@tantainnovative/ndpr-toolkit 1.0.3 → 1.0.5

package/src/app/docs/guides/breach-notification-process/components/BestPractices.tsx

@@ -1,123 +0,0 @@
-'use client';
-
-import { Card, CardContent } from '@/components/ui/Card';
-
-export default function BestPractices() {
-  return (
-    <section id="best-practices" className="mb-8">
-      <h2 className="text-2xl font-bold mb-4">Best Practices</h2>
-      <p className="mb-4">
-        Implementing an effective breach notification process requires more than just the right tools. 
-        Here are some best practices to ensure your process is robust and compliant with the NDPR:
-      </p>
-      
-      <div className="grid grid-cols-1 md:grid-cols-2 gap-6">
-        <Card>
-          <CardContent className="p-6">
-            <h3 className="font-bold text-lg mb-2">Prepare in Advance</h3>
-            <p className="text-gray-600 dark:text-gray-300 text-sm">
-              don&apos;t wait for a breach to occur before developing your response plan. Have templates, 
-              procedures, and roles defined in advance so you can respond quickly when a breach happens.
-            </p>
-          </CardContent>
-        </Card>
-        
-        <Card>
-          <CardContent className="p-6">
-            <h3 className="font-bold text-lg mb-2">Train Your Team</h3>
-            <p className="text-gray-600 dark:text-gray-300 text-sm">
-              Ensure that all staff members know how to identify and report a potential data breach. 
-              Conduct regular training sessions and drills to keep the breach response process fresh in everyone&apos;s minds.
-            </p>
-          </CardContent>
-        </Card>
-        
-        <Card>
-          <CardContent className="p-6">
-            <h3 className="font-bold text-lg mb-2">Document Everything</h3>
-            <p className="text-gray-600 dark:text-gray-300 text-sm">
-              Maintain detailed records of all breaches, including those that don&apos;t require notification. 
-              Document the facts of the breach, its effects, and the remedial actions taken. This is a requirement under the NDPR.
-            </p>
-          </CardContent>
-        </Card>
-        
-        <Card>
-          <CardContent className="p-6">
-            <h3 className="font-bold text-lg mb-2">Establish Clear Criteria</h3>
-            <p className="text-gray-600 dark:text-gray-300 text-sm">
-              Develop clear criteria for determining when a breach requires notification to NITDA and/or data subjects. 
-              This helps ensure consistent decision-making and compliance with the NDPR.
-            </p>
-          </CardContent>
-        </Card>
-        
-        <Card>
-          <CardContent className="p-6">
-            <h3 className="font-bold text-lg mb-2">Involve Legal Counsel</h3>
-            <p className="text-gray-600 dark:text-gray-300 text-sm">
-              Involve legal counsel in the development of your breach notification process and in the review of 
-              notifications before they are sent. This helps ensure that your notifications meet legal requirements.
-            </p>
-          </CardContent>
-        </Card>
-        
-        <Card>
-          <CardContent className="p-6">
-            <h3 className="font-bold text-lg mb-2">Regular Testing</h3>
-            <p className="text-gray-600 dark:text-gray-300 text-sm">
-              Regularly test your breach notification process through tabletop exercises or simulations. 
-              This helps identify and address any weaknesses in your process before a real breach occurs.
-            </p>
-          </CardContent>
-        </Card>
-        
-        <Card>
-          <CardContent className="p-6">
-            <h3 className="font-bold text-lg mb-2">Learn from Incidents</h3>
-            <p className="text-gray-600 dark:text-gray-300 text-sm">
-              After each breach, conduct a post-incident review to identify lessons learned and opportunities for improvement. 
-              Update your breach notification process based on these insights.
-            </p>
-          </CardContent>
-        </Card>
-        
-        <Card>
-          <CardContent className="p-6">
-            <h3 className="font-bold text-lg mb-2">Maintain Contact Information</h3>
-            <p className="text-gray-600 dark:text-gray-300 text-sm">
-              Keep up-to-date contact information for NITDA, your Data Protection Officer, legal counsel, 
-              IT security team, and other key stakeholders who need to be involved in the breach response process.
-            </p>
-          </CardContent>
-        </Card>
-      </div>
-      
-      <div className="mt-8 bg-red-50 dark:bg-red-900/20 p-4 rounded-md">
-        <h3 className="text-red-800 dark:text-red-200 font-bold mb-2">Common Pitfalls to Avoid</h3>
-        <ul className="list-disc pl-6 text-red-700 dark:text-red-300 text-sm">
-          <li>
-            <strong>Delayed Response:</strong> Failing to act quickly once a breach is detected. Remember, the 72-hour clock 
-            starts ticking as soon as you become aware of the breach.
