hash),
KEY idx_sq_org (organization_id),
KEY idx_sq_supplier (supplier_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
COMMENT='Questionari di self-assessment sicurezza inviati ai fornitori (Art.21.2.d)';
-- ROLLBACK:
-- DROP TABLE IF EXISTS supplier_questionnaires;
Reference in New Issue View Git Blame Copy Permalink