•   over 2 years ago

Sensitive/business information sharing vs jury access

Hi there,

I've got a question related to the best practice of providing access for juries to apps and solutions that are currently only set up for single-tenant internal company use, and also tie into some sensitive business information.

In our case, we have a whole interconnected system of self-developed add-ins, workbooks, Sharepoint lists, apps & Power BI reports hat we thought would perfectly fit the idea of this contest, but I'm not sure how far should we go in terms of securing the data that these integrations tap into, before providing access to juries. As the rules don't mention that, is it required to set it all up as a separate developer tenant? That would mean copying over and re-configuring all of our existing systems, as well as probably generating some fake information that would be displayable. Would a separate Sharepoint site within our existing tenant be enough of a solution?

Or are the juries okay with just being given a guest access to our existing tenant data? Is there any sort of NDA or other safety measure that we can look at to ensure no leaks of sensitive information happen?

  • 3 comments

  • Manager   •   over 2 years ago

    Hey Jakub,

    These are great questions. The main requirement for testing is to make sure Devpost is given access to test the functionality of the add-ins you're submitting. You can use fake data and give us guest access to protect the sensitive information. (If your add-in is not publicly available yet, attach the manifest XML for sideloading.)

    Make sure that your demo video clearly shows the functionality. Let me know if you have any more questions!

    All the best,
    Stefanie

  •   •   over 2 years ago

    Thanks for your reply Stefanie!

    I imagine there isn't any "formal" guarantee from the Organizer about the security of data juries are given access to? Reason I'm asking is purely down to the fact that taking these extra measures (making a separate tenancy, faking data etc.) is just a significant time investment that I'm not sure is needed or justified, and I'd love to spend that time more on the actual development.

  • Manager   •   over 2 years ago

    Right - It's hard to formally guarantee, but we're happy to accept fake data for the sake of your security. We understand the need completely.

    If you have any questions about your specific submission and you don't want to post it here (given the topic), feel free to email me: stefanie @ devpost.com. Happy to help.

Comments are closed.