-          </li>
-          <li>
-            <strong>Incomplete Notifications:</strong> Omitting required information from breach notifications, such as the 
-            nature of the breach, likely consequences, or measures taken.
-          </li>
-          <li>
-            <strong>Inadequate Documentation:</strong> Failing to maintain detailed records of the breach and your response, 
-            which are required under the NDPR.
-          </li>
-          <li>
-            <strong>Poor Communication:</strong> Not communicating clearly with affected data subjects about the breach and 
-            what they should do to protect themselves.
-          </li>
-          <li>
-            <strong>Neglecting Follow-up:</strong> Failing to follow up on remedial actions or to provide additional information 
-            to NITDA as it becomes available.
-          </li>
-        </ul>
-      </div>
-    </section>
-  );
-}

package/src/app/docs/guides/breach-notification-process/components/ImplementationSteps.tsx

@@ -1,328 +0,0 @@
-'use client';
-
-export default function ImplementationSteps() {
-  return (
-    <section id="implementation-steps" className="mb-8">
-      <h2 className="text-2xl font-bold mb-4">Implementation Steps</h2>
-      <p className="mb-4">
-        Implementing a comprehensive breach notification process involves several key components from the NDPR Toolkit. 
-        Here&apos;s how to set up each part of the process:
-      </p>
-      
-      <div className="space-y-8">
-        <div>
-          <h3 className="text-xl font-bold mb-3">1. Breach Detection and Reporting</h3>
-          <p className="mb-3">
-            The first step is to implement a system for detecting and reporting potential data breaches. The NDPR Toolkit&apos;s 
-            BreachReportForm component provides a structured way for staff to report suspected breaches.
-          </p>
-          <div className="bg-gray-800 text-gray-200 p-4 rounded-md overflow-x-auto">
-            <pre><code>{`import { BreachReportForm } from '@tantainnovative/ndpr-toolkit';
-
-function BreachReportingPage() {
-  const breachCategories = [
-    { id: 'unauthorized-access', label: 'Unauthorized Access' },
-    { id: 'data-loss', label: 'Data Loss' },
-    { id: 'system-compromise', label: 'System Compromise' },
-    { id: 'phishing', label: 'Phishing Attack' },
-    { id: 'other', label: 'Other' }
-  ];
-
-  const handleSubmitReport = (reportData) => {
-    // Save report to your backend
-    console.log('Breach report submitted:', reportData);
-    
-    // Example: Send to backend API
-    fetch('/api/breach-reports', {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify(reportData),
-    })
-    .then(response => response.json())
-    .then(data => {
-      // Show confirmation to user with reference number
-      setBreachId(data.id);
-      setSubmitted(true);
-    });
-  };
-
-  const [submitted, setSubmitted] = useState(false);
-  const [breachId, setBreachId] = useState(null);
-
-  return (
-    <div>
-      <h1>Report a Data Breach</h1>
-      
-      {!submitted ? (
-        <>
-          <p>
-            Use this form to report a suspected data breach. All breaches must be
-            reported internally within 24 hours of discovery.
-          </p>
-          
-          <BreachReportForm 
-            onSubmit={handleSubmitReport}
-            categories={breachCategories}
-          />
-        </>
-      ) : (
-        <div>
-          <h2>Breach Reported</h2>
-          <p>
-            The breach has been reported successfully. Reference number: <strong>{breachId}</strong>
-          </p>
-          <p>
-            The breach response team has been notified and will begin investigating immediately.
-          </p>
-        </div>
-      )}
-    </div>
-  );
-}`}</code></pre>
-          </div>
-        </div>
-        
-        <div>
-          <h3 className="text-xl font-bold mb-3">2. Risk Assessment</h3>
-          <p className="mb-3">
-            Once a breach is reported, you need to assess the risk to determine if notification is required and to whom. 
-            The BreachRiskAssessment component guides users through this process.
-          </p>
-          <div className="bg-gray-800 text-gray-200 p-4 rounded-md overflow-x-auto">
-            <pre><code>{`import { BreachRiskAssessment } from '@tantainnovative/ndpr-toolkit';
-
-function RiskAssessmentPage({ breachData }) {
-  const handleRiskAssessmentComplete = (assessment) => {
-    // Save assessment to your backend
-    console.log('Risk assessment completed:', assessment);
-    
-    // Example: Update breach record with assessment
-    fetch(\`/api/breach-reports/\${breachData.id}/assessment\`, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify(assessment),
-    })
-    .then(response => response.json())
-    .then(data => {
-      // Update UI based on assessment results
-      setAssessmentComplete(true);
-      setRequiresNotification(assessment.requiresNitdaNotification);
-    });
-  };
-
-  const [assessmentComplete, setAssessmentComplete] = useState(false);
-  const [requiresNotification, setRequiresNotification] = useState(false);
-
-  return (
-    <div>
-      <h1>Breach Risk Assessment</h1>
-      <p>Breach ID: {breachData.id}</p>
-      
-      {!assessmentComplete ? (
-        <>
-          <p>
-            Complete this assessment to determine the risk level of the breach and whether
-            notification to NITDA and/or data subjects is required.
-          </p>
-          
-          <BreachRiskAssessment 
-            breachData={breachData}
-            onComplete={handleRiskAssessmentComplete}
-          />
-        </>
-      ) : (
-        <div>
-          <h2>Assessment Complete</h2>
-          {requiresNotification ? (
-            <p>
-              This breach requires notification to NITDA within 72 hours. Please proceed
-              to the notification preparation step.
-            </p>
-          ) : (
-            <p>
-              Based on the assessment, this breach does not require notification to NITDA.
-              However, you should still document the breach and the actions taken.
-            </p>
-          )}
-        </div>
-      )}
-    </div>
-  );
-}`}</code></pre>
-          </div>
-        </div>
-        
-        <div>
-          <h3 className="text-xl font-bold mb-3">3. Notification Management</h3>
-          <p className="mb-3">
-            For breaches that require notification, you need a system to manage the notification process. 
-            The BreachNotificationManager component provides a dashboard for tracking notifications.
-          </p>
-          <div className="bg-gray-800 text-gray-200 p-4 rounded-md overflow-x-auto">
-            <pre><code>{`import { BreachNotificationManager } from '@tantainnovative/ndpr-toolkit';
-
-function NotificationManagementPage() {
-  const [breaches, setBreaches] = useState([]);
-  
-  useEffect(() => {
-    // Fetch breaches that require notification
-    fetch('/api/breach-reports?requiresNotification=true')
-      .then(response => response.json())
-      .then(data => setBreaches(data));
-  }, []);
-  
-  const handleUpdateStatus = (breachId, status) => {
-    // Update breach status in your backend
-    fetch(\`/api/breach-reports/\${breachId}/status\`, {
-      method: 'PUT',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify({ status }),
-    })
-    .then(response => response.json())
-    .then(data => {
-      // Update local state
-      setBreaches(breaches.map(breach => 
-        breach.id === breachId ? { ...breach, status } : breach
-      ));
-    });
-  };
-  
-  const handleSendNotification = (breachId, notification) => {
-    // Record notification in your backend
-    fetch(\`/api/breach-reports/\${breachId}/notifications\`, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify(notification),
-    })
-    .then(response => response.json())
-    .then(data => {
-      // Update local state
-      setBreaches(breaches.map(breach => 
-        breach.id === breachId ? { 
-          ...breach, 
-          notifications: [...breach.notifications, data] 
-        } : breach
-      ));
-    });
-  };
-
-  return (
-    <div>
-      <h1>Breach Notification Management</h1>
-      
-      <BreachNotificationManager 
-        breaches={breaches}
-        onUpdateStatus={handleUpdateStatus}
-        onSendNotification={handleSendNotification}
-      />
-    </div>
-  );
-}`}</code></pre>
-          </div>
-        </div>
-        
-        <div>
-          <h3 className="text-xl font-bold mb-3">4. Regulatory Report Generation</h3>
-          <p className="mb-3">
-            For breaches that require notification to NITDA, you need to prepare a formal report. 
-            The RegulatoryReportGenerator component helps create NDPR-compliant breach notification reports.
-          </p>
-          <div className="bg-gray-800 text-gray-200 p-4 rounded-md overflow-x-auto">
-            <pre><code>{`import { RegulatoryReportGenerator } from '@tantainnovative/ndpr-toolkit';
-
-function ReportGenerationPage({ breachData }) {
-  const organizationInfo = {
-    name: 'Example Company Ltd.',
-    address: '123 Main Street, Lagos, Nigeria',
-    dpoName: 'John Doe',
-    dpoEmail: 'dpo@example.com',
-    dpoPhone: '+234 123 456 7890'
-  };
-
-  const handleGenerateReport = (report) => {
-    // Save report to your backend
-    console.log('Report generated:', report);
-    
-    // Example: Save report and update breach record
-    fetch(\`/api/breach-reports/\${breachData.id}/regulatory-report\`, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify(report),
-    })
-    .then(response => response.json())
-    .then(data => {
-      // Update UI to show report has been generated
-      setReportGenerated(true);
-    });
-  };
-
-  const [reportGenerated, setReportGenerated] = useState(false);
-
-  return (
-    <div>
-      <h1>Generate NITDA Notification Report</h1>
-      <p>Breach ID: {breachData.id}</p>
-      
-      {!reportGenerated ? (
-        <>
-          <p>
-            Generate a NITDA breach notification report for submission. This report must be
-            submitted within 72 hours of becoming aware of the breach.
-          </p>
-          
-          <RegulatoryReportGenerator 
-            breachData={breachData}
-            organizationInfo={organizationInfo}
-            onGenerate={handleGenerateReport}
-          />
-        </>
-      ) : (
-        <div>
-          <h2>Report Generated</h2>
-          <p>
-            The NITDA notification report has been generated successfully. Please review
-            the report and submit it to NITDA as soon as possible.
-          </p>
-          <button>Download Report</button>
-          <button>Submit to NITDA</button>
-        </div>
-      )}
-    </div>
-  );
-}`}</code></pre>
-          </div>
-        </div>
-      </div>
-      
-      <div className="mt-8">
-        <h3 className="text-xl font-bold mb-3">Putting It All Together</h3>
-        <p className="mb-3">
-          To implement a complete breach notification process, you need to integrate these components into a cohesive workflow. 
-          This typically involves:
-        </p>
-        <ul className="list-disc pl-6 mb-4">
-          <li>Creating a breach response plan that defines roles, responsibilities, and procedures</li>
-          <li>Implementing the NDPR Toolkit components as part of your breach response system</li>
-          <li>Setting up automated notifications to alert the breach response team when a breach is reported</li>
-          <li>Establishing clear escalation paths based on the risk assessment results</li>
-          <li>Creating templates for common types of notifications to speed up the response process</li>
-          <li>Regularly testing the breach response process through tabletop exercises or simulations</li>
-        </ul>
-        <p>
-          The NDPR Toolkit provides all the necessary components to implement this workflow, but it&apos;s important to 
-          adapt it to your organization&apos;s specific needs and integrate it with your existing systems.
-        </p>
-      </div>
-    </section>
-  );
-}

package/src/app/docs/guides/breach-notification-process/components/Introduction.tsx

@@ -1,28 +0,0 @@
-
-'use client';
-
-export default function Introduction() {
-  return (
-    <section id="introduction" className="mb-8">
-      <h2 className="text-2xl font-bold mb-4">Introduction</h2>
-      <p className="mb-4">
-        The Nigeria Data Protection Regulation (NDPR) requires organizations to report certain types of data breaches 
-        to the National Information Technology Development Agency (NITDA) within 72 hours of becoming aware of the breach. 
-        Organizations must also notify affected data subjects without undue delay. This guide will help you implement 
-        a comprehensive breach notification process using the NDPR Toolkit.
-      </p>
-      <div className="bg-blue-50 dark:bg-blue-900/20 p-4 rounded-md">
-        <h4 className="text-blue-800 dark:text-blue-200 font-medium mb-2">NDPR Breach Notification Requirements</h4>
-        <p className="text-blue-700 dark:text-blue-300 text-sm mb-2">
-          Under the NDPR, organizations must:
-        </p>
-        <ul className="list-disc pl-6 text-blue-700 dark:text-blue-300 text-sm">
-          <li>Report breaches to NITDA within 72 hours of becoming aware of the breach</li>
-          <li>Notify affected data subjects without undue delay</li>
-          <li>Maintain a record of all data breaches, including the facts of the breach, its effects, and remedial actions taken</li>
-          <li>Include specific information in breach notifications, such as the nature of the breach, contact details of the Data Protection Officer, likely consequences of the breach, and measures taken to address the breach</li>
-        </ul>
-      </div>
-    </section>
-  );
-}

package/src/app/docs/guides/breach-notification-process/components/NotificationTimeline.tsx

@@ -1,91 +0,0 @@
-'use client';
-
-export default function NotificationTimeline() {
-  return (
-    <section id="notification-timeline" className="mb-8">
-      <h2 className="text-2xl font-bold mb-4">72-Hour Notification Timeline</h2>
-      <p className="mb-4">
-        The 72-hour deadline for notifying NITDA about a data breach begins from the moment you become aware of the breach. 
-        This timeline is tight, so having a well-defined process in place is essential. Here&apos;s a recommended timeline for 
-        handling breaches using the NDPR Toolkit components:
-      </p>
-      
-      <div className="relative border-l-2 border-blue-500 pl-8 pb-8 space-y-10">
-        <div className="relative">
-          <div className="absolute -left-10 mt-1.5 h-6 w-6 rounded-full bg-blue-500 flex items-center justify-center">
-            <span className="text-white font-bold text-sm">1</span>
-          </div>
-          <h3 className="text-xl font-bold">Hour 0-4: Initial Response</h3>
-          <p className="text-gray-600 dark:text-gray-300 mt-2">
-            As soon as a breach is detected or reported, the initial response should focus on:
-          </p>
-          <ul className="list-disc pl-6 mt-2 text-gray-600 dark:text-gray-300">
-            <li>Documenting the breach using the BreachReportForm component</li>
-            <li>Assembling the breach response team</li>
-            <li>Implementing immediate containment measures</li>
-            <li>Preserving evidence for investigation</li>
-            <li>Notifying key stakeholders within the organization</li>
-          </ul>
-        </div>
-        
-        <div className="relative">
-          <div className="absolute -left-10 mt-1.5 h-6 w-6 rounded-full bg-blue-500 flex items-center justify-center">
-            <span className="text-white font-bold text-sm">2</span>
-          </div>
-          <h3 className="text-xl font-bold">Hour 4-24: Risk Assessment</h3>
-          <p className="text-gray-600 dark:text-gray-300 mt-2">
-            Once the initial response is underway, conduct a risk assessment to determine the severity of the breach:
-          </p>
-          <ul className="list-disc pl-6 mt-2 text-gray-600 dark:text-gray-300">
-            <li>Use the BreachRiskAssessment component to evaluate the risk to individuals</li>
-            <li>Determine if the breach is notifiable to NITDA and affected data subjects</li>
-            <li>Continue containment and investigation efforts</li>
-            <li>Begin preparing notification drafts if required</li>
-          </ul>
-        </div>
-        
-        <div className="relative">
-          <div className="absolute -left-10 mt-1.5 h-6 w-6 rounded-full bg-blue-500 flex items-center justify-center">
-            <span className="text-white font-bold text-sm">3</span>
-          </div>
-          <h3 className="text-xl font-bold">Hour 24-48: Notification Preparation</h3>
-          <p className="text-gray-600 dark:text-gray-300 mt-2">
-            If the breach requires notification, prepare the necessary documents and communications:
-          </p>
-          <ul className="list-disc pl-6 mt-2 text-gray-600 dark:text-gray-300">
-            <li>Use the RegulatoryReportGenerator to prepare the NITDA notification</li>
-            <li>Draft data subject notifications if required</li>
-            <li>Have notifications reviewed by legal and management</li>
-            <li>Continue investigation and remediation efforts</li>
-          </ul>
-        </div>
-        
-        <div className="relative">
-          <div className="absolute -left-10 mt-1.5 h-6 w-6 rounded-full bg-blue-500 flex items-center justify-center">
-            <span className="text-white font-bold text-sm">4</span>
-          </div>
-          <h3 className="text-xl font-bold">Hour 48-72: Notification Submission</h3>
-          <p className="text-gray-600 dark:text-gray-300 mt-2">
-            In the final phase before the deadline, submit notifications and document the process:
-          </p>
-          <ul className="list-disc pl-6 mt-2 text-gray-600 dark:text-gray-300">
-            <li>Submit the notification to NITDA</li>
-            <li>Begin notifying affected data subjects if required</li>
-            <li>Document all notification activities using the BreachNotificationManager</li>
-            <li>Continue remediation and post-breach activities</li>
-          </ul>
-        </div>
-      </div>
-      
-      <div className="bg-yellow-50 dark:bg-yellow-900/20 p-4 rounded-md mt-6">
-        <h4 className="text-yellow-800 dark:text-yellow-200 font-medium mb-2">Important Note on the 72-Hour Deadline</h4>
-        <p className="text-yellow-700 dark:text-yellow-300 text-sm">
-          The 72-hour deadline applies even if you don&apos;t have all the details about the breach. If you can&apos;t provide 
-          complete information within 72 hours, you should still make the initial notification with the information 
-          available and follow up with additional details as they become available. The NDPR Toolkit&apos;s 
-          RegulatoryReportGenerator component supports both initial and supplementary notifications.
-        </p>
-      </div>
-    </section>
-  );
-}